​​Several reports have recently emerged of email phishing campaigns attempting to lure business personnel to websites soliciting business and personal financial information. These messages include some wording demanding the recipient urgently take some action such as clicking a link and entering information in order for the purported sender to update their records. This latest campaign…

​This is an rmsource InfoSec alert. The purpose of this alert is to inform rmsource clients of current or imminent security concerns so that proper precautions may be taken. Executive Overview: There is always a temptation to think to ourselves, “that will never happen to us.” Such could certainly be the case when we think…

Today Web Content Management system vendor, Drupal has issued advanced notice of an upcoming security advisory containing “highly critical” vulnerabilities that have been fixed in newer versions of Drupal 7 and 8. “There will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC, one week from the publication of…

​Recently discovered speculative execution side-channel vulnerabilities make it possible for threat actors to fetch memory content across trust boundaries, leading to disclosure of sensitive data such as passwords, keys, tokens, etc. While this flaw is web-enabled and exploitable through Mozilla Firefox and MS Internet explorer, webservers, CDNs etc., there is no known exploit in the…

Please note, attacks can be performed against clients and network infrastructure components.  It is critical to update both client devices and wireless infrastructure. Affected/Notified Vendors and Manufactures: CERT Vendor Information for VU#228519 https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 Manufacture Bulletins: Microsoft Corporation Updates available – Silent release in Oct 10th patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 Cisco Updates available for specific hardware and IOS…

“An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.” https://www.kb.cert.org/vuls/id/228519 The…

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or…

​The US Computer Emergency Readiness Team (US-CERT) has issued an alert stating that it has received multiple reports (worldwide) of Petya ransomware infections. “Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB).” Source: https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported rmsource Recommendations: System Patching: Given…

​A vulnerability (CVE-2017-8558) has been discovered allowing remote code execution when the Microsoft Malware Protection Engine scans specially-crafted files. “To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine. There are many ways that an attacker could place a specially crafted file in a…