CVE-2019-0604

This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.

Posted: 13 Feb, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – February 2019This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid hand...

Get our weekly newsletter FireEye says Israeli defense agencies were alert to compromises as China works to protect Belt and Road investments

Security vendor FireEye says it has spotted a Chinese espionage group that successfully compromised targets within Israel, and that trying to make its efforts look like the work of Iranian actors is part of the group's modus operandi. A FireEye blog post states the Chinese activity has been ongoing since 2019, when a group it names "UNC215" used the Microsoft SharePoint vulnerability CVE-2019-0604 "to install web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia". "In...

Update, update, update. Plus: Flash, Struts, Drupal also make appearances Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week

Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware. A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe. Microsoft ranks highly in the list because its software is widely used, and provides the mo...

For an organization accused of being 'all talk, no action', there's not even enough talking – to its own employees Who honestly has a crown prince in their threat model? UN report officially fingers Saudi royal as Bezos hacker

The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public. That is the extraordinary claim of The New Humanitarian, which until a few years ago was an official UN publication covering humanitarian crises. Today, it said the UN has confirmed both the hack and the decision not to divulge any details. Dozens...

For two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They aim to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focusing on activities tha...

Hefty load from Microsoft, Adobe, with special guest star Cisco Everyone screams patch ASAP – but it takes most organizations a month to update their networks

Patch Tuesday Microsoft and Adobe have teamed up to give users and sysadmins plenty of work to do this week. The February edition of Patch Tuesday includes more than 70 CVE-listed vulnerabilities from each vendor – yes, each – as well as a critical security fix from Cisco. You should patch them as soon as it is possible. For Redmond, the February dump covers 77 CVE-listed bugs across Windows, Office, and Edge/IE. Among the most potentially serious was CVE-2019-0626, a remote code execution v...