Friday, 20 October 2017

Microsoft Patch Tuesday - October 2017




Talos Blog - Microsoft Patch Tuesday - October 2017
Posted: 10 Oct 2017 01:25 PM PDT
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. 


Vulnerabilities Rated Critical


The following vulnerabilities are rated "Critical" by Microsoft: 

CVE-2017-11813, CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability


Two vulnerabilities have been identified in Internet Explorer that could result in remote code execution in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory when attempting to render a webpage. Both vulnerabilities could be exploited if, for example, a user visits a specially crafted webpage that exploits one of these flaws.

CVE-2017-11762, CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerability


Two vulnerabilities have been identified in the font library of the Microsoft Graphics Component that could allow an attacker to execute arbitrary code. These vulnerabilities manifest due to the library incorrectly handling specialty embedded fonts within a web page or document. Exploitation of these two vulnerabilities could be achieved if a user navigates to a malicious web page or if the user opens a specially crafted document that exploits these vulnerabilities.

Multiple CVEs - Scripting Engine Memory Corruption Vulnerability


Multiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. These vulnerabilities all manifest due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked "safe for initialization."

The following is a list of CVEs related to these vulnerabilities:

  • CVE-2017-11767
  • CVE-2017-11792
  • CVE-2017-11793
  • CVE-2017-11796
  • CVE-2017-11797
  • CVE-2017-11798
  • CVE-2017-11799
  • CVE-2017-11800
  • CVE-2017-11801
  • CVE-2017-11802
  • CVE-2017-11804
  • CVE-2017-11805
  • CVE-2017-11806
  • CVE-2017-11807
  • CVE-2017-11808
  • CVE-2017-11809
  • CVE-2017-11810
  • CVE-2017-11811
  • CVE-2017-11812
  • CVE-2017-11821

CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability


A remote code execution vulnerability has been identified in Windows DNS that could allow an attacker to execute arbitrary code in the context of the Local System account. This vulnerability manifests in DNSAPI.dll as a result of improperly handling DNS responses. A scenario where this vulnerability could be exploited would be one where an attacker stand ups a malicious DNS server to transmit specially crafted DNS responses to the target.

CVE-2017-11771 - Windows Search Remote Code Execution Vulnerability


An arbitrary code execution vulnerability has been identified in Window Search that could allow an attacker to elevate their privileges and subsequently execute code in the elevated context. This vulnerability manifests due to improper handling of objects in memory. For this vulnerability to be exploited, an attacker would need to either have access to the targeted host to exploit this vulnerability, or remotely trigger it through an SMB connection.

CVE-2017-8727 - Windows Shell Memory Corruption Vulnerability


A remote code execution vulnerability has been identified in Internet Explorer which could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability manifests as a result of Internet Explorer improperly accessing objects in memory via the Microsoft Windows Text Services Framework. An attacker could create a specially crafted web page that exploits this vulnerability and subsequently socially engineer a user to visit the page to compromise users. Additionally, attackers could leverage vulnerable or compromised websites or sites that display user-provided content or advertisements to exploit and compromise users.

CVE-2017-11819 - Windows Shell Remote Code Execution Vulnerability


A remote code execution vulnerability has been identified in Microsoft web browsers which manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. An attacker could leverage this vulnerability to exploit users by crafting a specially formed web page and socially engineering users to visit such a page. Other scenarios include an attacker leveraging vulnerable or compromised websites or sites that display user-provided content or advertisements to exploit this vulnerability and compromise users.

Vulnerabilities Rated Important


The following vulnerabilities are rated "important" by Microsoft:

CVE-2017-11790 - Internet Explorer Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Internet Explorer that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Internet Explorer improperly handling objects in memory. A user who navigates to an attacker-controlled web page could be exploited. Additionally, users who navigate to site that hosts user-generated content could also be exploited.

CVE-2017-11794 - Microsoft Edge Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Edge that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Edge improperly handling objects in memory. A user who navigates to an attacker-controlled web page could be exploited. Additionally, users who navigate to site that hosts user-generated content could also be exploited.

CVE-2017-8726 - Microsoft Edge Memory Corruption Vulnerability


A remote code execution vulnerability has been identified in Edge that could allow an attacker to execute arbitrary code in the context of the user. This vulnerability manifests due to Edge improperly handling objects in memory. Possible scenarios where an attacker could compromise a user could include a web-based attacks where a user navigates to a specially crafted web page under the attacker's control. Other possibilities include a user opening a Microsoft Office document containing an embedded ActiveX control marked "safe for initialization".

