Please be aware of this vulnerability and update your environments accordingly if you are utilizing this series of Cisco Routers.
https://www.zdnet.com/article/cisco-warns-over-critical-router-flaw/
Vulnerability
Verizon Router Command Injection Flaw Impacts Millions
There is nothing like learning your home edge router could be vulnerable to command line injection attacks. Please take note if you are a Verizon Fios customer. Confirm your firmware version if possible and reach out to Verizon for support as needed.
https://threatpost.com/verizon-quantum-gateway-command-injection-flaw-impacts-millions/143606/
Latest Chrome update plugs a zero-day hole
I particularly like the title from the linked article from “The Register” – “Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)” . It is imperative that we all patch these types of zero day vulnerabilities, especially once they are active in the wild. Review and patch accordingly!
https://www.theregister.co.uk/2019/03/07/google_chrome_zero_day/
https://www.welivesecurity.com/2019/03/07/latest-chrome-update-plugs-zero-day-hole/
Adobe Flash Zero-Day Spreads via Office Docs
The ongoing battle against the exploitation of Adobe Flash continues. This is but the latest in a long line of flaws and vulnerabilities to plague Flash and its brothers and sisters in the Adobe family of products. Please review your environments and patch accordingly. Also, take the time to educate your users to the nature of this particular exploit.
26.5 million Comcast Xfinity customers had their partial home addresses and SSNs exposed
A note to all Comcast customers – this vulnerability appears to have been addressed and corrected fairly quickly, but be diligent and keep your eyes open for identity related fraud.
Adobe warns of Flash zero-day, patch to come next week
Please review your Flash deployments if any remain and be prepared to remediate as soon as a patch is available. Flash honestly cannot disappear/die soon enough for the sake of end user security.
https://nakedsecurity.sophos.com/2018/02/02/adobe-warns-of-flash-zero-day-patch-to-come-next-week/
Dell Advising All Customers To Not Install Spectre BIOS Updates
This article is in line with other reports of vendors and Intel itself backing away from Spectre and Meltdown patching updates and tweaks.
Hard-Coded Backdoor in My Cloud Devices Offers Attackers Access to Personal Photos, Videos
A big thank you to Mr. Skinner for the heads up on this issue. Please take the time to review the MyCloud devices you have deployed and update your firmware.
https://www.infosecurity-magazine.com/news/hardcoded-backdoor-in-my-cloud/
Report: All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw
This has the potential to be hugely impactful for computer users across all industry segments and spectrums. The threat of compromise aside, any fix that has the potential to degrade processing power by up to 30% is significant and will be felt worldwide.
https://thehackernews.com/2018/01/intel-kernel-vulnerability.html
TeamViewer Rushes Fix for Permissions Bug
Please review your TeamViewer implementations and patch accordingly.
https://threatpost.com/teamviewer-rushes-fix-for-permissions-bug/129096/
