US-CERT Feed

Intel Firmware Vulnerability

US-Cert Current Activity - Tue, 11/21/2017 - 11:02am
Original release date: November 21, 2017

Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Symantec Releases Security Update

US-Cert Current Activity - Tue, 11/21/2017 - 7:40am
Original release date: November 21, 2017

Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Windows ASLR Vulnerability

US-Cert Current Activity - Mon, 11/20/2017 - 10:57am
Original release date: November 20, 2017

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Holiday Scams and Malware Campaigns

US-Cert Current Activity - Thu, 11/16/2017 - 8:41pm
Original release date: November 16, 2017

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Visit the Federal Trade Commission's Consumer Information page on Charity Scams.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. See Choosing and Protecting Passwords for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Oracle Releases Security Alert

US-Cert Current Activity - Thu, 11/16/2017 - 4:39pm
Original release date: November 16, 2017

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Update

US-Cert Current Activity - Wed, 11/15/2017 - 12:24pm
Original release date: November 15, 2017

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Updates

US-Cert Current Activity - Tue, 11/14/2017 - 3:36pm
Original release date: November 14, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

US-Cert Alerts - Tue, 11/14/2017 - 2:00pm
Original release date: November 14, 2017
Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean government—commonly known as Volgmer. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with Volgmer malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the Volgmer malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

For a downloadable copy of IOCs, see:

NCCIC conducted analysis on five files associated with or identified as Volgmer malware and produced a Malware Analysis Report (MAR). MAR-10135536-D examines the tactics, techniques, and procedures observed. For a downloadable copy of the MAR, see:

Description

Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.

It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer

The U.S. Government has analyzed Volgmer’s infrastructure and have identified it on systems using both dynamic and static IP addresses. At least 94 static IP addresses were identified, as well as dynamic IP addresses registered across various countries. The greatest concentrations of dynamic IPs addresses are identified below by approximate percentage:

  • India (772 IPs) 25.4 percent
  • Iran (373 IPs) 12.3 percent
  • Pakistan (343 IPs) 11.3 percent
  • Saudi Arabia (182 IPs) 6 percent
  • Taiwan (169 IPs) 5.6 percent
  • Thailand (140 IPs) 4.6 percent
  • Sri Lanka (121 IPs) 4 percent
  • China (82 IPs, including Hong Kong (12) 2.7 percent
  • Vietnam (80 IPs) 2.6 percent
  • Indonesia (68 IPs) 2.2 percent
  • Russia (68 IPs) 2.2 percent
Technical Details

As a backdoor Trojan, Volgmer has several capabilities including: gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. In one of the samples received for analysis, the US-CERT Code Analysis Team observed botnet controller functionality.

Volgmer payloads have been observed in 32-bit form as either executables or dynamic-link library (.dll) files. The malware uses a custom binary protocol to beacon back to the command and control (C2) server, often via TCP port 8080 or 8088, with some payloads implementing Secure Socket Layer (SSL) encryption to obfuscate communications.

Malicious actors commonly maintain persistence on a victim’s system by installing the malware-as-a-service. Volgmer queries the system and randomly selects a service in which to install a copy of itself. The malware then overwrites the ServiceDLL entry in the selected service's registry entry. In some cases, HIDDEN COBRA actors give the created service a pseudo-random name that may be composed of various hardcoded words.

Detection and Response

This alert’s IOC files provide HIDDEN COBRA indicators related to Volgmer. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"Malformed_UA"; content:"User-Agent: Mozillar/"; depth:500; sid:99999999;)

___________________________________________________________________________________________________

YARA Rules

rule volgmer
{
meta:
    description = "Malformed User Agent"
strings:
    $s = "Mozillar/"
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and $s
}

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Solution Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
  • Keep operating systems and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Do not follow unsolicited web links in emails. See Avoiding Social Engineering and Phishing Attacks for more information.
Response to Unauthorized Network Access
  • Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).
References
Revision History
  • November 14, 2017: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Microsoft Releases November 2017 Security Updates

US-Cert Current Activity - Tue, 11/14/2017 - 1:50pm
Original release date: November 14, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

US-Cert Alerts - Tue, 11/14/2017 - 1:09pm
Original release date: November 14, 2017
Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to any North Korean government malicious cyber activity.

This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with FALLCHILL malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the FALLCHILL malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

For a downloadable copy of IOCs, see:

NCCIC conducted analysis on two samples of FALLCHILL malware and produced a Malware Analysis Report (MAR). MAR-10135536-A examines the tactics, techniques, and procedures observed in the malware. For a downloadable copy of the MAR, see:

Description

According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.

During analysis of the infrastructure used by FALLCHILL malware, the U.S. Government identified 83 network nodes. Additionally, using publicly available registration information, the U.S. Government identified the countries in which the infected IP addresses are registered.

Technical Details

FALLCHILL is the primary component of a C2 infrastructure that uses multiple proxies to obfuscate network traffic between HIDDEN COBRA actors and a victim’s system. According to trusted third-party reporting, communication flows from the victim’s system to HIDDEN COBRA actors using a series of proxies as shown in figure 1.

