10-28

October 28, 2019

The Cyber WAR (Weekly Awareness Report) is an Open Source Intelligence AKA OSINT resource focusing on advancedpersistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime categorydirected at both business and political targets. Attack vectors include system compromise, social engineering, and eventraditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: Last Malware* Troj/HTMLDrp-DR* Troj/DocDl-WDS* Troj/DocDl-WDR* Troj/DocDl-WDQ* Troj/Tesla-E* Troj/TeslaAg-DM* Troj/Ransom-FRP* Troj/Trickbo-UJ* Troj/TeslaAg-DL* Troj/Spy-AXJ

Last PUAs* NirSoft ProduKey* LULU Software* CMSTP-UAC-Bypass* Strictor* KuaiZip* Browser Security* VKontakteDJ* RawDisk Driver* Segurazo* Adposhel

Interesting News

* Data collectorsAs we saw from the statistics, tech giants that collect and analyze data to show us targeted advertising are presentpractically everywhere in the world. And it is these companies that store the most data about people from all over the planet.

* * October is the Cybersecurity Awareness Month and is coming to a close. Stay safe the rest of the year. Here is a free120 page Cyber Intel Report (CIR) filled with a lot of good content including tutorials. Sownload it here. We have an activeFacebook group that discusses topics ranging from computer forensics to ethical hacking and more. Join the Cyber SecretsFacebook group here. If you would like to receive the CIR updates by email, Subscribe!

Index of Sections

Current News

* Packet Storm Security

* Krebs on Security

* Dark Reading

* The Hacker News

* Security Week

* Infosecurity Magazine

* Naked Security

* Quick Heal - Security Simplified

* Threat Post

The Hacker Corner:

* Security Conferences

* Zone-H Latest Published Website Defacements

Tools & Techniques

* Packet Storm Security Latest Published Tools

* Kali Linux Tutorials

* GBHackers Analysis

Exploits and Proof of Concepts

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

Packet Storm Security

* Security Researcher Gets Access To All Xiaomi Pet Feeders Around The World* Magecart Gang Targets Skin Care Site Visitors For 5+ Months* 2015 UniCredit Data Breach Affects 3 Million Italian Clients* The U.S. Army Didn't Even Use Tools It Bought From Hacking Team* Apple Removes 17 Malicious iOS Apps From App Store* RBS Pulls Samsung Galaxy S10 App Over Security Flaw* U.S. Senator Asks FTC To Probe Amazon Over Capital One Hack* White House Kicks Infosec Team To Curb In IT Office Shakeup* A Roundtable Of Hackers Dissect The Latest Episode Of Mr. Robot* Mozilla's Firefox 70 Is Out: Privacy Reports Reveal Whose Cookies Are Tracking You* Zuckerberg Grilled Over Libra Currency Plan By Congress* FTC Takes A Stand Against Stalker Apps* ATTK Of The Pwns: Trend Micro Antivirus Tools Will Run Malware* Gustuff Android Banker Switches Up Technical Approach* Magecart Group Linked To Dridex Banking Trojan, Carbanak* Assange Fails To Delay Extradition Hearing As Date Set For February* Czech Authorities Dismantle Alleged Russian Spy Network* EU Data Watchdog Raises Concerns Over MS Contracts* Russian Hackers Cloak Attacks Using Iranian Group* Researchers Find Stealthy MSSQL Server Backdoor* Leaky Autoclerk Database Exposes Info On Travelers* US Is Out Of The Picture In Syria-Turkey Crisis. Putin Now Owns This Mess.* The US Army Just Contracted With A UFO Group To Study Alien Alloys* Critical Linux Wi-Fi Bug Allows System Compromise* UC Browser Potentially Endangers 500 Million Users

Krebs on Security

* Cachet Financial Reeling from MyPayrollHR Fraud* Ransomware Hits B2B Payments Firm Billtrust* Avast, NordVPN Breaches Tied to Phantom User Accounts* When Card Shops Play Dirty, Consumers Win* "BriansClub" Hack Rescues 26M Stolen Cards* Patch Tuesday Lowdown, October 2019 Edition* Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany* German Cops Raid "Cyberbunker 2.0," Arrest 7 in Child Porn, Dark Web Market Sting* MyPayrollHR CEO Arrested, Admits to $70M Fraud* Interview With the Guy Who Tried to Frame Me for Heroin Possession

