07-29

July 29, 2019

The Cyber WAR (Weekly Awareness Report) is an Open Source Intelligence AKA OSINT resource focusing on advancedpersistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime categorydirected at both business and political targets. Attack vectors include system compromise, social engineering, and eventraditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: Last Malware* Troj/RTFDl-ADJ* Troj/Fareit-IJX* Troj/HawkEye-VN* Troj/Phish-FQT* Troj/Zbot-NLE* Troj/PDFUri-HNZ* Troj/DocDl-UVX* Troj/DocDl-UVB* Troj/DocDl-UTH* W32/NGVCK-AA

Last PUAs* ConvertAd* UBar Video and Audio Plugin* Keygen* Adposhel* Teflon Security Suite* PC Fix Cleaner* OpenCandy* Install Core* DealPly Updater* Softcnapp

Interesting News

* On the IoT road: perks, benefits and security of moving smartlyThis year, we decided to continue our tradition of small-scale experiments with security of connected devices but focused onthe automotive-related topic. We randomly took several different automotive connected devices (a couple of auto scanners,a dashboard camera, a GPS tracker, a smart alarm system, a pressure and temperature monitoring system) and reviewedtheir security setup.

* * The IWC Academy has been officially released this month! We currently have a Red Team Operator track coveringcertifications including Security+, CEHv10, CySA+, & Pentest+, and specialized courses. Contact us for details. We areworking on a Cyber Forensics Linux distribution called CSI Linux. Visit our FaceBook Group and YouTube Channel,Subscribe to both! As always, if you have any suggestions, feel free to let us know. If you would like to receive the CIRupdates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Krebs on Security

* Dark Reading

* The Hacker News

* Security Week

* Infosecurity Magazine

* Naked Security

* Quick Heal - Security Simplified

* Threat Post

The Hacker Corner:

* Security Conferences

* Zone-H Latest Published Website Defacements

Tools & Techniques

* Packet Storm Security Latest Published Tools

* Kali Linux Tutorials

* GBHackers Analysis

Exploits and Proof of Concepts

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

Packet Storm Security

* Urgent11 Security Flaws Impact Routers, Printers, SCADA, And Many IoT Devices* Rights Group Loses Mass Surveillance Appeal In High Court* What Is Facial Recognition And How Sinister Is It?* Coats To Leave, Trump Will Name Ratcliffe As DNI* Unique Monokle Android Malware Self Signs Certificates* No More Ransom Saves Ransomware Victims $108 Million* MalwareTech Gets No Prison Time, One Year Supervised Release* Equifax Owes You Cash For Losing Your Data* Researchers Disclose Five Unpatched Bugs In Comodo Antivirus* Ransomware Hits Johannesburg Electricity Supply* Telegram Voicemail Hack Used Against Brazil's President, Ministers* Trolled With Fake Presidential Logo, Trump Does Not Notice* Data Breach Cost Rises To $4 Million Per Incident* Facebook To Pay $5 Billion To Settle Privacy Concerns* Proving His Incompetence Further, Barr Backs Backdoors* Fed Sees Crypto Currencies Shifting U.S. Financial System* Microsoft Opens Dynamics 365 Bug Bounty With $20k Top Prize* Hackers Publish List Of Phished Discord Credentials* Oakland Follows San Francisco's Lead In Banning Facial Recognition Tech* Skylight Cyber Bypasses Cylance AI* No, You Don't Need A Burner Phone At A Hacking Conference* US Senator Asks FBI To Investigate FaceApp* Microsoft Warns 10,000 Customers They're Targeted By Nation States* Slack Resets Passwords For 1% Of Its Users Because Of 2015 Hack* Unofficial Telegram App Secretly Loads Malicious Sites

Krebs on Security

* The Unsexy Threat to Election Security* Neo-Nazi SWATters Target Dozens of Journalists* What You Should Know About the Equifax Data Breach Settlement* QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack* Party Like a Russian, Carder's Edition* Meet the World's Biggest 'Bulletproof' Hoster* Is 'REvil' the New GandCrab Ransomware?* FEC: Campaigns Can Use Discounted Cybersecurity Services* Patch Tuesday Lowdown, July 2019 Edition* Who's Behind the GandCrab Ransomware?

