09-16

September 16, 2019

The Cyber WAR (Weekly Awareness Report) is an Open Source Intelligence AKA OSINT resource focusing on advancedpersistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime categorydirected at both business and political targets. Attack vectors include system compromise, social engineering, and eventraditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: Last Malware* Troj/MSIL-MUU* Troj/Fareit-IWV* Troj/Agent-BCPJ* VBS/Dwnldr-YUI* Troj/Zbot-NPE* Troj/Phish-FZK* Troj/HawkEye-XY* Troj/EncDoc-ND* Troj/EncDoc-NC* Troj/DNetInj-GX

Last PUAs* Bitcoin Miner* XMRig Miner* YeehBar* WinFixer* Techsnab* Strictor* Softcnapp* PC Accelerate* OxyPumper* Neoreklami

Interesting News

* This is what our summer's likeFor the second summer straight, we cover the children's interests during the period when they have enough leisure to givethemselves full time to their hobbies.

* * The Cyber Intelligence Report has a brand new look and the 2019 Quarter 4 issue will be released the begining October. There are some great walkthroughs inside you shouldn't miss. We have an active Facebook group that discusses topicsranging from computer forensics to ethical hacking and more. Join the Cyber Secrets Facebook group here. If you wouldlike to receive the CIR updates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Krebs on Security

* Dark Reading

* The Hacker News

* Security Week

* Infosecurity Magazine

* Naked Security

* Quick Heal - Security Simplified

* Threat Post

The Hacker Corner:

* Security Conferences

* Zone-H Latest Published Website Defacements

Tools & Techniques

* Packet Storm Security Latest Published Tools

* Kali Linux Tutorials

* GBHackers Analysis

Exploits and Proof of Concepts

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

Packet Storm Security

* Personal Data From Entire 16.6M Population Of Ecuador Leaked Online* Uber Confirms Account Takeover Vulnerability* iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts* 198M Records Of Prospective Auto Buyers Leaked* LastPass Bug Leaks Credentials From Previous Site* Instagram Fixed Flaw That Links Account Info To PII* France To Block Facebook's Libra Cryptocurrency In Europe* InnfiRAT Malware Lurks To Steal Cryptocurrency Wallet Data* Infosec Duo Cuffed After Physically Breaking Into Courthouse During IT Security Assessment* New Simjacker Attack Exploited In The Wild To Track Users For At Least Two Years* Major Fraud Scheme Exposed By Insecure Database* UNICEF Leaks Personal Data Of 8,000 Users Via Email Blunder* Fin7 Operator Pleads Guilty To Two Counts* Weakness In Intel Chips Lets Researchers Steal Encrypted SSH Keystrokes* Suspected Commonwealth Games DDoS Was Only A Fortnite Update* Secret Service Probing Breach At Federal IT Contractor* 281 People Indicted In Massive Email Fraud Scheme* The Cyberwar In Yemen* Ransomware Disrupts Illinois School District's Systems* 51 Tech CEOs Send Open Letter To Congress Asking For A Federal Data Privacy Law* Now You Have To Jump Through Extra Hoops To Get Money From The Equifax Hack* Apple, Angry At Google, Hits Back At Hack Claims* Telnet Backdoor Opens More Than 1M IoT Radios To Hijack* Brain Hack Devices Must Be Scrutinized, Say Top Scientists* Researchers Expose Another Instance Of Chrome Patch Gapping

Krebs on Security

* NY Payroll Company Vanishes With $35 Million* Patch Tuesday, September 2019 Edition* Secret Service Investigates Breach at U.S. Govt IT Contractor* 'Satori' IoT Botnet Operator Pleads Guilty* Spam In your Calendar? Here's What to Do.* Feds Allege Adconion Employees Hijacked IP Addresses for Spamming* Phishers are Angling for Your Cloud Providers* Ransomware Bites Dental Data Backup Firm* Cybersecurity Firm Imperva Discloses Breach* Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Dark Reading

* Data Leak Affects Most of Ecuador's Population* Preventing PTSD and Burnout for Cybersecurity Professionals* Malware Linked to Ryuk Targets Financial & Military Data* US Sanctions 3 Cyberattack Groups Tied to DPRK* 6 Questions to Ask Once You've Learned of a Breach * No Quick Fix for Security-Worker Shortfall* Taking a Fresh Look at Security Ops: 10 Tips * Escaping Email: Unlocking Message Security for SMS, WhatsApp* Instagram Bug Put User Account Details, Phone Numbers at Risk* Indictments Do Little to Stop Iranian Group from New Attacks on Universities* North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants* Security Leaders Share Tips for Boardroom Chats* A Definitive Guide to Crowdsourced Vulnerability Management * NetCAT Vulnerability Is Out of the Bag* APIs Get Their Own Top 10 Security List* The Fight Against Synthetic Identity Fraud* Community Projects Highlight Need for Security Volunteers* Proposed Browser Security Guidelines Would Mean More Work for IT Teams* Fed Kaspersky Ban Made Permanent by New Rules* 281 Arrested in International BEC Takedown