Dark Reading

* Database Error Exposes 7.5 Million Adobe Customer Records* New: The 2019 Security Buyer's Guide* 5 Things the Hoodie & the Hard Hat Need to Know About Each Other* Microsoft Office Bug Remains Top Malware Delivery Vector* Online Beauty Store Hit by Magecart Attack* Second Ransomware Attack Strikes Johannesburg* Building a Cybersecurity Culture: What's Love Got to Do With It?* Get Up to Speed on the Latest Cryptographic Techniques at Black Hat Europe* 4 Security Lessons Federal IT Pros Can Teach the Private Sector* 40% of Security Pros Job Hunting as Satisfaction Drops* FBI Expands Election Security Initiative* Apple Boots 17 Trojan-Laden Apps From Mobile Store* It's Time to Improve Website Identity Indicators, Not Remove Them* Eight-Hour DDoS Attack Struck AWS Customers* Mobile Users Targeted With Malware, Tracked by Advertisers* Why Organizations Must Quantify Cyber-Risk in Business Terms* Messing Around with IRS Scammers* Developers: The Cause of and Solution to Security's Biggest Problems* Poll Results: Smart Enterprises, Dumb Homes* FTC Warns Consumers About Stalking Apps

The Hacker News

* UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records* New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers* Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users* Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020* 42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student* How to Avoid the Top Three Causes of Data Breaches in 2019* New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites* Cynet's Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure* Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild* NordVPN Breach FAQ - What Happened and What's At Stake?* Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software* Chrome for Android Enables Site Isolation Security Feature for All Sites with Login* Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested* A Comprehensive Guide On How to Protect Your Websites From Hackers* Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers

Security Week

* Fortinet Acquires Endpoint Security Firm enSilo* Cloud Networking and Security Firm Aviatrix Raises $40 Million* City of Johannesburg Refuses to Pay Ransom to Hackers* 2,000 Georgia Websites Hit by Cyber Attacks* Millions Download Adware-Carrying Apps From Google Play* Data Breach at St. Louis Health Center Impacts up to 152,000* New Jersey Man Pleads Guilty to Hacker Attack Involving Hardware Keyloggers* US Senators Call for Security Probe of TikTok* Adobe Exposed Creative Cloud Customer Information* Pentagon Awards $10 Billion Cloud Contract to Microsoft, Snubbing Amazon* Palo Alto Networks Blames Tariffs for Firewall Price Hikes* Major Florida Health System Fined $2M for HIPPA Breach* The Threat to SoHo IoT Devices is Growing Rapidly* Raccoon Malware-as-a-Service Gains Momentum* United Nations Organizations Targeted in Ongoing Phishing Campaign* Researchers Warn of New Cache-Poisoned DoS Attack Method* Micron Launches Silicon-Based Security-as-a-Service Platform* Google Patches More High-Value Chrome Sandbox Escape Vulnerabilities* Researchers Analyze North Korea-Linked NukeSped RAT* Click-Fraud Trojan Found in Apple App Store

Infosecurity Magazine

* BBC News Goes Dark with Censor-Busting Tor Site* UniCredit Breach Affects Three Million Records* Millions of Adobe Customers Exposed in Privacy Snafu* Johannesburg Held to Ransom * Drivers' Data Exposed in 7-Eleven Fuel App Breach * US Proposes Legalizing Cybersecurity Tech Donations to Doctors* Senators Urge AWS Investigation After Capital One Breach* Ongoing Phishing Campaign is Targeting UN and NGOs* Man Pleads Guilty After Physically Deploying Keyloggers* Phishing Scam Nets Montana Healthcare Service * Study Reveals the Worst State for Online Privacy * Lack of Diversity Persists in Cybersecurity

