Security Newsletter
03 June 2019
Almost one million Windows systems vulnerable to BlueKeep (CVE-2019-0708)
Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP) - two weeks after Microsoft released the security patch.
Dubbed BlueKeep and tracked as CVE-2019-0708, the vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code and take control of a computer without requiring any interaction from a user.
An Internet scan performed a security researcher revealed that roughly 950,000 publicly accessible machines on the internet are still vulnerable to the BlueKeep bug. If exploited, the vulnerability could allow an attacker to cause havoc around the world, similar to what the WannaCry and NotPetya attacks did in 2017.
Read More on The Hacker News
Read More on ZDNet
 
CI build logs continue to expose company secrets
Security researchers are still finding secrets hidden deep inside continuous integration (CI) services, years after the issue became common knowledge. The purpose of CI is to find bugs as early as possible in the coding process and detect them before they're too deeply embedded into the rest of the project, at which point it may require extensive rewrites.
The most famous and widely used of all CI services is one called Travis CI, loved primarily due to its GitHub integration. Travis CI keeps logs of everything that happens, and one of the most important of these are a project's build log, which can sometimes include passwords, SSH keys, or API tokens.
A few years back, security researchers realized that they could comb Travis CI logs for API keys and other secrets, and report these issues to companies to receive bug bounties. Besides good-willed security researchers, threat actors also realized they could do the same, and some of them even launched attacks against Travis CI to search build logs in bulk and extract some of these secrets.
Read More on ZDNet
Read More on edoverflow.com
Kingred Group is growing, so does the Group Security team! We're looking for new talented professionals to come join us: Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. You can find all our open vacancies on our career page.
This content was created by Kindred Group Security. Please share if you enjoyed!
Kindred Group in brief
Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.
You can access the previous newsletters at https://news.infosecgur.us
If you no longer wish to receive this newsletter, you can unsubscribe from this list.