Internal Threats











           Flaws in Qualcomm chipset expose millions of Android devices to hacking threat - Security researchers
           from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm
           chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely
           simply by sending malicious packets over-the-air – no user interaction required. Three bugs make up
           QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is
           that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.
                  Source: https://threatpost.com/android-phones-qualpwn/146989/



           Researchers uncover over 35 vulnerabilities in six leading enterprise printers -NCC Group researchers
           have uncovered significant vulnerabilities in six commonly used enterprise printers, highlighting the vast
           attack surface that can be presented by internet-connected printers. The issues varied in severity. The
           potential impact of exploiting them ranged from denial of service attacks that could lead to the crash of
           printers, the addition of backdoors within compromised printers to maintain attacker persistence on a
           corporate network, through to snooping on every print job sent to vulnerable printers and the ability to
           forward them to an external internet-based attacker.

                  Source: https://www.helpnetsecurity.com/2019/08/08/vulnerabilities-enterprise-printers/



           Critical updates for Microsoft Patch Tuesday may cause testing headaches - This is a huge month for
           Patch Tuesday as Microsoft attempts to address 93 unique vulnerabilities spanning Windows desktop
           and server platforms, Microsoft Office and core development tools. Without the pressure of a publicly
           reported vulnerability and with no Zero-days to urgently address, we recommend a measured pace of
           testing before deployment for the Windows and Office updates, with a more rapid pace for the IE and
           development tools patches. Do yourself a favor and reference this handy infographics on the status of
           each update group.
                  Source: https://www.computerworld.com/article/3432169/critical-updates-for-microsoft-patch-
                  tuesday-may-cause-testing-headaches.html



           Can't bear to part with that well-worn copy of Windows 7? Microsoft might let you keep it updated an
           extra year - With Windows 7's official retirement less than five months away, Redmond is offering some
           business customers a way to squeeze a bit more life out of the beloved OS. A recently unearthed
           provision in the Windows 7 and Office 2010 end of support FAQ notes that companies running Windows
           10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, and Government E5 plans will be able to
           receive their first year of patch support for Windows 7 free of charge. The idea, says Microsoft, is to
           allow businesses a bit more time to iron out their plans for migrating to Windows 10 from Windows 7
           when official support for the later ends on January 14th, 2020.
                  Source: https://www.theregister.co.uk/2019/08/27/windows7_free_updates/






                                                    www.accumepartners.com