Apple QuickTime for Windows

Summary

QuickTime for Microsoft Windows is no longer supported by Apple and the current advice is to remove it from all Windows OS Devices devices.

The removal instructions can be found here https://support.apple.com/HT205771

QuickTime for Mac OSX is unaffected, can be considered to still be supported, and subject to security patches as required.

Further details

Two vulnerabilities have been found and published by the TippingPoint Zero Day Initiative (ZDI) and, as per their rules,…

Link: Apple QuickTime for Windows
Source: NCSC Alerts

Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities

Executive summary

Multiple critical vulnerabilities have been reported in a number of different security products from Symantec, affecting both enterprise and consumer products.

These vulnerabilities include a ‘100% reliable remote exploit’ and a ‘wormable’ flaw that requires no user interaction by the victim for an attacker to exploit.

The vulnerabilities have been fixed by Symantec and performing a manual ‘LiveUpdate’ will update the software to the…

Link: Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Source: NCSC Alerts

HTTP/2

Executive summary

HTTP/2 is a faster and more technically advanced version of the current HTTP 1.1 and is being widely adopted following its approval in February 2015. It is already supported by major browsers – Chrome, Firefox, IE11, Edge, Safari, and Opera – and is thought to be used by about one in ten websites.

Four vulnerabilities rated as severe have been discovered in this new version, but fixes have already been made available through a coordinated approach between the…

Link: HTTP/2
Source: NCSC Alerts

Quadrooter vulnerability affecting Android

Executive summary

A number of vulnerabilities have been discovered in the Qualcomm chipsets used in many Android handsets from many of the leading manufacturers. Exploitation of these vulnerabilities could allow an unauthorised user to take full control of an Android device but in order to do so an authorised user would first need to install a malicious app.

Google have stated that three of the four vulnerabilities have been patched with the fourth due in September, although updates will…

Link: Quadrooter vulnerability affecting Android
Source: NCSC Alerts

Multiple vulnerabilities in various products

Executive summary

On 15 August 2016, CERT-UK was made aware of a list of exploits posted online. These exploits are targeted at vulnerabilities in software found in Cisco switches, routers and firewall products, Fortinet’s Fortiguard, Watchguard and TopSec. Whilst Fortninet and Watchgaurd determined the vulnerabilities were patched years ago, of the two Cisco vulnerabilities, one has been confirmed as a zero-day.

Vulnerabilities – Cisco

The two vulnerabilities affecting Cisco…

Link: Multiple vulnerabilities in various products
Source: NCSC Alerts

Data breach of 500m Yahoo accounts

Summary

CERT-UK is aware of reports of an attack on the technology firm Yahoo in which up to 500 million user accounts were breached.

In August 2016, a hacker known as “Peace” was reportedly attempting to sell information from 200 million Yahoo accounts breached in an attack from 2014. Initially believed to be speculation, Yahoo has now revealed that a breach did take place compromising the data of 500 million accounts. This is believed to be the biggest public breach of…

Link: Data breach of 500m Yahoo accounts
Source: NCSC Alerts

‘Dirty COW’ Linux privilege escalation vulnerability being actively exploited

Executive Summary

A vulnerability has been discovered in the Linux kernel which could give untrusted users unfettered root access. This vulnerability has been present in the Linux kernel for nine years but has only just been discovered. The vulnerability allows for privilege escalation that can be exploited easily and reliably. The fact that this flaw exists in nearly every version of Linux from at least the last nine years means this vulnerability should be taken seriously and patched as…

Link: ‘Dirty COW’ Linux privilege escalation vulnerability being actively exploited
Source: NCSC Alerts

TalkTalk Alert

We are aware of reports that some customers of TalkTalk are suffering problems with their home routers. We have been in contact with the company who are working to resolve the problem. We will continue to monitor the situation and will provide an update if required.

TalkTalk are offering help and support on their website.

Link: TalkTalk Alert
Source: NCSC Alerts

NHS Alert

A spokesperson for the National Cyber Security Centre said:

“We are aware of a cyber incident and we are working with NHS Digital and the National Crime Agency to investigate.”

Advice on protecting yourself from ransomware is available here. 

UPDATE

A statement from the NCSC on the international cyber incident can be read here.

Link: NHS Alert
Source: NCSC Alerts