Dark Reading

* 4 Network Security Mistakes Bound to Bite You* 9 Things That Don't Worry You Today (But Should)* In Depth * A Security-First Approach to DevOps* Malware Researcher Hutchins Sentenced to Supervised Release* Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web* Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs* FormGet Storage Bucket Leaks Passport Scans, Bank Details* 3 Takeaways from the First American Financial Breach* Black Hat Q&A: Inside the Black Hat NOC* What Every Security Team Should Know About Internet Threats* Senate Report: US Election Security 'Sorely Lacking' in 2016* Android Spyware Has Ties to Election Interference* Russian Threat Group May Have Devised a 'Man-on-the-Side' Attack * Louisiana Declares Cybersecurity State of Emergency* Johannesburg Ransomware Attack Leaves Residents in the Dark* Security Training That Keeps Up with Modern Development* Answer These 9 Questions to Determine if Your Data Is Safe * Edge Feature Section* Android Malware 'Triada' Most Active on Telco Networks

The Hacker News

* Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices* Viral FaceApp Unnecessarily Requests Access to Users' Facebook Friends List* Judge Rules No Jail Time for WannaCry 'Killer' Marcus Hutchins, a.k.a. MalwareTech* Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)* Ransomware Attack Caused Power Outages in the Biggest South African City* Silk Road Admin Sentenced to 78 Months in Prison On Drug Trafficking Charges* Your Android Phone Can Get Hacked Just By Playing This Video* Popular Malware Families Using 'Process Doppelgänging' to Evade Detection* Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List* New Android Spyware Created by Russian Defense Contractor Found in the Wild* Facebook Agrees to Pay $5 Billion Fine and Setup New Privacy Program for 20 Years* Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets* A New 'Arbitrary File Copy' Flaw Affects ProFTPD Powered FTP Servers* Learn Ethical Hacking From Scratch — 2019 Training Bundle* Equifax to Pay up to $700 Million in 2017 Data Breach Settlement

Security Week

* Trinity Cyber Secures $23 Million in Funding* Critical Industries at Risk from Eleven Zero-day Flaws in Real Time Operating System* Encrypted Threats, IoT Malware Surge Past 2018 Levels: Report* Authenticated XSS Found in WordPress Plugin Facebook Widget* No Prison for British Cyber Expert in Malware Case* Ireland-Based Admin of Silk Road Marketplace Sentenced to Prison* Android Enterprise Receives ISO 27001 Stamp* Railway Cybersecurity Firm Cervello Raises $4.5 Million* British Cyber Expert to be Sentenced for Creating Malware* NY to Require Greater Public Notification of Data Breaches* Researchers Discover Android Surveillance Malware Built by Sanctioned Russian Firm* Mirai-Based Botnet Launches Massive DDoS Attack on Streaming Service* Ransomware Causes Disruptions at Johannesburg Power Company* Enterprise VPN Vulnerabilities Expose Organizations to Hacking, Espionage* Crypto-Mining Botnet Implements BlueKeep Scanner* Fact vs Fiction: The Truth About Breach and Attack Simulation Tools* Guildma Malware Expands Targets Beyond Brazil* Using Threat Trends to Protect Network Resources* Decision Fatigue is Real - In Life and In Security* Stock Trading Firm Robinhood Stored User Passwords in Plaintext

Infosecurity Magazine

* Flaws Allow Hacker to Bypass Card Limits * Malware Cited As Exploit Most Seen By SOC Teams* Fake Version of WhatsApp Giving 'Free Internet' * Russian Fake News Targeted Ukraine Elections* UK Abused Access to EU Database For Years: Report* WannaCry Hero Hutchins Spared Jail Time* E-Retailers Need to Prepare For Holiday Spikes* Uptick in Ransomware, Mobile Banking Malware* Silicon Valley Issues Election Security Report* Louisiana Governor Declares Emergency After Ransomware Blitz* Russia Targeted Election Systems in All 50 US States* Researchers Find 23 Million Stolen Cards For Sale

Naked Security

* NAS vendors hit by brute force ransomware attacks* Three quarters of gamers suffer hate and harassment online* Russia targeted all 50 states in 2016 election, Senate report says* Monday review - the hot 21 stories of the week* Ransomware hits Louisiana schools; state of emergency declared* WannaCry hero avoids prison* S2 Ep1: FaceApp, logic bombs and stranger danger - Naked Security Podcast* Sysadmins need to know - how DO you pronounce "sudo”?* Happy SysAdminDay 2019!* BlueKeep guides make imminent public exploit more likely

