VDA Lock Down: July 11, 2019



  • Security News
  • Latest Vulnerabilities
  • Meet Us at Black Hat!Top Security News

Top Security News

GDPR Has Teeth!

The UK’s Information Commissioner’s Office (ICO) intends to impose a fine of $123MM on international hotel chain Marriott for last year’s data breach. The ICO is claiming that Marriott violated GDPR, which states that companies that collect or process an EU citizen’s data must meet certain data security requirements. Marriott is not the first to incur GDPR fines this year, also this week British Airways was fined $183MM for violating GDPR during their recent data breach. Gone are the days where a company can lose a customer’s PII and get a slap on the wrist.


Beyond Fileless Malware – Living off the Land

Security researchers at Microsoft used telemetry data from Windows Defender to expose and defeat a widespread fileless malware campaign using “live of the land” techniques – meaning using binaries that are baked into Windows, which ultimately launched a variation of Astaroth.

Are your network defenders looking for “live of the land” techniques? How would your organization detect these techniques?


Over 1/4 of UK Firms Hit With Malware

New research by a firm named Databarracks has found that over a quarter of UK businesses were impacted by ransomware during the course of 2018. The good news is that this is down from a peak of 29% during 2017, the year that WannaCry hit.


Recent Vulnerabilities

Zoom Mac Exploit Leads to Unexpected Conference Calls
Researchers unveiled an exploit for the Mac video conferencing software client Zoom this week that allowed malicious links to add a user to a video call without permission. This issue was discovered to be even worse than first thought when it was found that the Zoom client installed a local web server that remained installed after the Zoom program itself was uninstalled. This web server was able to automatically able to re-install the Zoom client and then be exploited by the malicious link. This left anyone who has ever used Zoom for conference calling vulnerable unless they upgraded the app to the latest version.

Apple found that this issue was serious enough that they took the step of deploying a silent OSX update (requiring no user interaction to install) to remove the hidden web server.

It is also rumored that there is a RCE vulnerability in the Zoom service that may or may not have been patched, so it is definitely recommended to update or uninstall Zoom to get protected.


Meet us at Black Hat!

Several members from the VDA team including Dr. DeMott will be at Black Hat next month and we would love to meet up.

If you would like to see us there, contact us via the link below and we will work something out!

Let’s meet at Black Hat!


Posted on

July 11, 2019