Using Moxa MXview?

Do this: Patch and update immediately.
Why: Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution.
Additional Info: https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/

Using the PHP Everywhere Wordpress Plug-in?

Do this: Install the PHP Everywhere update immediately.
Why: Tens of thousands of WordPress sites are at risk from critical vulnerabilities found in the widely used plug-in, PHP Everywhere. These vulnerabilities are very easy to exploit and can be used to quickly and completely take over a site.
Additional Info: https://threatpost.com/php-everywhere-bugs-wordpress-rce/178338/

Are you a Windows Shop?

Do this: Make sure to monitor the Regsvr32 executions... Specifically:

  • Look for parent/child process relationships where Regsvr32 is executed with parent process of Microsoft Word or Microsoft Excel.
  • Look for Regsvr32 executions that load the scrobj.dll, which executes a COM scriptlet.
Why: A Windows living-off-the-land binary (LOLBin) known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot.
Additional Info: https://threatpost.com/cybercriminals-windows-utility-regsvr32-malware/178333/

Send Us Your Comments

What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.

SEND

Newsletter

Want 7x Second Security and other info straight to your inbox? We'll never send boring content.