Quick Heal - Security Simplified

* Trinity Miner using open ADB port to target IoT devices* Webcam Hacking - How to prevent webcam from hacking into your privacy?* Ransomware As A Tool - LockerGoga* Beware! Email attachments can make you victim of spear phishing attacks* The website I visited behaves weirdly. I wonder if I'm hacked?* Beware! The padlock icon and HTTPS are no more indicators of safe website* What makes Quick Heal's Next Generation Suite of Features a SMART choice to protect your privacy?* APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise* CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel* Quick Heal supports the Windows 10 May 2019 Update

Threat Post

* 'URGENT/11' Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks* Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep* 'WannaCry Hero' Avoids Jail Time in Kronos Malware Charges* Louisiana Gov Declares Emergency After Cyberattacks Plague Schools* Rare Steganography Hack Can Compromise Fully Patched Websites* Gamers Are Easy Prey for Credential Thieves* 'Google' Sites Are the Latest Ploy by Card-Skimming Thieves* Streamlining Patch Management: Expert Advice* New Loader Variant Behind Widespread Malware Attacks* Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns

The Hacker Corner

Conferences

* Premium Enterprise Speaking Service* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)* 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy* An Interview with Jack Daniel: Co-Founder of BSides!* The Best Hacker Conferences of 2019 - 2020* Conference Visas For The USA, UK & India

Latest Website Defacements

* https://ms-aceh.go.id/exz.txt* http://www.cco.gov.jo/Relaz.html* https://soppengkab.go.id/kawaiii.html* https://portal.mpmt.mp.br/sgp/server//arquivos/2019/07/23/1_vanda.txt* http://www.ci.concord.nc.us* https://www.concordnc.gov* http://proruralmais.azores.gov.pt* https://gestpdr.azores.gov.pt* https://ajudabanana.azores.gov.pt* http://fuerzaaerea.mil.do* http://fard.mil.do* http://transparencia.fard.mil.do* http://hospital.fard.mil.do* http://app.fard.mil.do* http://academia.fard.mil.do* http://spm.dbp.gov.my/BD.txt* http://ekamus.dbp.gov.my/BD.txt* http://pers.dbp.gov.my/BD.txt* http://prpm.dbp.gov.my/BD.txt* http://meduc.behdasht.gov.ir/BD.txt

Tools & Techniques

Packet Storm Security Tools Links

* Logwatch 7.5.2* Wireshark Analyzer 3.0.3* Falco 0.16.0* GNU Privacy Guard 2.2.17* Scapy Packet Manipulation Tool 2.4.3rc3* Samhain File Integrity Checker 4.3.3* pArAnoIA Browser 0.1* I2P 0.9.41* GRR 3.3.0.4* Scapy Packet Manipulation Tool 2.4.3rc2

Kali Linux Tutorials

* VulnWhisperer : Create Actionable Data From Your Vulnerability Scans* Dockernymous : A Script Used To Create A Whonix Like Gateway/Workstation Environment With DockerContainers* Hardening up Your Cyber Defence With Risk Assessment* HiddenEye : Modern Phishing Tool With Advanced Functionality* Top 7 Best Open Source SQL Injection Tools - 2019* SUDO KILLER : A Tool To Identify & Exploit Sudo Rules' Misconfigurations & Vulnerabilities Within Sudo* Hvazard : Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, CombineWordlists* GitGot - Semi-Automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data OnGitHub For Sensitive Secrets* Git Hound - Find Exposed Keys Across GitHub Using Code Search Keywords* A Closer Look At The Brushless DC Electric Motor

GBHackers Analysis

* Unpatched RCE Vulnerability in LibreOffice Let Hackers Take Complete Control Of Your Computer* Critical Account Take over Vulnerability Allows to Hack Your Instagram Account within 10 Minutes* Multiple Vulnerabilities Affected Lenovo's Server Infrastructure that allows Hackers to Execute Malicious Code* 8 World's Biggest Tech Giants Including TCS, CSC, HPE, NTT Data Hacked by Chinese GovernmentSponsored Hackers* Chinese APT 10 Group Hacked Nearly 10 Telecom Networks and Stealing Users Call Records, PII,Credentials, Email Data and more