Naked Security

* Adobe database exposes 7.5 million Creative Cloud users* Ransomware with a difference as hackers threaten to release city data* TikTok says no, senators, we're not under China's thumb* New BBC 'dark web' Tor mirror site aims to beat censorship* Crypto Capital boss arrested over money laundering* Monday review - the hot 21 stories of the week* Firefox Privacy Protection makes website trackers visible* Keylogging data vampire pleads guilty to bleeding two companies* Phishers strike at mobile wellness app company* S2 Ep14: Samsung fingerprint fail, mystery black boxes and invisible Android apps - Naked Security Podcast

Quick Heal - Security Simplified

* This Diwali, gift your loved ones digital security for life!* How to protect yourself from becoming victim of UPI frauds?* Which Antivirus to choose for protecting my Android phone?* Quick Heal reports 29 malicious apps with 10 million+ downloads on Google Play Store* Trivia! 5 things you never imagined could be hacked by cyber criminals* The Free Mobile Anti-virus you are using can be a Fake!* Teacher's Day Special - Things that teachers must know about their students to make them cyber safe* PowerShell: Living off the land!* Cybersquatting and Typosquatting victimizing innocent customers and brands* Phishers using custom 404 Not Found error page to steal Microsoft credentials

Threat Post

* PHP Bug Allows Remote Code-Execution on NGINX Servers* Magecart Gang Targets Skin Care Site Visitors For 5+ Months* Cybercriminals Impersonate Russian APT 'Fancy Bear' to Launch DDoS Attacks* Is AWS Liable in Capital One Breach?* U.N., UNICEF, Red Cross Under Ongoing Mobile Attack* News Wrap: Hotel Robot Hacks, FTC Stalkerware Crackdown* Ransomware, Mobile Malware Attacks to Surge in 2020* 7M Adobe Creative Cloud Users Exposed to Hackers* Religious Website Data Exposed for Months* Raccoon Malware Scavenges 100,000+ Devices to Steal Data

The Hacker Corner

Conferences

* Advertising Landing Page Copy/Form* Apply: FREE 6 Month InfoSec Speaking Plan* Apply: FREE 6 Month InfoSec Speaking Plan* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)* 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy* An Interview with Jack Daniel: Co-Founder of BSides!

Latest Website Defacements

* https://varresai.rj.gov.br* https://apiaca.es.gov.br* https://aperibe.rj.gov.br* https://www.porciuncula.rj.gov.br* http://sipp.pn-sungguminasa.go.id/ws.txt* http://eskum.pn-sungguminasa.go.id/ws.txt* http://vkoropets-rada.gov.ua/elf.php* http://corpamag.gov.co/krd.html* https://www.towong.vic.gov.au/lul.html* http://foto.demokrat.or.id/id.html* http://fpd.demokrat.or.id/id.html* http://bapemas.pacitankab.go.id* http://www.cosqc.gov.iq* http://essti.gov.et/krd.html* http://dispusip.jakarta.go.id/jdih/repository/984cceddd589ed0a58cf1eb882b2d91d.txt* http://pkpt.litbang.pu.go.id/perpustakaan/repository/dx.txt* http://perpustakaan.pt-medan.go.id/repository/dx.txt* http://www.pt-makassar.go.id/perpustakaan/repository/dx.txt* http://lasvigas.gob.mx//.tmb/* http://totutla.gob.mx/.tmb/

Tools & Techniques

Packet Storm Security Tools Links

* I2P 0.9.43* Wireshark Analyzer 3.0.6* Suricata IDPE 5.0.0* GRR 3.3.0.8* OpenSSH 8.1p1* Faraday 3.9.2* Zeek 3.0.0 (Formerly Known As Bro)* WhatWeb Scanner 0.5.0* Clam AntiVirus Toolkit 0.102.0* PDFGrab 0.4.4

Kali Linux Tutorials

* JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy OfDifferent Websites* Arjun : HTTP Parameter Discovery Suite* HomePWN : Swiss Army Knife for Pentesting of IoT Devices* Femida : Automated blind-XSS Search For Burp Suite* Slither : Static Analyzer for Solidity* AutoMacTC : Automated Mac Forensic Triage Collector* Password Lense: Reveal Character Types In A Password* Snare : Super Next Generation Advanced Reactive HonEypot* Osmedeus - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning* Uac-A-Mola : Tool For Security Researchers To Investigate New UAC Bypasses