CVE-2017-8693 - Microsoft Graphics Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in the Microsoft Windows Graphics Component that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the Graphics component improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. 

CVE-2017-8717, CVE-2017-8718 - Microsoft JET Database Engine Remote Code Execution Vulnerability


Two arbitrary code execution vulnerabilities have been identified in the Microsoft JET Database Engine that could allow an attacker to execute arbitrary code in the context of the current user. These vulnerabilities manifest as buffer overflow conditions when triggered. For an attacker to successfully exploit these vulnerabilities, a user would need to open or preview a specially crafted Microsoft Excel document on an affected version of Windows. An email-based attack where an attacker sends a victim a specially crafted Excel document is the most likely scenario where a user could be compromised.

CVE-2017-11826 - Microsoft Office Memory Corruption Vulnerability


A vulnerability have been identified in Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document. Note that in certain conditions, the Preview Pane is an attack vector as well.

CVE-2017-11825 - Microsoft Office Remote Code Execution Vulnerability


A vulnerability has been identified in Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document.

Multiple CVEs - Microsoft Office SharePoint XSS Vulnerability


Multiple vulnerabilities in Microsoft Office Sharepoint have been identified that could could allow an attacker to execute a cross-site scripting (XSS) attack. These vulnerabilities manifest due to Sharepoint Server improperly sanitizing specific web requests from a user. Successful exploitation of these flaws could allow an attacker to execute scripts in the context of the current user, read content that the attacker would not otherwise have permission to view, or execute actions on behalf of the affected user.

The following CVEs reflect these vulnerabilities:

  • CVE-2017-11775
  • CVE-2017-11777
  • CVE-2017-11820

CVE-2017-11776 - Microsoft Outlook Information Disclosure Vulnerability


An information disclosure vulnerability in Microsoft Outlook has been identified that could leak sensitive information to third-parties. This vulnerability manifests when Outlook fails to establish a secure connection. An attacker who exploits this vulnerability could obtain the email content of a user.

CVE-2017-11774 - Microsoft Outlook Security Feature Bypass Vulnerability


A security feature bypass vulnerability has been identified in Microsoft Outlook that could be used to execute arbitrary commands. This vulnerability manifests due to Office improperly handling objects in memory. A user who opens a specially crafted document file could be exploited. A scenario where this could occur would be in a file-sharing attack where an attacker gives the user a file and socially engineers them to open it.

CVE-2017-11772 - Microsoft Search Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Windows Search that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Window Search improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user sends specially crafted messages to the Window Search service. Alternatively, this vulnerability could be exploited remotely in an enterprise setting over an SMB connection from an unauthenticated attacker. 

CVE-2017-11823 - Microsoft Windows Security Feature Bypass


A vulnerability had been identified in Device Guard that could allow an attacker bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious code into a script that is trusted by the Code Integrity policy. As a result, the injected code could be run with the same trust level as the script, bypassing the Code Integrity policy control.

CVE-2017-11786 - Skype for Business Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in Skype for Business that could allow an authenticated attacker to potentially impersonate a user. This vulnerability manifests due to Skype for Business improperly handling specific authentication requests. An attacker who initiates an instant message session while a specially crafted profile image is set could exploit this vulnerability and steal an authentication hash that could be reused in different contexts. Successful exploitation would allow an attacker to perform actions that a user is permitted to do, resulting in various outcomes such as privilege escalation.

CVE-2017-11769 - TRIE Remote Code Execution Vulnerability


An arbitrary code execution vulnerability has been identified in Windows that could allow an attacker to execute code in the context of the current user. This vulnerability manifests due to the way certain Windows components improperly handle loading DLL files. Successful exploitation could allow an attacker to perform actions or execute commands within the context of the current user.

CVE-2017-8689, CVE-2017-8694 - Win32k Elevation of Privilege Vulnerability


Two vulnerabilities in Windows Kernel-Mode Drivers have been identified that could allow a privilege escalation attack to occur. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities would result in an attacker obtaining administrator privileges on the targeted system. Users who run a specifically crafted executable that exploits this vulnerability could leverage this vulnerability to perform actions as an administrator on the affected system.

CVE-2017-11783 - Windows Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in Windows that could allow an authenticated attacker to elevate their privileges to that of an administrator. This vulnerability manifests due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC). A user who creates a specially crafted application and executes it on an affected system could exploit this vulnerability.

