Highlights and Updates

Google Releases Security Updates for Chrome

Tuesday, 6th June 2017

Google has released Chrome version 59.0.3071.86 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases(link is external) page and apply the necessary updates.

SEI Issues Advice on Ransomware

Thursday, 1st June 2017

The Software Engineering Institute (SEI) of Carnegie Mellon University has released a blog post on best practices for preventing and responding to ransomware. This common malware captures, encrypts, and holds your data to extort a ransom. SEI˘®¯s top recommendation to thwart ransomware attacks is to back up your important files regularly.

We encourage users and administrators to review SEI's blog post

FBI Releases Article on Protecting Business Email Systems

Wednesday, 31st May 2017
The Federal Bureau of Investigation (FBI) has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use of free web-based email accounts; using multi-factor authentication; and updating firewalls, antivirus programs, and spam filters.

Microsoft Fixes Windows Defender Flaw

Monday, 29th May 2017
Microsoft has released a silent fix for a critical vulnerability in Malware Protection Engine. An attacker could create a malicious executable that when processed by the Malware Protection Engine's emulator would allow remote code execution. Microsoft learned of the flaw on May 12 and fixed it on Wednesday, May 24. The issue was patched automatically if users have configured their systems for automatic updates.

LNK files again being used to deliver malicious PowerShell script

Thursday, 25th May 2017
Cybercriminals have brought back an older attack vector using LNK files to execute PowerShell scripts to download malware.

Samba Releases Security Updates

Wednesday, 24th May 2017
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.

Yahoo Retires Buggy ImageMagick Library

Tuesday, 23rd May 2017
Yahoo has retired the ImageMagick library image processing toolkit after the disclosure of a vulnerability that could expose image data from user inboxes

Most WannaCry Infections Were Running Windows 7

Monday, 22nd May 2017
Windows 7 hardest hit by WannaCry worm.  Windows 7, not XP, was the reason last week's WCry worm spread so widely 

ICS-CERT Releases WannaCry Fact Sheet

Friday, 19th May 2017

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has released a short overview of the WannaCry ransomware infections. This fact sheet provides information on how the WannaCry program spreads, what users should do if they have been infected, and how to protect against similar attacks in the future.

Joomla! Releases Security Update for CMS

Friday, 19th May 2017
Joomla! has released version 3.7.1 of its Content Management System (CMS) software to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected website.