Cyber Security News & Trends – 07-26-19

/0 Comments/in /by

This week, SonicWall releases a mid-year update to the 2019 SonicWall Cyber Threat Report, hackers breach the FSB, and Johannesburg hit by ransomware.

SonicWall Spotlight

SonicWall 2019 Mid-Year Threat Report Shows Worldwide Malware Decrease of 20%, Rise in Ransomware-as-a-Service, IOT Attacks and Cryptojacking – SonicWall Press Release

  • SonicWall refreshes its data from the first months of 2019 for the Cyber Threat Report Mid-Year Update. The Cyber Threat Report provides insights into the cybersecurity industry’s top threats and trends, major finds include:
    • Ransomware volume up 15% globally year to date
    • Encrypted threats spike 76%
    • IoT malware attacks up 55%
    • Malware attacks across non-standard ports dips to 13%
    • With bitcoin value spiking, cryptojacking volume up 9%

SonicWall CEO on McAfee IPO Rumours and Symantec’s Possible Sale – CRN ChannelWeb

  • Channel Web interviews SonicWall CEO Bill Conner discussing business and government reactions to changes to the cybersecurity industry where the threat landscape which is “is getting very, very real.”

UK Ransomware Attacks Soar 195% – Malware Cocktails Proliferate – CBROnline

Cybersecurity News

NSA Launches Cybersecurity Directorate – NextGov

  • The National Security Agency has announced the launch of a new division aimed at defending the country’s national security infrastructure from digital attacks. The Cybersecurity Directorate will bring the agency’s foreign intelligence and cyber operations together under the same roof.

Hackers Breach FSB Contractor, Expose Tor Deanonymization Project and More – ZDNet

  • A contractor for the FSB, Russia’s national intelligence service, has been hacked with over 7.5 terabytes of data taken. Information exposed includes data on secret developments like a Tor deanonymization project and the ability to disconnect the Russian internet from the rest of the world.

Two Charged With Terrorism Over Bulgaria’s Biggest Data Breach: Lawyer – Reuters

  • Police raided the offices of cybersecurity firm Tad Group following last month’s cyberattack and data breach in which personal data for nearly every adult Bulgarian was stolen. Two workers have been charged with terrorism, both deny wrongdoing.

Louisiana Governor Declares State Emergency After Local Ransomware Outbreak– ZDNet

  • Following a series of cyberattacks on school districts Louisiana Governor John Bel Edwards declared a cybersecurity state of emergency. This is only the second time a state has declared a state of emergency over cybersecurity, the first being Colorado in February 2018.

Facebook to Pay $100 Million SEC Fine Over Cambridge Data Use – Bloomberg

  • Facebook has agreed to pay $100 million in a U.S. Securities and Exchange Commission settlement over the Cambridge Analytica scandal. In the settlement Facebook refuse to admit or deny any wrongdoing.

Ransomware hits Johannesburg electricity supply – BBC

  • Johannesburg’s City Power has been the latest high-profile victim of a ransomware attack with more than a quarter of a million people affected. The City of Johannesburg says no customer data has been compromised.

And finally:

UK, EU Police Pilot Scheme to Give Wayward Teen Hackers White Hats – ZDNet

  • A new UK and EU scheme called “Hack_Right” is currently being trialled. The scheme is aimed at staging interventions for teenagers who are involved in hacking, encouraging them to change their behavior rather than punishing them with jail time or fines.

In Case You Missed It

Mid-Year Update: 2019 SonicWall Cyber Threat Report

/9 Comments/in /by

It’s almost cliché at this point, but the cyber arms race — and respective cybersecurity controls and technology — moves at an alarming pace.

For this reason, SonicWall Capture Labs threat researchers never stop investigating, analyzing and exploring new threat trends, tactics, strategies and attacks. They publish most of their findings — the data they can share publicly, anyway — in the annual SonicWall Cyber Threat Report.

But to ensure the industry and public are able to stay abreast of the quickly shifting threat landscape, the team offers a complementary mid-year update to the 2019 SonicWall Cyber Threat Report. Download the exclusive report to explore the stories, behaviors and trends that are shaping 2019 — as they are happening.

Malware volume dips in first half

In 2018, global malware volume hit a record-breaking 10.52 billion attacks, the most ever recorded by SonicWall Capture Labs threat researchers.

Fortunately, during the first six months of 2019, that trend slowed — at least somewhat. SonicWall recorded 4.8 billion* malware attacks, a 20% drop compared to the same time period last year.