CVE-2017-11816 - Windows GDI Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in the Microsoft Windows Graphics Device Interface (GDI) that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the GDI improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. 

CVE-2017-11824 - Windows Graphics Component Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in the Microsoft Windows Graphics Component that could allow an attacker to elevate their privileges to that of an administrator. This vulnerability manifests due to the Graphics component improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability.

CVE-2017-11817 - Windows Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the kernel improperly initializing objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. 

CVE-2017-11784, CVE-2017-11785 - Windows Kernel Information Disclosure Vulnerability


Two information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker to obtain memory addresses and bypass Kernel Address Space Layout Randomization (KASLR). Exploitation of these vulnerabilities could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit them. 

CVE-2017-11765, CVE-2017-11814 - Windows Information Disclosure Vulnerability


Two information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker to obtain information that could be used to further compromise an affected system. These vulnerabilities manifest due to the kernel improperly initializing objects in memory. Exploitation of these vulnerabilities could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit them. 

CVE-2017-8715 - Windows Security Feature Bypass Vulnerability


A vulnerability had been identified in Device Guard that could allow an attacker to bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious code into a script that is trusted by the Code Integrity policy. As a result, the injected code could be run with the same trust level as the script, bypassing the Code Integrity policy control.

CVE-2017-11781 - Windows SMB Denial of Service Vulnerability


A denial of service vulnerability has been identified in Microsoft SMB that could allow an attacker to crash an affected host. This vulnerability manifests due to SMB improperly handling certain requests. An attacker who sends a vulnerable server specially crafted requests could exploit this vulnerability and create a denial of service condition for users.

CVE-2017-11782 - Windows SMB Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in the default Windows SMB Server configuration that could allow anonymous users to access certain named pipes. These named pipes could be used to send specially crafted requests to services that accept requests via named pipes. An attacker who is able to send SMB messages to an affected SMB server could exploit this vulnerability.

CVE-2017-11815 - Windows SMB Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Windows SMB that could allow an attacker to access files they otherwise should not have access to. This vulnerability manifests due to SMB server improperly handling certain requests. An attacker who is able to authenticate to the SMB server and send it SMB messages could exploit this vulnerability.

CVE-2017-11780 - Windows SMB Remote Code Execution Vulnerability


A remote code execution vulnerability has been identified in Microsoft Server Message Block 1.0 (SMBv1) which could allow an attacker to compromise SMBv1 servers. This vulnerability manifests due to the way SMBv1 servers handle certain requests. Exploitation of this vulnerability could be achieved by an unauthenticated attacker by sending specially crafted requests to the affected server.

CVE-2017-11818 - Windows Storage Security Feature Bypass Vulnerability


A security feature bypass has been identified in Microsoft Windows storage which could allow an application with a certain integrity level to execute code at a different level. This vulnerability manifests due to Windows improperly validating an integrity-level check.

CVE-2017-8703 - Windows Subsystem for Linux Denial of Service Vulnerability


A denial of service vulnerability has been identified in the Windows Subsystem for Linux (WSL). This vulnerability manifests as due to the WSL improperly handling objects in memory. An attacker who creates a specially crafted application and executes it on an affected system could exploit this vulnerability.

CVE-2017-11829 - Windows Update Delivery Optimization Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in Windows Update Delivery Optimization that could allow an attacker to overwrite files of a higher privilege than what the attacker possesses. This vulnerability manifests due to Windows Update Delivery Optimization improperly enforcing file share permissions. An attacker who is able to log into the system and create a Delivery Optimization job could exploit this vulnerability.

Thursday, 14 September 2017

Cyber security expert issues bizarre warning that sex robots could be easily hacked and made to KILL their owners





All The Top IT Security News.
View this email in your browser


Monday 11th September 2017

We collect the news so that you don't have to!