The Hacker News

* WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users* How Cloud-Based Automation Can Keep Business Operations Secure* US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks* Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug* New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS* WebARX — A Defensive Core For Your Website* Popular Period Tracking Apps Share Your Sexual Health Data With Facebook* NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs* CISO Kit — Breach Protection in the Palm of Your Hand* Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78* Mozilla Launches 'Firefox Private Network' VPN Service as a Browser Extension* Hundreds of BEC Scammers Arrested in Nigeria and U.S. — $3.7 Million Recovered* Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client* Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext* Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

Security Week

* Snowden Says He Would Return to US If He Can Get a Fair Trial* Saudi Attacks Expose Threat to Critical Infrastructure* LastPass Patches Bug Leaking Last-Used Credentials* Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks* Securing the 2020 Elections From Multifarious Threats* Recycled Source Code Used to Create New MobiHok Android RAT* Tor Raises $86K to Smash Bugs* Hundreds Laid Off by Symantec as Part of Restructuring Plan* Snowden Says Would Like French Asylum* UK Teen Arrested in US-Led Music Hacking Probe* Ohio Gamer Sentenced to 15 Months Prison in 'Swatting' Case* Car Dealer Marketing Firm Exposed 198 Million Data Records* US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts* Arizona Schools Provide Model for Managing Ransomware* Shape Security Raises $51 Million at $1 Billion Valuation* WiryJMPer Dropper Employs Heavy Obfuscation to Deliver Netwire* Sophos Makes Sandboxie Free in Transition to Open Source* IBM Launches z15 Mainframe With New Data Protection Capabilities* Netanyahu, Trump Deny Report of Israeli Spying Near White House* Ukrainian Man Pleads Guilty to Hacking, Wire Fraud Charges

Infosecurity Magazine

* Chicago Broker Fined $1.5m for Inadequate Cybersecurity * Israeli Cops Arrest Cyber Surveillance Vendor's Employees* US Slaps Sanctions on Three North Korean Cyber Groups * UK's Environmental Agencies Lose Hundreds of Devices* Symantec Axes Hundreds of US Jobs* Cybersecurity Firm Employees Charged with Burglary of Courthouse Client * MSOE Opens Cyber-Learning Center Built with $34m Alumnus Donation* #44CON: GPS Trackers Hacked to Make Premium Rate Calls* #44CON: Establishing a Mental Health Toolbox* Marketer Exposes 198 Million Car Buyer Records* Iranian Threat Group Targets 380 Global Universities* Mirai and SMB Attacks Dominate 1H 2019

Naked Security

* iPhone lockscreen bypass: iOS 13 tricked into showing your contacts* Google fixes Chromebook 2FA flaw in 'built-in security key'* Simjacker silent phone hack could affect a billion users* Tiny Pacific nation forges ahead with national cryptocurrency* Monday review - the hot 23 stories of the week* Just how private are your browsing habits?* Intel: SSH-stealing NetCAT bug not really a problem* Leaky database full of fake Groupon emails turns out to belong to crooks* Mozilla Private Network VPN gives Firefox another privacy boost* Fin7 sysadmin pleads guilty to running IT for billion-dollar crime syndicate

Quick Heal - Security Simplified

* Trivia! 5 things you never imagined could be hacked by cyber criminals* The Free Mobile Anti-virus you are using can be a Fake!* Teacher's Day Special - Things that teachers must know about their students to make them cyber safe* PowerShell: Living off the land!* Cybersquatting and Typosquatting victimizing innocent customers and brands* Phishers using custom 404 Not Found error page to steal Microsoft credentials* Alert! 27 apps found on Google Play Store that prompt you to install Fake Google Play Store* Alert! Income tax refund SMS - Newest way of conducting bank fraud by cyber criminals* Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners* MegaCortex Returns…

Threat Post

* Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs* U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks* New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware* WordPress XSS Bug Allows Drive-By Code Execution* iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts* Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks* North Korean Spear-Phishing Attack Targets U.S. Firms* News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit* Cybercriminals Adding Sophistication to BEC Threats* Library-Themed University Phishing Attack Expands to Massive Scale

The Hacker Corner

Conferences

* Advertising Landing Page Copy/Form* Apply: FREE 6 Month InfoSec Speaking Plan* Apply: FREE 6 Month InfoSec Speaking Plan* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)* 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy* An Interview with Jack Daniel: Co-Founder of BSides!