Proof of Concept (PoC) & Exploits

Packet Storm Security

* Schneider Electric Pelco Endura NET55XX Encoder* WordPress Database Backup Remote Command Execution* Zurmo 3.2.6 Persistent Cross Site Scripting* Zurmo 3.2.6 Iframe Injection* Zurmo 3.2.6 Open Redirection* Zurmo 3.2.6 Out Of Band Code Evaluation* Ahsay Backup 7.x / 8.x XML Injection* Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution* Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution* pdfresurrect 0.15 Buffer Overflow* Moodle Filepicker 3.5.2 Server-Side Request Forgery* Microsoft Windows 7 Build 7601 (x86) Local Privilege Escalation* iMessage DigitalTouch Out-Of-Bounds Read* WebKit Synchronous Page Load Universal Cross Site Scripting* Zurmo 3.2.6 Code Evaluation* Zurmo 3.2.6 Reflected Cross Site Scripting* Yahei-PHP Prober 0.4.7 HTML Injection* Trend Micro Deep Discovery Inspector Percent Encoding IDS Bypass* Ovidentia 8.4.3 Cross Site Scripting* Ovidentia 8.4.3 SQL Injection* WordPress Hybrid Composer 1.4.6 Unauthenticated Access* Axway SecureTransport 5 XML Injection* Cisco Wireless Controller 3.6.10E Cross Site Request Forgery* Novismart CMS SQL Injection* BACnet Stack 0.8.6 Denial Of Service

Proof of Concept (PoC) & Exploits

Exploit Database

* [remote] WP Database Backup * [remote] Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)* [webapps] GigToDo 1.3 - Cross-Site Scripting* [webapps] WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting* [webapps] WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery* [webapps] Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection* [webapps] Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution(Metasploit)* [webapps] Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution* [dos] pdfresurrect 0.15 - Buffer Overflow* [webapps] Moodle Filepicker 3.5.2 - Server Side Request Forgery* [local] Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation* [local] Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation* [local] ASAN/SUID - Local Privilege Escalation* [local] Serv-U FTP Server * [local] S-nail * [local] VMware Workstation/Player * [local] Linux Kernel 4.4.0-21 * [local] Linux Kernel * [local] Linux Kernel 4.8.0-34 * [local] Linux Kernel 4.15.x * [local] Linux Kernel 4.15.x * [local] Linux Kernel 4.15.x * [local] Linux Kernel 4.15.x * [local] Linux Kernel 4.10 * [dos] WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* AA19-024A: DNS Infrastructure Hijacking Campaign* Vulnerability Summary for the Week of July 15, 2019* Vulnerability Summary for the Week of July 8, 2019* Vulnerability Summary for the Week of July 1, 2019

Symantec - Latest List

* Microsoft Edge Chakra Scripting Engine CVE-2019-1107 Remote Memory Corruption Vulnerability* Microsoft Windows WLAN Service CVE-2019-1085 Local Privilege Escalation Vulnerability* Microsoft Windows CVE-2019-1082 Local Privilege Escalation Vulnerability* Microsoft Windows CVE-2019-1074 Local Privilege Escalation Vulnerability* Microsoft Windows Error Reporting CVE-2019-1037 Local Privilege Escalation Vulnerability* Microsoft Windows Win32k CVE-2019-1132 Local Privilege Escalation Vulnerability* Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability* Microsoft Windows DirectX CVE-2019-0999 Local Privilege Escalation Vulnerability* Microsoft Windows Active Directory Federation Services CVE-2019-1126 Security Bypass Vulnerability* Microsoft Windows ADFS CVE-2019-0975 Security Bypass Vulnerability* Microsoft Windows Hyper-V CVE-2019-0966 Denial of Service Vulnerability* Microsoft Windows Remote Desktop Protocol Client CVE-2019-1108 Information Disclosure Vulnerability* Microsoft Windows Remote Desktop Services CVE-2019-0887 Remote Code Execution Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1106 Remote Memory Corruption Vulnerability* Microsoft Windows Win32k CVE-2019-1096 Local Information Disclosure Vulnerability* Microsoft Windows Kernel CVE-2019-1073 Local Information Disclosure Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1103 Remote Memory Corruption Vulnerability* Microsoft Windows Kernel CVE-2019-1071 Local Information Disclosure Vulnerability* Microsoft Azure Automation CVE-2019-0962 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1092 Remote Memory Corruption Vulnerability* Microsoft Visual Studio CVE-2019-1079 XML External Entity Information Disclosure Vulnerability* Microsoft Visual Studio CVE-2019-1077 Local Privilege Escalation Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1062 Remote Memory Corruption Vulnerability* Microsoft Exchange Server CVE-2019-1137 Spoofing Vulnerability* Microsoft Team Foundation Server CVE-2019-1076 Cross Site Scripting Vulnerability

