Internal Threats













              New Malware Miner Sneakily Hides When Task Manager Is Open - Meet “Norman” – a new
              variant of monero-mining malware that employs crafty tricks to avoid being spotted. The
              malicious code was identified by researchers at data security firm Varonis when investigating a
              crypto-miner infestation at a “mid-size company." Almost every server and workstation was
              infected with malware. Most were generic variants of cryptominers. Some were password
              dumping tools, some were hidden PHP shells, and some had been present for several years,” the
              firm said.

                      Source: https://finance.yahoo.com/news/malware-miner-sneakily-hides-task-
                      133003762.html/



              4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered - If you are using
              any supported version of the Windows operating system, stop everything and install the latest
              security updates from Microsoft immediately.Windows operating system contains four new critical
              wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the
              recently patched 'BlueKeep' RDP vulnerability.Discovered by Microsoft's security team itself, all
              four vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, can be
              exploited by unauthenticated, remote attackers to take control of an affected computer system
              without requiring any user interaction.

                      Source: https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html



              Firefox fixes “master password” security bypass bug - Firefox just pushed out an update to fix a
              security glitch……in its password manager. Mozilla delivers a new major version every six weeks on
              what we jocularly call fortytwosday, given that it always comes out on a Tuesday (and that 6 × 7 =
              42).Point releases, mainly to fix security issues, often come out between the main fortytwosday
              versions, as in this case, taking the full version number of the current 68-flavoured release from
              68.0.1 to 68.0.2.
                      Source: https://nakedsecurity.sophos.com/2019/08/15/firefox-fixes-master-password-
                      security-bypass-bug/



              Critical updates for Microsoft Patch Tuesday may cause testing headaches - This is a huge month
              for Patch Tuesday as Microsoft attempts to address 93 unique vulnerabilities spanning Windows
              desktop and server platforms, Microsoft Office and core development tools. Without the pressure
              of a publicly reported vulnerability and with no Zero-days to urgently address, we recommend a
              measured pace of testing before deployment for the Windows and Office updates, with a more
              rapid pace for the IE and development tools patches. Do yourself a favor and reference this handy
              infographics on the status of each update group.

                      Source: https://www.computerworld.com/article/3432169/critical-updates-for-microsoft-
                      patch-tuesday-may-cause-testing-headaches.html
                                                    www.accumepartners.com
                                                                                                                    11