GBHackers Analysis

* PHP7 Remote Code Execution Bug Let Hackers Hijack Websites Running On NGINX Servers* Russian Turla APT Group Hacked Iranian APT C2 Server For Backdoor Access To Expand The Cyber Attack* The Student's Guide to Cyber Security - 9 Top Tips to Prevent Yourself From Hackers* Critical Wi-Fi Bug In Linux Let Hackers Take Complete Control and Crash The System Remotely* Authentication Bypass Vulnerability in Cisco REST API Let Hackers Take Control of Cisco Routers Remotely

Proof of Concept (PoC) & Exploits

Packet Storm Security

* AUO SunVeillance Monitoring System 1.1.9e SQL Injection* AUO SunVeillance Monitoring System 1.1.9e Incorrect Access Control* PHP-FPM Remote Code Execution* Rusty Joomla Unauthenticated Remote Code Execution* Solaris xscreensaver Privilege Escalation* Linux Polkit pkexec Helper PTRACE_TRACEME Local Root* WordPress Sliced Invoices 3.8.2 SQL Injection* WordPress Sliced Invoices 3.8.2 Cross Site Scripting* IObit Uninstaller 9.1.0.8 IObitUnSvr Unquoted Service Path* Rocket.Chat 2.1.0 Cross Site Scripting* Moxa EDR-810 Command Injection / Information Disclosure* Xorg X11 Server SUID modulepath Privilege Escalation* Total.js CMS 12 Widget JavaScript Code Injection* Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 Remote Code Execution* WinRAR 5.80 Memory Corruption* NASA NODIS Cross Site Scripting* Sangoma SBC 2.3.23-119-GA Authentication Bypass* Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation* WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF* Android Binder Use-After-Free* Restaurant Management System 1.0 Shell Upload* VIM 8.1.2135 Use-After-Free* ThinVNC 1.0b1 Authentication Bypass* WordPress Popup Builder 3.49 Cross Site Scripting* VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass

Proof of Concept (PoC) & Exploits

Exploit Database

* [dos] WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed* [local] ChaosPro 2.0 - Buffer Overflow (SEH)* [webapps] delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection* [local] JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path* [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting* [webapps] Part-DB 0.4 - Authentication Bypass* [webapps] waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection* [webapps] Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery* [webapps] ClonOs WEB UI 19.09 - Improper Access Control* [local] Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)* [webapps] AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection* [webapps] AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control* [webapps] Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection* [webapps] Joomla! 3.4.6 - Remote Code Execution (Metasploit)* [local] IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path* [webapps] Rocket.Chat 2.1.0 - Cross-Site Scripting* [remote] Moxa EDR-810 - Command Injection / Information Disclosure* [remote] Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)* [local] Solaris 11.4 - xscreensaver Privilege Escalation* [dos] Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream(2)* [local] Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution* [dos] winrar 5.80 64bit - Denial of Service* [webapps] Joomla! 3.4.6 - Remote Code Execution* [local] WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path* [local] Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path

AdvisoriesUS-Cert Alerts & bulletins

* AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* Vulnerability Summary for the Week of October 21, 2019* Vulnerability Summary for the Week of October 14, 2019* Vulnerability Summary for the Week of October 7, 2019