Cyber security expert issues bizarre warning that sex robots could be easily hacked and made to KILL their owners
A cybersecurity buff has issued a bizarre warning that sex robots could one day rise up and KILL their owners if hackers can get inside their heads. Last month, tech billionaire Elon Musk claimed that artificial intelligence could take over the planet, and he's not the only one concerned about the dangers of killer tech. With sex robots becoming increasingly popular and sophisticated, Cyber security lecturer Dr Nick Patterson revealed that the lifelike dolls could end up going all Terminator on us. However, in the case of sex robots, the danger isn't that the love dolls will end up developing minds of their own, Westworld-style. Instead, the risk is that hackers could breach the realistic robots' inner defences and catch out their owners with their pants down.
http://www.itsecurityguru.org/2017/09/11/cyber-security-expert-issues-bizarre-warning-sex-robots-easily-hacked-made-kill-owners/

Popular Minnesota state park hit with malicious malware, warns visitors to check their credit cards
The popular Tettegouche State Park on the North Shore of Lake Superior in Minnesota said its computer systems have been infected with malware, authorities confirmed on Friday (8 September). The malware was discovered on 25 August after security specialists noticed a spike in "unusual activity" around 4pm. The state park said experts initiated actions to isolate the site, protect sensitive data, and replace any infected equipment. Local authorities said they are conducting a full forensic analysis into the incident.
http://www.itsecurityguru.org/2017/09/11/popular-minnesota-state-park-hit-malicious-malware-warns-visitors-check-credit-cards/

New malware in India which steals money through mobile phones: Report
A new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones, cyber security firm Kaspersky said in a report. Around 40 per cent of target of the malware has been detected in India. "Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims' mobile accounts without their knowledge," the report said. Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally. The trojan secretly loads malicious code onto the device.
http://www.itsecurityguru.org/2017/09/11/new-malware-india-steals-money-mobile-phones-report/

Insurers increasingly concerned about silent cyber exposure
Around half of industry practitioners see the risk of silent cyber exposure – potential cyber-related losses due to silent coverage from insurance policies not specifically designed to cover cyber risk – as growing over the coming year, according to Willis Re. In the Willis Re survey, respondents were asked to assess the extent to which, over the next 12 months, the cyber aspect of exposure would increase the likelihood of a covered loss. Around half of respondents felt that the risk of a silent cyber loss from property or other liability was greater than 1 in100 while close to a quarter considered the risk to be greater than 1 in10, illustrating the degree of uncertainty surrounding potential exposure.
http://www.itsecurityguru.org/2017/09/11/insurers-increasingly-concerned-silent-cyber-exposure/

Hackers can remotely access and manipulate wireless syringe infusion pumps
Internet connected medical devices have increasingly become commonplace. However, such devices could potentially be hacked by cybercriminals. New vulnerabilities uncovered by a security expert show that wireless syringe infusion pumps could be remotely accessed by hackers, who could also exploit the bugs to manipulate the operations of the device. The US Industrial Control Systems (ICS) CERT has issued out an alert, which details that Medfusion 4000 wireless syringe infusion pumps, manufactured by Smiths Medical was found riddled with not one or two, but eight vulnerabilities. The flaws, which were uncovered by independent security researcher Scott Gayou, could potentially be exploited by hackers.
http://www.itsecurityguru.org/2017/09/11/hackers-can-remotely-access-manipulate-wireless-syringe-infusion-pumps/



updates





All The Top IT Security News.
View this email in your browser


Tuesday 12th September 2017

We collect the news so that you don't have to!


FA to beef up cybersecurity if England qualify for Russia World Cup
The FA will strengthen its cybersecurity before the 2018 World Cup amid fears about Russian hackers Fancy Bears and concern that tactical and team selection information could be leaked before games. England are top of Group F and on course to qualify automatically for the tournament which begins on 14 June. The FA is still assessing training bases but wherever the squad stay all computer equipment belonging to players and support staff will sophisticated anti-hacking software installed.
http://www.itsecurityguru.org/2017/09/12/fa-beef-cybersecurity-england-qualify-russia-world-cup/

10 D-Link zero-day flaws that may give hackers backdoor access and more have been publicly released
Zero-day vulnerabilities are generally scary enough that when one is made public, vendors begin scrambling to issue a fix. By nature, zero-day flaws are vulnerabilities that the affected vendor has no knowledge about and thus no patches exist. Alarmingly, not one or two but 10 zero-day flawshave recently been uncovered affecting D-Link routers, which could potentially leave users at risk of cyberattacks. Pierre Kim, a security researcher, chose to publicly expose the vulnerabilities related to D-Link 850L routers, citing "difficulties" working with the vendor on a coordinated disclosure. According to the researcher, the zero-day flaws, if exploited by hackers, could potentially lead to attackers gaining root access to devices and getting backdoor access. They could also remotely hijack and control routers as well as leave users vulnerable to XSS and command injection attacks and more.
http://www.itsecurityguru.org/2017/09/12/10-d-link-zero-day-flaws-may-give-hackers-backdoor-access-publicly-released/

