Shadow Brokers cause ongoing headache for NSA

This is a nice recap of where the NSA vs. ShadowBrokers stands at the moment.  I do find it mildly intriguing how damaged the NSA finds itself amidst this constant trickle feed of compromised data and formerly secret exploits.  One telling line in the article references the NSA (and I am paraphrasing) as one of the premier world wide agencies for breaking into computer systems and yet they could not protect their own house.

I do have to agree with Bruce Schneier and others who point to a whistleblower or other insider theory on the breach.  ShadowBrokers wants the NSA to suffer, both functionally and in terms of reputation.

https://nakedsecurity.sophos.com/2017/11/15/shadow-brokers-cause-ongoing-headache-for-nsa/

Advertisements

Adobe, Microsoft Patch Critical Cracks

Patch Tuesday has come and gone and there are several new Microsoft and Adobe patches that warrant our attention.  Most interesting is probably the Microsoft Office vulnerability that was 17 years in the making.  I remain astonished that a bug existed in the wild for 17 years undetected.

Please review all of your relevant systems and platforms and patch accordingly.

https://krebsonsecurity.com/2017/11/adobe-microsoft-patch-critical-cracks/

https://threatpost.com/microsoft-patches-17-year-old-office-bug/128904/

Microsoft issues advisory to users after macro-less malware attacks – And yet, most Organizations find themselves running out of date Office products

Given the situation, I believe these two articles should be read together and discussed.  On a day when Microsoft is discussing and warning users about another zero day vulnerability in an Office product, we need to take a moment and realize that updating, patching and ultimately upgrading Office is a truly important component of any IT security program.

https://www.tripwire.com/state-of-security/security-data-protection/microsoft-advisory-office-dde-malware/

https://www.infosecurity-magazine.com/news/most-organizations-run-outofdate/