<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=156961&amp;fmt=gif">
Threat Thursday  Update 10th October 2019

#Threat Thursday |  10th October 2019 | Cyber Security Updates

 It’s a relatively pedestrian Threat Thursday this month – not that that makes these key OS updates any less important. 

While few new threats are popping up compared to last week, some important updates for both Mac and Windows users are addressing some key security concerns. Elsewhere, Volusion users need to be aware of a major new Magecart threat.

Latest iOS Security Updates are the Apple of my iCloud

Following Monday’s release of the Catalina operating system, Apple have already made some last minute fixes to address some security concerns. The CVE-2019-8781, CVE-2019-8717, CVE-2019-8748 and CVE-2019-8758 bugs introduced some arbitrary code execution vulnerabilities, affecting the software’s system and kernel privileges. Meanwhile, Apple’s WebKit engine received a fix for the CVE-2019-8768 bug, which affected users’ ability to delete browsing history; and another for the CVE-2019-8769, which allowed hackers access to a victim’s browser history once tempted to a malicious website.

Windows users, meanwhile, have seen a raft of important patches to Apple software running under Windows 7.14 and Windows 10.7. The patches, for iCloud, iTunes, UIFoundation and WebKit, addressing vulnerabilities to “maliciously crafted web content”.

As always, users of either operating system, or any of the mentioned apps, are encouraged to check for the latest updates as soon as possible.

Latest Window Patch Fixes Remote Desktop Vulnerabilities, Eludes Humorous Headline.

As part of Microsoft’s Patch Tuesday, nine critical vulnerabilities were addressed, along with 49 ‘important’ exploits and one ‘moderate’.  A batch of common Microsoft applications were patched up, including the OS, Internet Explorer, Edge, Microsoft Office and Microsoft Dynamics 365.

A critical patch, CVE-2019-1333, protects users from a remote code execution vulnerability that exists within Windows Remote Desktop Client. This is the latest in many Remote Desktop vulnerabilities that Microsoft have been battling against, including some ‘wormable’ vulnerabilities in August. With or without the risk of these vulnerabilities, it’s never a good idea to set up a Windows Remote Desktop without the relevant security considerations.

One of our blogs gives a little more insight into the security of yours. 

Intrusion at Volusion: Thousands of Online Stores and Customers Affected by Card Info Breach

The cloud-based e-commerce platform, Volusion, has had its infrastructure compromised by Magecart; the much-disliked hacker consortium who target online shopping cart systems. Reports state that this might have first occurred as far back as September 12th.

Reports theorise that the reason this wasn’t noticed sooner is the stealthy nature of the attack. Injecting Volusion’s software with a malicious card-thieving script, Magecart was potentially able to skim the card details of any transaction and have the information sent to their server. Yet the malicious files were cleverly disguised as benign and recognised Javascript cookies, making them appear innocuous. BleepingComputer has a detailed breakdown of the attack, complete with all the technical details.

Volusion are yet to comment on the attacks, but in the meantime web administrators using Volusion’s e-commerce platform are encouraged to check their site code for any suspicious activity or unrecognised items.

That wraps up another Threat Thursday, and we’ll leave you with our oft-repeated mantra: always ensure your hardware and software are up-to-date with the latest security patches, and keep your systems protected from the ground up with the best in cyber security solutions.


Want a Review of Your Company’s Cyber Security?

Want full protection from the threats of phishing, malware, ransomware and viruses? A Managed Service from Mirus provides your business with the best in cyber security, with firewalls, disaster recovery, cyber resilience and more  – all delivered with industry-leading technology, and managed by us with the latest patches and updates.

Get in touch with us now to find out more or ask about our FREE Cyber Security Assessment. 

FREE CYBER SECURITY ASSESSMENT >


 

Would you like to comment, or leave your thoughts?

Recent Posts