Ransomware rising

Did you think ransomware was an outdated tactic? The latest 2019 data proves otherwise. Despite overall declines in malware volume, ransomware continues to pay dividends for cybercriminals.

All told, global ransomware volume reached 110.9 million for the first half of 2019, a 15% year-to-date increase. The exclusive mid-year update outlines which countries followed this trend and which were victimized by an increase in ransomware attacks.

Attacks against non-standard ports still a concern

As defined in the full 2019 SonicWall Cyber Threat Report, a ‘non-standard’ port means a service running on a port other than its default assignment, usually as defined by the IANA port numbers registry.

For the first half of 2019, 13% of all malware attacks came via non-standard ports, a slight dip due to below-normal activity in January (8%) and February (11%).

Encrypted threats intensify

In 2018, SonicWall logged more than 2.8 million encrypted threats, which was already a 27% jump over the previous year. Through the first six months of 2019, SonicWall has registered a 76% year-to-date increase.

Machine learning, multi-engine sandboxes evolving to ‘must-have’ security

So far in 2019, the multi-engine SonicWall Capture Advanced Threat Protection (ATP) cloud sandbox has exposed 194,171 new malware variants — a pace of 1,078 new variant discoveries each day of the year.

IoT malware volume doubled YTD

The speed and ferocity in which IoT devices are being compromised to deliver malware payloads is alarming. In the first half of 2019, SonicWall Capture Labs threat researchers have already recorded 13.5 million IoT attacks, which outpaces the first two quarters of last year.

Bitcoin run keeping cryptojacking in play

Late 2018 data showed cryptojacking on the decline. But with the surging values of both bitcoin and Monero, cryptojacking rebounded in 2019. Cryptojacking volume hit 52.7 million for the first six months of the year.

How do cybercurrency prices influence cryptojacking volume? The exclusive mid-year update looks deeper into the numbers.

SkyStars ransomware, variant of BlackMoon banking trojan encrypts with no recovery note

/in /by

The SonicWall Capture Labs Threat Research Team observed reports of a variant of the BlackMoon banking trojan called SkyStars.  BlackMoon was originally designed to steal user credentials from various South Korean banking institutions.  In addition to data theft, the authors later added ransomware capability.  This SkyStars ransomware component seems to be in early development.

Infection Cycle:

The Trojan uses the following icon:

 

The trojan executable file contains the following metadata:

 

Upon execution, files are indiscriminentely encrypted on the system.  The malware does not appear to have a list of preferred file types.  Encrypted files are given a .SKYSTARS extension.  The malware does not display a ransom note and no payment method for file recovery is presented to the victim.

 

After a period of 5 minutes, the following messagebox is displayed:

 

Analysis of the executable file reveals the following strings:

 

 

 

Like most ransomware, the trojan contains functionality to write a ransom note to a file and display it to the victim.  Although the code below is present in the malware it was not executed during our analysis:

 

During runtime analysis we were able to locate the encryption function used to encrypt files.  The reverse algorithm of this function may be the only possibly way to recover files:

 

The malware executable file contains strings that refer to BlackMoon, a known banking trojan.  This suggests that the malware is a variant of BlackMoon with added ransomware capability:

 

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: SkyStars.RSM (Trojan)

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions.

 

Ursnif – Spreading via malicious Office files

/in /by

SonicWall Capture Labs Threat Research Team identified a new wave of malicious Office files in use to distribute Banking Trojan belonging to the Ursnif family. It has been observed that MS-Word files containing VBA Macro code are used to download a text file which contains a series of lines that are decrypted into Portable Executable(PE) file.

Malicious Office file will appear as shown below:


Fig-1: Office Word File

Infection Cycle:

Upon opening the malicious document file, a message is displayed to the user informing that this document is protected and to click on Enable Editing followed by Enable content.

Once the content is enabled, the malicious macro is executed to show a user form titled “loading” and Internet Explorer is launched in the background to download the file pointed by a URL stored in the tag part of userform. Once the download is completed, the PE file belonging to Ursnif family is decrypted from the downloaded data.

Hardcoded URL stored in a tag part of UserForm and decryption routine are shown below:


Fig-2: Macro code in Office File

The downloaded text file is shown below:

Unlike other variants of Ursnif which we have observed in the past to be targeting victims from Italy, this variant does not have any country-specific restriction.