Symantec - Latest List

* IBM Cloud Orchestrator CVE-2019-4397 Information Disclosure Vulnerability* QEMU CVE-2019-12067 Null Pointer Dereference Denial of Service Vulnerability* Multiple IBM Products CVE-2019-4400 Directory Traversal Vulnerability* IBM Cloud Orchestrator CVE-2019-4398 Local Information Disclosure Vulnerability* Multiple IBM Products CVE-2019-4459 Cross Site Scripting Vulnerability* IBM API Connect CVE-2019-4600 Information Disclosure Vulnerability* Cisco Firepower Management Center Multiple Remote Code Execution Vulnerabilities* Cisco Firepower Management Center CVE-2019-12690 Command Injection Vulnerability* IBM Security Guardium Big Data Intelligence CVE-2019-4330 Information Disclosure Vulnerability* Libexpat Expat CVE-2019-15903 Heap Buffer Overflow Vulnerability* Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities* Honeywell IP-AK2 CVE-2019-13525 Information Disclosure Vulnerability* MongoDB Server CVE-2019-2390 Remote Code Execution Vulnerability* Rittal Chiller ICSA-19-297-01 Authentication Bypass and Hardcoded Credentials Vulnerabilities* IBM Security Guardium Big Data Intelligence CVE-2019-4314 Information Disclosure Vulnerability* VMware vCenter Server Appliance Multiple Information Disclosure Vulnerabilities* Mozilla Firefox ESR CVE-2019-11758 Memory Corruption Vulnerability* IBM Security Guardium Big Data Intelligence CVE-2019-4306 Security Bypass Vulnerability* IBM Security Guardium Big Data Intelligence CVE-2019-4311 Information Disclosure Vulnerability* Moxa IKS and EDS ICSA-19-057-01 Multiple Security Vulnerabilities* IBM Security Guardium Big Data Intelligence CVE-2019-4309 Hardcoded Credentials Vulnerability* NixOS Nix CVE-2019-17365 Local Privilege Escalation Vulnerability* GNU Guix CVE-2019-18192 Local Privilege Escalation Vulnerability* Elasticsearch CVE-2019-7619 Information Disclosure Vulnerability* Multiple VMware Products CVE-2019-5536 Denial of Service Vulnerability* Cloud Foundry UAA CVE-2019-11282 Information Disclosure Vulnerability

AdvisoriesPacket Storm Security - Latest List

Red Hat Security Advisory 2019-3205-01Red Hat Security Advisory 2019-3205-01 - The sudo packages contain the sudo utility which allows systemadministrators to provide certain users with the permission to execute privileged commands, which are used forsystem management purposes, without having to log in as root. A privilege escalation issue was addressed.Red Hat Security Advisory 2019-3204-01Red Hat Security Advisory 2019-3204-01 - The sudo packages contain the sudo utility which allows systemadministrators to provide certain users with the permission to execute privileged commands, which are used forsystem management purposes, without having to log in as root. A privilege escalation issue was addressed.Red Hat Security Advisory 2019-3203-01Red Hat Security Advisory 2019-3203-01 - Ansible is a simple model-driven configuration management,multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require anysoftware or daemons to be installed on remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically. An incomplete fix for CVE-2019-10206 and a secretdisclosure issue were both addressed.Red Hat Security Advisory 2019-3202-01Red Hat Security Advisory 2019-3202-01 - Ansible is a simple model-driven configuration management,multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require anysoftware or daemons to be installed on remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically. An incomplete fix for CVE-2019-10206 and a secretdisclosure issue were both addressed.Red Hat Security Advisory 2019-3201-01Red Hat Security Advisory 2019-3201-01 - Ansible is a simple model-driven configuration management,multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require anysoftware or daemons to be installed on remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically. An incomplete fix for CVE-2019-10206 and a secretdisclosure issue were both addressed.Red Hat Security Advisory 2019-3197-01Red Hat Security Advisory 2019-3197-01 - The sudo packages contain the sudo utility which allows systemadministrators to provide certain users with the permission to execute privileged commands, which are used forsystem management purposes, without having to log in as root. A privilege escalation issue was addressed.Red Hat Security Advisory 2019-3200-01Red Hat Security Advisory 2019-3200-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offersa distributed backbone that allows microservices and other applications to share data with extremely highthroughput and extremely low latency. This release of Red Hat AMQ Streams 1.3.0 serves as a replacementfor Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. Polymorphic typingissues have been addressed.Red Hat Security Advisory 2019-3196-01