 Paradise Ransomware Uses RSA Encryption to Encrypt Your Files
Today, a victim of a new ransomware called Paradise posted in the BleepingComputer.com forums and uploaded a sample so we could take a look at it. While this ransomware is not revolutionary by any means, since it is in active distribution and a Ransomware as a Service (RaaS), I thought I would provide a brief analysis of how this ransomware works. Unfortunately, the Paradise Ransomware is not decryptable without paying the ransom and affected users should attempt to recover files via alternate methods.
http://www.itsecurityguru.org/2017/09/12/paradise-ransomware-uses-rsa-encryption-encrypt-files/

India's "robust" biometric database let millions get fake IDs
Criminals managed to circumvent the "robust" security of India's biometric database to issue over 8 million fake identity cards — which Indian citizens use for everything from opening bank accounts to getting married. Police in the northern Indian state of Uttar Pradesh Sunday arrested 10 men as part of a crackdown on a sophisticated fraud scam which involved cloning fingerprints and cracking the security features of the Aadhaar enrollment system — which was described in August as "robust and uncompromised" by the authority charged with protecting it.
http://www.itsecurityguru.org/2017/09/12/indias-robust-biometric-database-let-millions-get-fake-ids/

 Another reason to hate Excel: its Macros can help pivot attacks
A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won't like what he found. The researcher, Matt Nelson of SpecterOps (@enigma0x3) writes that he's found loose default launch and access permissions, meaning a macro-based attack doesn't need to interact with the victim. The nutshell version is this: Excel.Application is exposed via DCOM; it has no explicit launch or access permissions set; since the attacker would have to find some other means for the initial compromise, Microsoft Office Macro security won't stop the pivot; and Excel.Application can be launched (and interacted with) remotely.
http://www.itsecurityguru.org/2017/09/12/another-reason-hate-excel-macros-can-help-pivot-attacks/



