Information Security

 

Current Alerts

Ransomware attacks against NHS trusts.

We are aware of reports of a wide-scale ransomware attack targeting users computers in the NHS. The NHS have published a statement and it is likely that this threat will spill over into other sectors, including education. Early indications are showing that this may be a variant of the malware is exploiting MS17-010 which is a vulnerability in Microsoft Server Message Block 1.0 SMBv1 dating from March 2017. Further information on this particular issue is available here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Recommended best practice... Continue reading

Posted in

Security Update for Microsoft Malware Protection Engine

We’ve become aware that Microsoft has released an urgent update. This addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. We encourage users to review the Microsoft Security Advisory: https://technet.microsoft.com/en-us/library/security/4022344 Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within... Continue reading

Posted in

Critical zero-day vulnerability in Microsoft Office

A recently discovered critical zero-day attack is being abused to distribute malware. The attack exploits a currently unpatched vulnerability in Microsoft Office to download and execute malicious code on victims' computers. OxCERT would like to warn against opening Office attachments from unknown sources. It is believed, that using Protected View (https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653) is a good measure of protecting against the attack.   https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-... Continue reading

Posted in

End of life for Windows Vista

Windows Vista will exit the Microsoft extended support phase at the end of April 11th, and will no longer receive any support: https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet Systems which are still running Vista should be upgraded before this date, or mitigating controls put in place to guard against future vulnerabilities which will not be patched. Mainstream Vista support ended on 12th April 2012. [DMT]

Posted in

Red Hat EL 5 reaching its end of life March 2017

The Red Hat team has published a reminder that Red Hat Enterprise Linux 5 and its clones, such as CentOS, will reach the end of their supported life cycles at the end of March 2017 https://rhn.redhat.com/errata/RHSA-2017-0340.html As a guide, Red Hat Enterprise Linux 5 was released March 2007 (& superseded by RHEL 6 in November 2010), so it is a contender for being on systems that are 7 to 10 years old. If you have RHEL 5.X deployed you will need to make plans to migrate to a supported OS or purchase 'Extended Life Cycle Support' if you need cover out to 2020. [APL]

Posted in
Subscribe to Current alerts listing