SonicWall Capture Labs provides protection against this threat via the following signatures:

GAV: MalAgent.U1 (Trojan)
GAV: MalAgent.U2 (Trojan)
GAV: MalAgent.U3 (Trojan)
GAV: MalAgent.U4 (Trojan)

Indicators of Compromise:

SHA 256 of Malicious Office documents

  • 055a79019b845a5ef31678f61e833baba3a1c3a523c9dcc469844e1c918fb4e4
  • f153fcc4ba561076d8888daef7aaf33d0e5db896bc10b34e88050cd58bf8f815
  • a1266f4e1fc41a0afd4e92f6d115225d08675ca51e4488f41737c92d1993ee62
  • 7274ab5123232de647243124c37bfe9f5933388a60466d747bdb0890c85a9d00
  • bfab47e4cc1646f73d7fc53a04434f4271e1cf1eefa194134ce9eefcf88a1835
  • 8f0b54655c755aded44b6a3ee7e242c8414d4422148a3121463ec7a3022fb106
  • 4812d242bda392ffa6b3a81c9246cf5ca8ea80f8168ac5ecb64c35f0232f9ccb
  • af37eab60a51b7e9328922ca10d2a09f0190e0d08cf88e5aa7b8d98e35a85fc1
  • 8b97586f552394b004151a7834c4badf30985c4ad8f34ea7bbc7711bbf951ec4
  • 675f02bcd6d4d7c46e7dad56601bec29f9fa6a94e084b2d5ac6446cd1d504cc7
  • f3daadac20beefe70c6c3168b79f403a6925b3d17e21bcda825d6481d8f4d310
  • 44508372cf497abfb7c879c8fead8429435a9dc002b2bbbc18e5c62de054e7c7
  • c2aec04535d95b6310a7be2df7856631f5804ba4fe1c1a4bcb7aeb5c3079018d

Network Connections:

  • http://195.1[removed]3.159/local_file.php
  • http://765hg56.m[removed]ergraff.com/gate.php
  • http://2t6u7r.m[removed]ye.com/gate.php
  • http://776fdf.m[removed]yenholm.com/gate.php

Payload SHA 256:

  • 6f4f4b2f1ef0493075d635beae94565cf6dc6437ce5a69e9ddaa9b5a7405a333

Payload Network connection:

  • http://api[.]fiho[.]at/index.htm

 

CVE-2019-0859 exploits active in the wild

/in /by

The SonicWall Capture Labs Threat Research observed CVE-2019-0859 being actively exploited in the wild.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVE-2019-0859 is a Use-After-Free vulnerability in the CreateWindowEx function. The exploit uses this vulnerability to elevate privilege and run shellcode.

 

The above code is used to execute arbitrary shellcode.

The injected shellcode payload (stored in $var_code) creates a named pipe. Any data read from the named pipe is executed directly as shellcode.

SonicWall Capture Labs Threat Research team provides protection against this exploit with the following signatures:

ASPY 5452: Malformed-File exe.MP.64

This threat is detected pro-actively by Capture ATP w/RTDMI

Threat Graph:

IOC:

eea10d513ae0c33248484105355a25f80dc9b4f1cfd9e735e447a6f7fd52b569

9f9ea63ad90da73185ff84378844902bf5ce8af0f1b9c8895775697822652d4f

772392b04d05f4b219c20daafa9f2edf727f51ab09c9796e5cdfb4916432bb66

1dfc83d5bc38b88623d54103aa58a2c08b494bc0d0d1098e857dde87f0be0616

Cyber Security News & Trends – 07-19-19

/0 Comments/in /by

This week, SonicWall CEO Bill Conner is included on a coolest CEO list and we have a special look at what people are saying about the growth of AI in the cybersecurity arena.

SonicWall Spotlight

The 11 Coolest Endpoint Security CEOs of 2019 – Solutions Review

  • SonicWall CEO Bill Conner is named one of Solutions Review’s top 11 coolest Endpoint Security CEOs, recognizing CEOs who bring “their own unique blend of experience and expertise to their endpoint security companies.”

SonicWall on Youtube

  • Did you know that SonicWall has an official channel on YouTube? We update it with all sorts of content, such as technical support videos, SonicWall product news, unboxing videos and more. You can follow us for updates here.

Sonicwall’s Roadshow Guides Customers and Channel Partners Address Network Security Issues – SME Channels (India)

  • SonicWall’s Debasish Mukherjee is quoted talking at the SonicWall roadshow at Mumbai And Delhi.