Latest Website Defacements

* http://dnacpn.gouv.ml/rx.html* http://uyd.yb.gov.ng/virusa.html* http://www.tspa.gov.in* http://ehajira.gov.bd/rx.html* http://www.pn-majene.go.id/lolz.html* http://www.equipement.gouv.ne/gsh.html* http://www.dppc.gov.et* http://desasurojoyo.magelangkab.go.id/index.php* http://desasumberejo.magelangkab.go.id/index.php* http://desasumurarum.magelangkab.go.id/index.php* http://desasumberarum.magelangkab.go.id/index.php* http://desawuwuharjo.magelangkab.go.id* http://desawadas.magelangkab.go.id* http://desatugurejo.magelangkab.go.id* http://desawringinputih.magelangkab.go.id* http://desatersangede.magelangkab.go.id* http://desatempurejo.magelangkab.go.id* http://desawonokerto.magelangkab.go.id* http://desatejosari.magelangkab.go.id* http://desategalrejo.magelangkab.go.id

Tools & Techniques

Packet Storm Security Tools Links

* Wireshark Analyzer 3.0.4* OpenSSL Toolkit 1.1.1d* Wapiti Web Application Vulnerability Scanner 3.0.2* SQLMAP - Automatic SQL Injection Tool 1.3.9* SSLsplit 0.5.5* Bro Network Security Monitor 2.6.4* I2P 0.9.42* Tinc Virtual Private Network Daemon 1.0.36* Haveged 1.9.6* Clam AntiVirus Toolkit 0.101.4

Kali Linux Tutorials

* GitGraber : Monitor GitHub To Search & Find Sensitive Data* FileGPS : A Tool That Help You To Guess How Your Shell Was Renamed* ActiveReign : A Network Enumeration & Attack Toolset* Revshellgen : Reverse Shell Generator Written In Python* LMYN : Lets Map Your Network To Visualise Your Physical Network* OpenCti : Open Cyber Threat Intelligence Platform* BlackArch Linux - Penetration Testing Distribution* Phishing Simulation : Increase Phishing Awareness By Providing An Intuitive Tutorial & CustomizedAssessment* PingCastle : Get Active Directory Security At 80% In 20% Of The Time* Mondoo : Native Security & Vulnerability Risk Management

GBHackers Analysis

* Vulnerability in Exim Mail Server Let Hackers Gain Root Access Remotely From 5 Million Email Servers* Twitter CEO Jack Dorsey Account Hacked using Sim Swapping Attack* A Critical Vulnerability in Tesla Model S Let Hackers Clone The Car Key Within 2 Seconds & Steal Car* Critical Remote Code Execution Vulnerability in DHCP Client Let Hackers Take Control of the Network* Unpatched RCE Vulnerability in LibreOffice Let Hackers Take Complete Control Of Your Computer

Proof of Concept (PoC) & Exploits

Packet Storm Security

* LastPass Credential Leak From Previous Site* Inteno IOPSYS Gateway 3DES Key Extraction Improper Access* docPrint Pro 8.0 SEH Buffer Overflow* AppXSvc 17763.1.amd64fre.rs5_release.180914-1434 Privilege Escalation* Webmin 1.920 Remote Code Execution* College-Management-System 1.2 Authentication Bypass* Ticket-Booking 1.4 Authentication Bypass* Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting* phpMyAdmin 4.9.0.1 Cross Site Request Forgery* Dolibarr ERP-CRM 10.0.1 Cross Site Scripting* Folder Lock 7.7.9 Denial Of Service* FTPShell Client 6.74 Buffer Overflow* LimeSurvey 3.17.13 Cross Site Scripting* Generic Zip Slip Traversal* Opencart 2.3.0.2 Pre-Auth Remote Command Execution* Microsoft DirectWrite sfac_GetSbitBitmap Out-Of-Bounds Read* Microsoft DirectWrite SplicePixel Invalid Read* eWON Flexy 13.0 Authentication Bypass* OpenEdx Ironwood.1 Cross Site Scripting* WordPress SlickQuiz 1.3.7.1 SQL Injection* WordPress SlickQuiz 1.3.7.1 Cross Site Scripting* AVCON6 Systems Management Platform Remote Root* WordPress Checklist 1.1.5 Cross Site Scripting* WordPress Photo Gallery 1.5.34 Cross Site Scripting* WordPress Photo Gallery 1.5.34 SQL Injection