Monday, 11 September 2017

news



Spiceworks
A daily dose of today's top tech news, in brief.
You need to hear this.
Atlassian unveils Stride, the successor to chat app HipChat
Atlassian, the parent company of popular apps like Jira, Trello, and Bitbucket announced today a successor to its chat app HipChat, which is called Stride. HipChat is one of the most popular chat services in tech, used by industry giants including Tesla and Expedia. Facing competition from major offerings like Slack and Microsoft Teams, Atlassian rebuilt its chat app from the ground up, hoping to secure its foothold as the segment gets more crowded. The app sports an entirely redesigned interface, with a fresh look and less division between text chat, phone meetings, and videoconferencing.
"Right within Stride, any member can start a videoconference meeting for the members of a channel," Business Insider writes. "For the duration of that meeting, anybody who comes into the channel will be able to see that there's a call going on and be able to join."
Although HipChat and its competitors support video calls, the goal of Atlassian's newest offering is to make implementation of the feature more natural and less intrusive. Users are also able to take public notes within the app while on a call, allowing collaborative tasking and note-taking.
The announcement comes less than a week before Slack holds its first-ever user conference in San Francisco, likely intending to reduce hype and redirect focus to its new app.
Equifax experiences data breach, 209,000 credit cards may have been stolen
Equifax Credit Bureau, which supplies credit reports and other services, said today a cybersecurity breach may have leaked information on 143 million consumers. The leaked data includes 209,000 credit cards, and the birth dates, social security numbers, addresses, and possibly drivers licenses of millions. Personal identifying information of roughly 182,000 consumers was also breached.
The company's CEO Richard Smith apologized to consumers and customers, saying that the breach "strikes at the heart of who we are and what we do."
"Equifax said it is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities," CNBC writes. "Its private investigation into the breach is complete."
Adobe and Microsoft announce expanded partnership
Representatives from Adobe and Microsoft have announced today it will expand its partnership with more integrations between the two companies' platforms. Microsoft now considers Adobe Sign its "preferred" e-signature service across Office 365 and Dynamic 365, and Microsoft Teams is now the "preferred" collaboration service for Adobe Creative Cloud, Document Cloud, and Experience Cloud. Adobe has also selected Microsoft's Azure as its "preferred" hosting platform for Adobe Sign.
While these services may be "preferred," the agreement is not actually exclusive, and when Adobe announced Azure was its "preferred" cloud provider last year, it continued hosting some of its services on Amazon's AWS, and continues to do so.
"In the fall of 2016, the pair said that Adobe Creative Cloud, Marketing Cloud, and Document Cloud would all be available on Azure, and Azure would be the "preferred cloud platform" for these services," ZDNet writes. "The two companies also announced that Adobe's Marketing Cloud would be Microsoft's Marketing module for the Enterprise version of Dynamics 365, its combined CRM/ERP suite."
The two companies also say they are planning to work in tandem on machine learning and intelligent document automation, which they say will be implemented into most facets of both platforms.
But there's more going on in the world than that.
Amazon is looking for the location of its next headquarters
Amazon has asked for bids from local and state governments, and hopes to receive proposals from prospective locations in which it could build its new headquarters. The company intends the second location to be equal in size and importance to its massive Seattle tower, saying that it expects to invest more than $5 billion in the location and employ as many as 50,000 employees.
Mayors from cities including Memphis, Chicago, Philadelphia, Hartford, Tulsa, St. Louis, and Providence have expressed interest, with many more likely to follow suit. Several cities in Texas are also likely to be considered, as will as major Canadian cities like Vancouver.
"We expect HQ2 to be a full equal to our Seattle headquarters," Amazon CEO Jeff Bezos said in a statement. "Amazon HQ2 will bring billions of dollars in up-front and ongoing investments, and tens of thousands of high-paying jobs."
Amazon says the average compensation at the new location could top $100,000, and development is likely to begin in 2019.
And you can't not know this.
Delta passengers get a bumpy ride as their plane flies right through Hurricane Irma
Delta flight DJ302 took off from San Juan, Puerto Rico Wednesday afternoon before flying right through one of the most powerful Atlantic hurricanes in history. Shocking, terrifying, and extremely dangerous, right? According to WIRED and the commercial airline pilots they spoke to, flying through most storms is just another day at the office.
"It's not that much different from flying through the Midwest in the summertime with thunderstorms," Douglas M. Moss, a commercial pilot and aviation consultant told WIRED. "It's the same techniques, the same tools, the same procedures you use for avoiding thunderstorms."
According to experts, it would have been more dangerous and costly to leave the plane on the ground or in the hangar. Officials on the ground elected not to turn the plane away as it was approaching San Juan to land, and after much deliberation, decided to race the storm and get the plane back to safer conditions. Once in the air, highly trained pilots don't find hurricanes to be a significant challenge to fly in.
"The flight might have been bumpy for about 15 minutes, a bit rainy and a bit dark," WIRED writes. "For the seasoned traveler, conditions like that are probably NBD."




Monday, 4 September 2017

Security News





All The Top IT Security News.
View this email in your browser


Monday 4th September 2017

We collect the news so that you don't have to!


Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks.
http://www.itsecurityguru.org/2017/09/04/vulnerabilities-discovered-mobile-bootloaders-major-vendors/

Banking Trojan Now Targets Coinbase Users, Not Just Banking Portals
The TrickBot banking trojan is a new malware strain that appeared in the autumn of 2016 and most experts believe it was developed by some of the developers who worked on the now defunct Dyre banking trojan, some of whose operators were arrested in late 2015 in Russia.
http://www.itsecurityguru.org/2017/09/04/banking-trojan-now-targets-coinbase-users-not-just-banking-portals/

Police Seize Domain of Online Store That Stole User's Card Data
According to a statement from the Edmonton Police Service (EPS), its Cyber Crimes Investigation Unit started looking into the website after a user complained of fraudulent purchases appearing in his bank statements in May this year.
http://www.itsecurityguru.org/2017/09/04/police-seize-domain-online-store-stole-users-card-data/

£200m fake train ticket scam: We put season pass bought on dark web to the test at Britain's busiest station
The Mirror team found fakes for sale on the so-called "dark web" – a shadowy corner of the internet which cannot be searched via mainstream browsers like Google.
http://www.itsecurityguru.org/2017/09/04/200m-fake-train-ticket-scam-put-season-pass-bought-dark-web-test-britains-busiest-station/

Microsoft says every enterprise should have a plan for when cybersecurity fails
No matter how good it is, enterprise cybersecurity is doomed to fail. Every enterprise should have a business continuity plan in place for when it does.
http://www.itsecurityguru.org/2017/09/04/microsoft-says-every-enterprise-plan-cybersecurity-fails/


Subscribe to: Comments (Atom)