Cybersecurity News

Why AI is the Future of Cybersecurity – Forbes

  • Forbes digs into the figures available in a new report titled “Reinventing Cybersecurity with Artificial Intelligence” to see who is, and who is not, using AI in cybersecurity research. They conclude that with 69% of enterprises polled believing AI will be necessary to counter cyberattacks AI is going to be the future, one way or another.

AI Has a Bias Problem and That Can Be a Big Challenge in Cybersecurity – CNBC

  • If AI is the future of cybersecurity, then what can be done about its inherent bias problems? CNBC investigates how bias is found in the program, the data and the people who design the AI systems.

Researchers Easily Trick Cylance’s AI-Based Antivirus Into Thinking Malware Is ‘Goodware’ – Motherboard

  • Researchers in Australia say they have found a way of subverting Cylance’s AI-based antivirus into thinking malware, including the high-profile ransomware like Wannacry, is “goodware.” The relatively simple method involves taking strings from a non-malicious file and appending them to a malicious one, tricking the system into thinking the malicious file is benign.

Debunking the Myths of AI Cybersecurity – ITProPortal

  • ITProPortal look at four AI cybersecurity myths and explain why they are either incorrect or overblown.

What Kind of Cybersecurity Threats Does 5G Pose? – Silicon Republic

  • Huawei are currently global leaders in 5G infrastructure but with concerns in the USA, now spreading to the UK, over whether or not the company is sufficiently independent from the government of China, could threats in 5G infrastructure be like finding a needle in a haystack?

Cyberattacks Inflict Deep Harm at Technology-Rich Schools – New York Times

  • Schools are becoming ever-more attractive targets for cybercriminals as a school will hold a wealth of personal information on its students and provides critical public services. The Washington Times investigates the increase in cyberattacks on schools and how the FBI can only do so much when an attack is successful.

And finally:

FBI Shares Master Decryption Keys for Prolific GandCrab Ransomware – Washington Times

  • The jig appears to finally be up for the Gandcrab ransomware group after master decryption keys were made public by the FBI. The group appears to have known this was coming and had ended its criminal “affiliate program” after claiming that the program had generated over $2 billion in ransom payments.

In Case You Missed It

Cyber Security News & Trends – 07-12-19

/0 Comments/in /by

This week, Baltimore ransomware woes continue, the story of how the WannaCry cyberattack was stopped, and Magecart groups change tactics.

SonicWall Spotlight

Sonicwall’s Roadshow Helps Customers and Channel Partners Address the Critical Issue of Network Security – CRN

  • SonicWall’s Debasish Mukherjee is on the move with the SonicWall Roadshow across Mumbai and Delhi in India. He talks SonicWall expansion in India and Next-Gen AV – Capture Client with CRN.

Cybersecurity News

Border Officials Not Told of Massive Surveillance Breach Until Three Weeks After Subcontractor Was First Alerted – Washington Post

  • S. Customs and Border Protection was not informed that a hacker had stolen a huge cache of sensitive border-surveillance documents from a subcontractor until nearly three weeks after the cyberattack was first discovered. A huge trove of data, including travelers’ images and license plates, was taken in the attack and has since appeared on the dark web.

The Sinkhole That Saved the Internet – TechCrunch

  • In 2017, as the WannaCry ransomware attack was spreading across the internet, two security researchers were all that stood in its way after they found a kill-switch hidden in the code. Two years later, TechCrunch speaks to the researchers and breaks down the moment by moment saga as it happened.

Baltimore Ransomware Infection Keeping City Employees From Accessing Older Emails: Report – Washington Times

  • Nearly two months after Baltimore was first caught by the Ransomware attack that crippled the cities operations, employees are still incapable of accessing emails older than 90 days.

Here’s How Hackers Are Making Your Tesla, GM and Chrysler Less Vulnerable to Attack – USA Today

  • Since the newest model cars contain a series of connected computers, cyber vulnerabilities are an increasing concern in the automotive industry. To combat this, many car companies have launched bug bounty programs and attend all day hacking events like Pwn2Own with top prizes for hackers who can breach their cybersecurity or find unknown bugs.

U.S. Coast Guard Issues Cybersecurity Warnings for Commercial Vessels – SecurityWeek

  • The U.S. Coast Guard issued a cybersecurity warning for commercial vessels following successful cyberattacks and an increase in phishing attempts in 2019. It says that “It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures.”