Red Hat Security Advisory 2019-3196-01 - Mozilla Firefox is an open-source web browser, designed forstandards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR.Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.Red Hat Security Advisory 2019-2769-01Red Hat Security Advisory 2019-2769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. This advisorycontains RPM packages for Red Hat OpenShift Container Platform 3.9, which have been rebuilt with anupdated version of golang. Issues addressed include unbounded memory growth.Ubuntu Security Notice USN-4165-1Ubuntu Security Notice 4165-1 - Multiple security issues were discovered in Firefox. If a user were tricked in toopening a specially crafted website, an attacker could potentially exploit these to cause a denial of service,bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, bypasscontent security policy protections, or execute arbitrary code.Fujitsu Wireless Keyboard Set LX390 Keystroke InjectionSySS GmbH found out that the wireless desktop set Fujitsu LX390 is vulnerable to keystroke injection attacksas the used data communication is unencrypted and unauthenticated.Fujitsu Wireless Keyboard Set LX390 Missing EncryptionSySS GmbH found out that the wireless desktop set Fujitsu LX390 does not use encryption for transmittingdata packets containing keyboard events like keystrokes.Fujitsu Wireless Keyboard Set LX390 Replay AttacksSySS GmbH found out that the wireless keyboard Fujitsu LX390 is prone to replay attacks. An attacker cansimply sniff the data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USBdongle) and replay the recorded communication data at will causing the same effect as the original datacommunication. A replay attack against the keyboard can, for example, be used to gain unauthorized access toa computer system that is operated with a vulnerable Fujitsu LX390 keyboard. In this attack scenario, anattacker records the radio communication during a password-based user authentication of his or her victim, forinstance during a login to the operating system or during unlocking a screen lock. At an opportune momentwhen the victim's computer system is unattended, the attacker approaches the victim's computer and replaysthe previously recorded data communication for the password-based user authentication and thereby getsunauthorized access to the victim's system.Kernel Live Patch Security Notice LSN-0058-1It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attackercould possibly use this to cause a denial of service (system crash). It was discovered that a use-after-free errorexisted in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A localattacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.Various other issues were also addressed.Red Hat Security Advisory 2019-3193-01Red Hat Security Advisory 2019-3193-01 - Mozilla Firefox is an open-source web browser, designed forstandards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR.Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.Red Hat Security Advisory 2019-3187-01Red Hat Security Advisory 2019-3187-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. BR/EDR encryption key negotiation attacks were addressed.Ubuntu Security Notice USN-4162-2Ubuntu Security Notice 4162-2 - USN-4162-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS.This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems forUbuntu 14.04 ESM. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handledetach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could usethis to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

Slackware Security Advisory - mozilla-firefox UpdatesSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fixsecurity issues. Ubuntu Security Notice USN-4163-2Ubuntu Security Notice 4163-2 - USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS.This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driverfor the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial ofservice. Various other issues were also addressed.Ubuntu Security Notice USN-4164-1Ubuntu Security Notice 4164-1 - It was discovered that Libxslt incorrectly handled certain documents. Anattacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. Itwas discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue toexecute arbitrary code.Red Hat Security Advisory 2019-3179-01Red Hat Security Advisory 2019-3179-01 - KVM is a full virtualization solution for Linux on a variety ofarchitectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machinesthat use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow andnull pointer vulnerabilities.Red Hat Security Advisory 2019-3172-01Red Hat Security Advisory 2019-3172-01 - Red Hat Satellite is a systems management tool for Linux-basedinfrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deploymentswith a single centralized tool. Issues addressed include bypass, denial of service, and information leakagevulnerabilities.Red Hat Security Advisory 2019-3170-01Red Hat Security Advisory 2019-3170-01 - Python is an interpreted, interactive, object-oriented programminglanguage, which includes modules, classes, exceptions, very high level dynamic data types and dynamictyping. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Issues addressed include an information leakage vulnerability.Red Hat Security Advisory 2019-3168-01Red Hat Security Advisory 2019-3168-01 - The wget packages provide the GNU Wget file retrieval utility forHTTP, HTTPS, and FTP protocols. Issues addressed include a buffer overflow vulnerability.

https://www.informationwarfarecenter.com