Delighted to share the CyberScotland Technical Bulletin June 2021

This month’s CyberScotland Technical Bulletin is now available to read here.

Cyber security is at the core of our customer care portfolio at Lugo. We partner with the world’s leading providers of security solutions to enable us to deliver an industry leading IT managed services program to our clients. Alongside this, we work with local experts within Scotland such as the Scottish Business Resilience Centre, who in turn are in partnership with a conglomeration of security specialists, providing input to the government framework, known as Cyber Resilient Scotland. We are delighted to share with you the monthly CyberScotland Technical Bulletin which contains advice and information on the latest vulnerabilities within popular applications such as Microsoft Windows, Google Chrome and Linux.

The CyberScotland Technical Bulletin is designed to provide information about emerging or escalating cyber threats, and is created in conjunction with SBRC’s Cyber Incident Response. This issue covers topics including:

Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday 8th June 2021, disclosing 50 vulnerabilities across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities include 5 “critical” ratings with the rest labelled as “important”. Additionally, there has been 6 out of 7 zero-days that have been identified as being currently exploited in the wild.

As reported by zdnet.com, the products affected by these vulnerabilities are Microsoft Office, .NET Core & Visual Studio, the Edge browser, Windows Cryptographic Services, SharePoint, Outlook, and Excel.

One notable vulnerability with a “critical” rating relates to Microsoft Defender. According to Lansweeper.com, the vulnerability allows for an attacker to perform remote code execution on the targeted machine. It is strongly recommended to perform updates for Microsoft Defender right now.

Apple Zero-Day Urgent Patches

Apple has patched two new Zero-Day’s which have been exploited in the wild in their latest iOS update version 12.5.3.

In a report by thehackernews.com, Apple has patched two new discovered Zero-Day’s and urges all users to update as soon as possible.

It appears the latest vulnerabilities have been directed at those with older devices such as the iPhone 6, iPad Air and iPad mini 2 and mini 3.

This latest patching of Zero-Days adds to the list of 10 previously patched Zero-Days this year, increasing the list to 12.

Apple has strongly advised users to update to the latest versions of all their software products.

Google Chrome Urgent Update for Exploited Zero-Day

Google Chrome users are urged to update to the latest version of Chrome, to mitigate Zero-Day vulnerabilities discovered in June.

According to thehackernews.com, the vulnerability “CVE-2021-30554” affects WebGL, and if successfully exploited, could lead to remote code execution (RCE), corruption of data, and a potential crash of the software.

This latest Zero-Day discovery and patch is the 7th Zero-Day patch Google has produced since the start of the year.

Chrome users should also remain vigilant as a group of hackers known as ‘PuzzleMaker’ have become successful in their attempts to string together Zero-Day vulnerabilities found on Chrome to install malware directly onto Microsoft Windows.

Linux Users Urged To Update After Root Level Security Flaw Found

The vulnerability known as “CVE-2021-3560“, details the ability for an unauthorised user to run authorised processes that they normally would be prevented from running. This is achieved by exploiting the vulnerability found in the application-level toolkit known as polkit.

Interestingly, this vulnerability has not been seen in older versions of Linux despite being around for several years. As stated by zdnet.com, the vulnerability was backported into recent shipping versions of polkit, which enabled the vulnerability to appear in much more modern versions of Linux distributions.

In its design, this vulnerability can’t always be exploited as it requires the correct timings and commands to be used. However, although it can’t be exploited every single time, it should still be treated with caution.

It’s recommended that Linux users, across any distribution, update to their latest version as soon as possible.

 

Do you need some help keeping your systems secure?

After reading the latest CyberScotland Technical Bulletin, you may feel your organisation could do with a bit of a hand looking after your updates. Our friendly team of Lugo Jedis are on hand to help support you and your systems. Why not have a look at our Managed Helpdesk page and transparent Pricing to find out more about Lugo. We’d #LugoLove you to book a Free Cyber Health Check at a time that suits you, and we’ll even send you a free Chilly’s insulated coffee cup after your review.