Marriott to Contest $124 Million Fine Imposed by UK Data Protection Regulator – SecurityWeek

  • Both Marriott and British Airways will be subject to fines of over a hundred million dollars in the UK under GDPR regulation, both stemming from data breaches in 2018. Marriott International says it will fight the fine.

Anaesthetic Devices ‘Vulnerable to Hackers’ – BBC

  • Security researchers at CyberMDX have found a vulnerability in a brand of widely used anesthetic machines. The Aespire and Aestiva 7100 and 7900 can be hacked and controlled from afar if left accessible on a hospital computer network. The makers of the machine have responded saying that there is “no direct patient risk.”

France Says Ransomware Attacks on Big Companies Are on the Rise – Bloomberg

  • The head of the office charged with fighting cyber threats in France says that large companies are increasingly the target of cyberattacks and ransomware demands but often don’t want to report the attacks for fear of hurting their public image.

And finally:

New Magecart Attacks Leverage Misconfigured S3 Buckets to Infect Over 17K Sites – ZDNet

  • Magecart, the troublemaking credit card skimming gangs behind a number of high-profile breaches like British Airways, has successfully infected over 17,000 domains since April. The shotgun approach being taken leading to such a huge number of infections is a change in tactics to previous methods of highly targeted attacks. This is likely down to both the ease at which the skimming software can be implemented, and poor website security hygiene on the domains’ side.

In Case You Missed It

Guesswho Ransomware actively spreading in the wild

/in /by

The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Guesswho ransomware [Guesswho.RSM] actively spreading in the wild.

The GUESSWHO ransomware encrypts the victim’s files with a strong encryption algorithm until the victim pays a fee to get them back.

Infection Cycle:

The ransomware adds the following files to the system:

  • Malware.exe
    • %Userprofile\Desktop %\ How Recovery Files.txt
      • Instruction for recovery
    • %App.path%\ [Random]. GUESSWHO
    • %Userprofile\Desktop %\ How Recovery Files.txt

Once the computer is compromised, the ransomware runs the following commands:

 

The ransomware encrypts all the files and appends the [.GUESSWHO]  extension onto each encrypted file’s filename.

After encrypting all personal documents, the ransomware shows the following text file containing a message reporting that the computer has been encrypted and to contact its developer for unlock instructions.

We have been monitoring varying hits over the past few days for the signature that blocks this threat:

 

 

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: Guesswho.RSM (Trojan)

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions.

 

5 Best Practices for Fast, Secure Wi-Fi on K-12 Campuses

/2 Comments/in , /by

When I was a high school student, bringing a smartphone into classrooms was not permitted. If you were caught with any electronic device, it would be confiscated. Pronto.

In this new digital era, schools are embracing this transformation everywhere. Classrooms are changing, with Wi-Fi being the primary form of internet access. Students, faculty and guests also use more than one device at a time, including laptops, tablets, wearables and smartphones. As the number of devices grow, it becomes critical to plan your K-12 networks effectively and future-proof it to be able to implement newer and safer technology.

If you’re expanding, upgrading or building a secure wireless network for K-12 campus or districts, review these five helpful best practices.

Plan for density

Secure Wi-Fi networks are often planned based on coverage. If the wireless signal simply covers a classroom it does not signify that it can actually handle the device density in that room. With students and faculty using multiple devices, the number of devices connected to a particular wireless access point increases. Ensure that you are prepared for max traffic density in your classroom — and across the entire campus.

How? As a first approach, ensure you have sufficient coverage and layer this with density. Use a site survey tool like the SonicWall WiFi Planner to make this process easier to visualize. Next, estimate where you find max device density, peak traffic and plan your Wi-Fi deployment around this.

Go cloud

More applications and functions are moving to the cloud (or are likely already there). For K-12 schools untethering Wi-Fi from their wireless controller or firewalls, the cloud offers powerful infrastructure and applications to simplify management and security.

By going this route, K-12 districts and schools have the flexibility to manage wireless security solutions from the cloud, scale limitlessly and also drive down TCO.

How? Transition to a cloud-managed wireless solution. The SonicWall wireless solution can be managed by the WiFi Cloud Manager, which is a scalable, centralized Wi-Fi network management system, simplifying wireless access, control and troubleshooting capabilities across networks of any size or region.

Accessible through SonicWall Capture Security Center (CSC), WiFi Cloud Manager unifies multiple tenants, locations and zones while simultaneously supporting tens of thousands of SonicWave wireless access points.

