Security Month: January 2019
First month of 2019 made it clear that this year will be full of new security challenges, attacks, interesting cyber cases and of course security updates. Oracle, apple, Microsoft, Cisco, Adobe are in the list of companies that released critical patches this month. A total of 31 security flaws were patched by Apple with the release of iOS 12.1.3, impacting components such as A A total of 31 security flaws were patched by Apple with the release of iOS 12.1.3, impacting components such as AppleKeyStore, Bluetooth, Core Media, CoreAnimation, FaceTime, IOKit, Kernel, Keyboard, libxpc, Safari Reader, SQLite, WebKit, and WebRTC (for further details:(for further details follow the link) Oracle’s 33 of the fixes addressed Critical vulnerabilities, with a CVSS score above 9 (for further details:(for further details follow the link), Cisco patched two serious denial-of-service (DoS) vulnerabilities that can be exploited remotely without authentication in its Email Security Appliance (ESA) products (for further details follow the link), Microsoft has fixed nearly 50 vulnerabilities with its including some critical flaws affecting Edge, Hyper-V and DHCP. (for further details follow the link) and Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company’s Acrobat and Reader for both the Windows and macOS operating systems. Though company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user. (for further details follow the link).
This month we also witnessed the emergence of new phishing technique, used in recent attacks targeting the users of a major U.S. bank uses fake fonts to evade detection. This first-of-its kind phishing template uses fake web fonts to render well-crafted phishing pages and steal credentials. When rendered in a browser, the page uses stolen branding to impersonate the bank, which is typical to phishing pages. (for further details follow the link).
Security researchers have also discovered two separate malware campaigns this month, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Both attacks start from phishing emails containing an attached Microsoft Word document embedded with malicious macros and then uses Powershell to deliver fileless malware. ( for further details follow the link)
as already stated above, 2019 promises to be a very diverse and full of cyber security incidents, therefore companies and individuals must keep an eye on their security and ensure they are making enough effort for their own sake.