Proof of Concept (PoC) & Exploits

Exploit Database

* [local] docPrint Pro 8.0 - SEH Buffer Overflow* [webapps] Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload* [remote] Inteno IOPSYS Gateway - Improper Access Restrictions* [local] AppXSvc - Privilege Escalation* [webapps] College-Management-System 1.2 - Authentication Bypass* [webapps] Ticket-Booking 1.4 - Authentication Bypass* [webapps] LimeSurvey 3.17.13 - Cross-Site Scripting* [webapps] phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery* [webapps] Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting* [dos] Folder Lock 7.7.9 - Denial of Service* [dos] Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts* [dos] Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts* [webapps] eWON Flexy - Authentication Bypass* [webapps] AVCON6 systems management platform - OGNL Remote Command Execution* [local] Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)* [local] Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)* [remote] October CMS - Upload Protection Bypass Code Execution (Metasploit)* [remote] LibreNMS - Collectd Command Injection (Metasploit)* [webapps] WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)* [webapps] WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting* [webapps] WordPress Plugin Photo Gallery 1.5.34 - SQL Injection* [webapps] Dolibarr ERP-CRM 10.0.1 - SQL Injection* [webapps] WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting* [webapps] Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure* [webapps] Online Appointment - SQL Injection

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* AA19-024A: DNS Infrastructure Hijacking Campaign* Vulnerability Summary for the Week of September 2, 2019* Vulnerability Summary for the Week of August 26, 2019* Vulnerability Summary for the Week of August 19, 2019

Symantec - Latest List

* Microsoft Windows CVE-2019-1215 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability* Microsoft SharePoint CVE-2019-1296 Remote Code Execution Vulnerability* Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability* Microsoft Excel CVE-2019-1297 Remote Code Execution Vulnerability* Microsoft SharePoint CVE-2019-1295 Remote Code Execution Vulnerability* Microsoft Windows Secure Boot CVE-2019-1294 Local Security Bypass Vulnerability* Microsoft Windows LNK CVE-2019-1280 Remote Code Execution Vulnerability* Microsoft Winlogon CVE-2019-1268 Local Privilege Escalation Vulnerability* Microsoft Compatibility Appraiser CVE-2019-1267 Local Privilege Escalation Vulnerability* Microsoft Exchange Server CVE-2019-1266 Spoofing Vulnerability* Microsoft Yammer CVE-2019-1265 Security Bypass Vulnerability* Microsoft Office CVE-2019-1264 Security Bypass Vulnerability* Microsoft Excel CVE-2019-1263 Information Disclosure Vulnerability* Microsoft Office SharePoint CVE-2019-1262 Cross Site Scripting Vulnerability* Microsoft SharePoint CVE-2019-1261 Spoofing Vulnerability* Microsoft SharePoint CVE-2019-1260 Remote Privilege Escalation Vulnerability* Microsoft SharePoint CVE-2019-1259 Spoofing Vulnerability* Microsoft SharePoint CVE-2019-1257 Remote Code Execution Vulnerability* Microsoft Windows Text Service Framework CVE-2019-1235 Local Privilege Escalation Vulnerability* Microsoft Exchange CVE-2019-1233 Remote Denial of Service Vulnerability* Microsoft Windows Diagnostics Hub CVE-2019-1232 Local Privilege Escalation Vulnerability* Microsoft Rome SDK CVE-2019-1231 Information Disclosure Vulnerability* Microsoft ASP.NET Core CVE-2019-1302 Remote Privilege Escalation Vulnerability* Microsoft Lync CVE-2019-1209 Information Disclosure Vulnerability* Microsoft .NET Core CVE-2019-1301 Denial of Service Vulnerability