Single-pane-of-glass management

Managing multiple management dashboards is challenging as there is a high risk of things falling through the cracks. To avoid this and to streamline the process it is essential to have a single-pane-of-glass management system with real-time analytics to capture threats and abnormalities in your network. This type of management saves you time and helps you become proactive rather than reactive.

How? Empower yourself with the right management solution to govern your entire network security ecosystem from a single dashboard. Capture Security Center is a scalable cloud-based security management system that’s a built-in, ready-to-use component of your SonicWall product or service.

Capture Security Center features single sign-on (SSO) and single-pane-of-glass management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, mobile and cloud security resources.

Enable content filtering

Wi-Fi is an easy gateway for malicious attacks. It must be protected with the right encryption and security mechanisms. Create granular policies to ensure that students are protected against malicious and non-reputable websites.

How? Ensure that you enable content filtering on your network. SonicWall provides a Content Filtering Service (CFS) that compares requested sites against a massive database in the cloud containing millions of rated URLs, IP addresses and domains. It provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by time of day, for over 50 pre-defined categories.

Future-proof with the latest technology

Ensure that you deploy the latest wireless technology in your schools. Future-proofing secure Wi-Fi is the best way to ensure that you get your money’s worth in the long term while providing the best user experience.

How? This does not mean you have to rip and replace your entire existing network. It could be a gradual approach, wherein you upgrade only critical units based on your needs. Build your network on the latest certified wireless standard: 802.11ac wave 2. Future-proof with wireless access points that are 802.11ac Wave 2-capable.

Adhering to these best practices will make your WiFi network efficient and secure — all while saving you time and money.

Microsoft Security Bulletin Coverage for July 2019

/in /by

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of July 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2018-15664 Docker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0811 Windows DNS Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0865 SymCrypt Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability
ASPY 5570:Malformed-File exe.MP.89
CVE-2019-0887 Remote Desktop Services Remote Code Execution Vulnerability
ASPY 5571:Malformed-File cmd.MP.1
CVE-2019-0962 Azure Automation Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0966 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0975 ADFS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0999 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1001 Scripting Engine Memory Corruption Vulnerability
IPS 14288:Scripting Engine Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1004 Scripting Engine Memory Corruption Vulnerability
IPS 14289:Scripting Engine Memory Corruption Vulnerability (JUL 19) 2
CVE-2019-1006 WCF/WIF SAML Token Authentication Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1037 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1056 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1059 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1062 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14290:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 3
CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability
IPS 14291:Internet Explorer Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1067 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1068 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1071 Windows Kernel Information Disclosure Vulnerability
ASPY 5572:Malformed-File exe.MP.90
CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1073 Windows Kernel Information Disclosure Vulnerability
ASPY 5566:Malformed-File exe.MP.86
CVE-2019-1074 Microsoft Windows Elevation of Privilege Vulnerability
ASPY 5568:Malformed-File ps1.MP.1
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1076 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-1077 Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1079 Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1082 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1083 .NET Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1084 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1085 Windows WLAN Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1086 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1087 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1088 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1089 Windows RPCSS Elevation of Privilege Vulnerability
ASPY 5567:Malformed-File exe.MP.87
CVE-2019-1090 Windows dnsrlvr.dll Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1091 Microsoft unistore.dll Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1092 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14129:Chakra Scripting Engine Memory Corruption Vulnerability GM 1
CVE-2019-1093 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1094 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1095 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1096 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1097 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1098 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1099 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1100 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1101 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1102 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1103 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14292:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 4
CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability
IPS 14293:Microsoft Browser Memory Corruption Vulnerability (JUL 19)
CVE-2019-1106 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14283:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1107 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14284:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 2
CVE-2019-1108 Remote Desktop Protocol Client Information Disclosure Vulnerability
ASPY 5569:Malformed-File exe.MP.88
CVE-2019-1109 Microsoft Office Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1110 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1111 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1112 Microsoft Excel Information Disclosure Vulnerability
ASPY 5563:Malformed-File xls.MP.66
CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1116 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1117 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1118 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1119 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1120 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1121 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1122 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1123 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1124 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1126 ADFS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1127 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1128 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1129 Windows Elevation of Privilege Vulnerability
ASPY 5565:Malformed-File exe.MP.85
CVE-2019-1130 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1132 Win32k Elevation of Privilege Vulnerability
ASPY 5564:Malformed-File exe.MP.84
CVE-2019-1134 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-1136 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1137 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.