Figure 1. HIDDEN COBRA Communication Flow

FALLCHILL uses fake Transport Layer Security (TLS) communications, encoding the data with RC4 encryption with the following key: [0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82]. FALLCHILL collects basic system information and beacons the following to the C2:

  • operating system (OS) version information,
  • processor information,
  • system name,
  • local IP address information,
  • unique generated ID, and
  • media access control (MAC) address.

FALLCHILL contains the following built-in functions for remote operations that provide various capabilities on a victim’s system:

  • retrieve information about all installed disks, including the disk type and the amount of free space on the disk;
  • create, start, and terminate a new process and its primary thread;
  • search, read, write, move, and execute files;
  • get and modify file or directory timestamps;
  • change the current directory for a process or file; and
  • delete malware and artifacts associated with the malware from the infected system.
Detection and Response

This alert’s IOC files provide HIDDEN COBRA indicators related to FALLCHILL. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"Malicious SSL 01 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\x04\x88\x4d\x76/"; rev:1; sid:2;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 02 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\x06\x88\x4d\x76/"; rev:1; sid:3;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 03 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\xb2\x63\x70\x7b/"; rev:1; sid:4;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 04 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\xb0\x63\x70\x7b/"; rev:1; sid:5;)

___________________________________________________________________________________________YARA Rules

The following rules were provided to NCCIC by a trusted third party for the purpose of assisting in the identification of malware associated with this alert.

THIS DHS/NCCIC MATERIAL IS FURNISHED ON AN “AS-IS” BASIS.  These rules have been tested and determined to function effectively in a lab environment, but we have no way of knowing if they may function differently in a production network.  Anyone using these rules are encouraged to test them using a data set representitive of their environment.

rule rc4_stack_key_fallchill
{
meta:
    description = "rc4_stack_key"
strings:
    $stack_key = { 0d 06 09 2a ?? ?? ?? ?? 86 48 86 f7 ?? ?? ?? ?? 0d 01 01 01 ?? ?? ?? ?? 05 00 03 82 41 8b c9 41 8b d1 49 8b 40 08 48 ff c2 88 4c 02 ff ff c1 81 f9 00 01 00 00 7c eb }
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and $stack_key
}

rule success_fail_codes_fallchill

{
meta:
    description = "success_fail_codes"
strings:
    $s0 = { 68 7a 34 12 00 }  
    $s1 = { ba 7a 34 12 00 }  
    $f0 = { 68 5c 34 12 00 }  
    $f1 = { ba 5c 34 12 00 }
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and (($s0 and $f0) or ($s1 and $f1))
}

___________________________________________________________________________________________

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Solution Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
  • Keep operating systems and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Do not follow unsolicited web links in emails. See Avoiding Social Engineering and Phishing Attacks for more information.
Response to Unauthorized Network Access
  • Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

 

References
Revision History
  • November 14, 2017: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Adobe Releases Security Updates

US-Cert Current Activity - Tue, 11/14/2017 - 12:41pm
Original release date: November 14, 2017

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

US-Cert Current Activity - Thu, 11/09/2017 - 3:19pm
Original release date: November 09, 2017

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT's Tip on Using Caution with Email Attachments.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Joomla! Releases Security Update

US-Cert Current Activity - Tue, 11/07/2017 - 11:40am
Original release date: November 07, 2017

Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Google Releases Security Update for Chrome

US-Cert Current Activity - Mon, 11/06/2017 - 5:50pm
Original release date: November 06, 2017

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Update for IOS XE Software

US-Cert Current Activity - Fri, 11/03/2017 - 4:35pm
Original release date: November 03, 2017

Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Updates

US-Cert Current Activity - Wed, 11/01/2017 - 1:17pm
Original release date: November 01, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability cisco-sa-20171101-wlc2
  • Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability cisco-sa-20171101-wlc1
  • Identity Services Engine Privilege Escalation Vulnerability cisco-sa-20171101-ise
  • Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability cisco-sa-20171101-fpwr
  • Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability cisco-sa-20171101-cpcp
  • Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability cisco-sa-20171101-apicem
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability cisco-sa-20171101-aironet2
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability cisco-sa-20171101-aironet1

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Apple Releases Multiple Security Updates

US-Cert Current Activity - Tue, 10/31/2017 - 4:26pm
Original release date: October 31, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

WordPress Releases Security Update

US-Cert Current Activity - Tue, 10/31/2017 - 4:21pm
Original release date: October 31, 2017

WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.3.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Protecting Critical Infrastructure from Cyber Threats

US-Cert Current Activity - Tue, 10/31/2017 - 8:14am
Original release date: October 31, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

US-CERT encourages users and administrators to review the following:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Oracle Releases Security Bulletin

US-Cert Current Activity - Mon, 10/30/2017 - 2:09pm
Original release date: October 30, 2017

Oracle has released a security update bulletin to address a vulnerability in Oracle Identity Manager. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the Oracle Security Alert Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Pages