Saturday, February 18, 2017

Cyber Updates - 18/02

Hey all,
Here are this week's cyber updates:

(1) Microsoft has not published its famous Patch Tuesday this month due to "a last minute issue that could impact some customers and was not resolved in time". This is presumably due to their difficulties in fixing the latest SMB v3 vulnerability that was reported in the last "cyber updates" post. This means that all Windows machines are still vulnerable to a server side remote code execution exploit.

Here are their details:
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

(2) Yahoo was hacked. No, this is not the same hack as in 2013 that was recently published, but rather a new hacking attempt. 
Instead of stealing the (hashed) passwords, this time the attackers have used forged cookies in order to login to the victims' accounts without their consent. 

Here are all the details:
https://help.yahoo.com/kb/SLN27925.html?impressions=true

(3) Security researches have been able to prove that websites can track your online activity even if you use a different browser. The websites perform unique tasks in order to pinpoint the following metrics: time zone, number of CPU cores, GPU, hash values of GPU rendering results, plugins, fonts, audio, screen ratio and depth, WebGL, Ad blocking, canvas, cookies, encoding, and language. According to the research, the attackers were able to successfully identify 99.2% of the users.

Here are all the details:
http://thehackernews.com/2017/02/cross-browser-tracking.html

Stay tuned for more updates,



Dan Gurfinkel
Head of Offensive Security & Response Unit