AdvisoriesPacket Storm Security - Latest List

Debian Security Advisory 4523-1Debian Linux Security Advisory 4523-1 - Multiple security issues have been found in Thunderbird which couldpotentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covertcontent attack on S/MIME encryption using a crafted multipart/alternative message.Red Hat Security Advisory 2019-2774-01Red Hat Security Advisory 2019-2774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.9.0. Issues addressed include cross site scripting anduse-after-free vulnerabilities.Ubuntu Security Notice USN-4134-1Ubuntu Security Notice 4134-1 - Simon McVittie discovered that IBus did not enforce appropriate accesscontrols on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address ofanother user could exploit this to capture the key strokes of the other user.Ubuntu Security Notice USN-4133-1Ubuntu Security Notice 4133-1 - It was discovered that Wireshark improperly handled certain input. A remote orlocal attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincingsomeone to read a malformed packet trace file.Debian Security Advisory 4522-1Debian Linux Security Advisory 4522-1 - Multiple vulnerabilities have been discovered in faad2, the FreewareAdvanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, orpotentially execute arbitrary code if crafted MPEG AAC files are processed.Ubuntu Security Notice USN-4129-2Ubuntu Security Notice 4129-2 - USN-4129-1 fixed a vulnerability in curl. This update provides thecorresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Thomas Vegas discovered that curl incorrectlyhandled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in adenial of service, or possibly execute arbitrary code. Various other issues were also addressed.Ubuntu Security Notice USN-4132-2Ubuntu Security Notice 4132-2 - USN-4132-1 fixed a vulnerability in Expat. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectlyhandled certain XML files. An attacker could possibly use this issue to expose sensitive information.Ubuntu Security Notice USN-4132-1Ubuntu Security Notice 4132-1 - It was discovered that Expat incorrectly handled certain XML files. An attackercould possibly use this issue to expose sensitive information.Red Hat Security Advisory 2019-2766-01Red Hat Security Advisory 2019-2766-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. This advisorycontains updated container images for multus-cni, operator-lifecycle-manager, and operator-registry in Red HatOpenShift Container Platform 4.1.15. Each of these container images includes gRPC, which has been updated

with the fixes for unbounded memory growth issues.Red Hat Security Advisory 2019-2756-01Red Hat Security Advisory 2019-2756-01 - The flash-plugin package contains a Mozilla Firefox compatibleAdobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.255. Issuesaddressed include a code execution vulnerability.Red Hat Security Advisory 2019-2746-01Red Hat Security Advisory 2019-2746-01 - nginx is a web and proxy server supporting HTTP and otherprotocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include adenial of service vulnerability.Red Hat Security Advisory 2019-2745-01Red Hat Security Advisory 2019-2745-01 - nginx is a web and proxy server supporting HTTP and otherprotocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include adenial of service vulnerability.Red Hat Security Advisory 2019-2743-01Red Hat Security Advisory 2019-2743-01 - The jackson-databind package provides general data-bindingfunctionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include a codeexecution vulnerability.Slackware Security Advisory - mozilla-thunderbird UpdatesSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -currentto fix security issues. Slackware Security Advisory - openssl UpdatesSlackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fixsecurity issues. Slackware Security Advisory - curl UpdatesSlackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current tofix security issues. Ubuntu Security Notice USN-4130-1Ubuntu Security Notice 4130-1 - A large number of security issues were discovered in the WebKitGTK+ Weband JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploita variety of issues related to web browser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution.Ubuntu Security Notice USN-4131-1Ubuntu Security Notice 4131-1 - It was discovered that VLC incorrectly handled certain media files. If a userwere tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash,resulting in a denial of service, or possibly execute arbitrary code.Red Hat Security Advisory 2019-2741-01Red Hat Security Advisory 2019-2741-01 - The kernel-rt packages provide the Real Time Linux Kernel, whichenables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bufferoverflow, bypass, denial of service, heap overflow, and use-after-free vulnerabilities.Red Hat Security Advisory 2019-2736-01Red Hat Security Advisory 2019-2736-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include denial of service and null pointer vulnerabilities.Red Hat Security Advisory 2019-2690-01Red Hat Security Advisory 2019-2690-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. Issuesaddressed include unbounded memory growth.Red Hat Security Advisory 2019-2737-01Red Hat Security Advisory 2019-2737-01 - IBM Java SE version 8 includes the IBM Java Runtime Environmentand the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP40.

Issues addressed include deserialization, out of bounds access, and use-after-free vulnerabilities.Red Hat Security Advisory 2019-2732-01Red Hat Security Advisory 2019-2732-01 - .NET Core is a managed-software framework. It implements asubset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versionsof .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core2.1.13, and 2.2.7. Issues addressed include a denial of service vulnerability.Red Hat Security Advisory 2019-2731-01Red Hat Security Advisory 2019-2731-01 - NET Core is a managed-software framework. It implements asubset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versionsof .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK2.1.509 and Runtime 2.1.13. Issues addressed include a denial of service vulnerability.

https://www.informationwarfarecenter.com