ThreatInformer Cyber Threat Advisory – July 2018

ThreatInformer Cyber Threat Advisory – July 2018's Tags

Tags related to this article

ThreatInformer Cyber Threat Advisory – July 2018

Published 12 July 2018

Google Chrome to Issue “Insecure Warning” on all HTTP Sites

This month, Google Chrome users visiting websites on HTTP (i.e. not HTTPS) will be presented with a warning in the location bar showing the site is “Not secure”. In October, this will be taken further so that “Not secure” will flash red when personal data is entered.

Treatment of HTTP pages in Google Chrome from July 2018

Businesses with just a HTTP site can expect reduced user confidence. This will be more pronounced if users need to enter data, for example in a Contact Us form. It is suggested all websites are updated to use HTTPS.

Free SSL certificates can be generated using https://letsencrypt.org. This will give a site a “Secure” label and ensure your users’ traffic is protected.

Thunderbird fixes dozens of bugs

Thunderbird has finally pushed code with fixes for the EFAIL [https://www.wired.com/story/efail-encrypted-email-flaw-pgp-smime] encryption bug that was published in May; as well as another whopping 12 security vulnerabilities.

The EFAIL bug fix addresses two errors in Thunderbird's transmission of encrypted messages; the first prevents plaintext leakage, and the other prevents an attacker being able to decrypt PGP messages.

Thunderbird 52.9 also includes some critical bugs including buffer overflows.  System admins should ensure any clients using the thunderbird software should upgrade to the latest version.

.NET Remote Code Execution Exploit seen in the Wild

A severe remote code execution vulnerability (CVE-2017-8759) was detected in the Microsoft .NET Framework in 2017 has been found to have active exploits in the wild.  Applications that process untrusted user input are known to be affected.

Microsoft has issued a report that an exploit exists in the wild and is being used in targeted attacks against businesses.  Microsoft has released a patch and system administrators should apply it immediately.

Admins who have not updated should be aware.

Authors

Hans Allnutt

Hans Allnutt

London - Walbrook

+44 (0) 20 7894 6925

Patrick Hill

Patrick Hill

London - Walbrook

+44 (0)20 7894 6930

< Back to articles