AdvisoriesPacket Storm Security - Latest List

Red Hat Security Advisory 2019-1862-01Red Hat Security Advisory 2019-1862-01 - As part of the maintenance phase, qualified security patches ofCritical or Important impact, as well as select mission-critical bug-fix patches, were released for Red HatOpenShift Enterprise 3.6 and 3.7. After July 31st, 2019, customers will not receive those updates.Ubuntu Security Notice USN-4076-1Ubuntu Security Notice 4076-1 - It was discovered that a race condition existed in the Serial Attached SCSIimplementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service orexecute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did notproperly zero out memory in some situations. A local attacker could use this to expose sensitive information.Various other issues were also addressed.Ubuntu Security Notice USN-4054-2Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced variousminor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user weretricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges.Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information,bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks,spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrarycode. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in todownloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitiveinformation from local files. Various other issues were also addressed.Ubuntu Security Notice USN-4075-1Ubuntu Security Notice 4075-1 - Jeremy Harris discovered that Exim incorrectly handled sort expansions. Inenvironments where sort expansions are used, a remote attacker could possibly use this issue to executearbitrary code as root.Red Hat Security Advisory 2019-1860-01Red Hat Security Advisory 2019-1860-01 - Redis is an advanced key-value store. It is often referred to as adata-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance,Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once ina while, or by appending each command to a log. Issues addressed include buffer overflow and code executionvulnerabilities.Ubuntu Security Notice USN-4072-1Ubuntu Security Notice 4072-1 - It was discovered that Ansible failed to properly handle sensitive information.A local attacker could use those vulnerabilities to extract them. It was discovered that Ansible could loadconfiguration files from the current working directory containing crafted commands. An attacker could runarbitrary code as result. Various other issues were also addressed.Ubuntu Security Notice USN-4074-1

Ubuntu Security Notice 4074-1 - It was discovered that the VLC CAF demuxer incorrectly handled certain files.If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to causeVLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered thatthe VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening aspecially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial ofservice, or possibly execute arbitrary code. Various other issues were also addressed.Red Hat Security Advisory 2019-1851-01Red Hat Security Advisory 2019-1851-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. Issuesaddressed include cross site scripting and denial of service vulnerabilities.FreeBSD Security Advisory - FreeBSD-SA-19:17.fdFreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an errorcauses the attempt to fail, references acquired on the rights are not released and are leaked. This bug can beused to cause the reference counter to wrap around and free the corresponding file structure. A local user canexploit the bug to gain root privileges or escape from a jail.Red Hat Security Advisory 2019-1852-01Red Hat Security Advisory 2019-1852-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. An incompletefix for CVE-2019-1002101 was addressed.Ubuntu Security Notice USN-4073-1Ubuntu Security Notice 4073-1 - It was discovered that libEBML incorrectly handled certain media files. If auser were tricked into opening a specially crafted media file, libEBML could possibly be made to crash,resulting in a denial of service.FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyveFreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid'provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system oraccess memory that it should not be able to.FreeBSD Security Advisory - FreeBSD-SA-19:15.mqueuefsFreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct filewhich due to a programming error was not always put back, which in turn could be used to overflow the counterof affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened byprocesses owned by other users. If obtained struct file represents a directory from outside of user's jail, it canbe used to access files outside of the jail. If the user in question is a jailed root they can obtain root privilegeson the host system.Ubuntu Security Notice USN-4071-2Ubuntu Security Notice 4071-2 - USN-4071-1 fixed several vulnerabilities in Patch. This update provides thecorresponding update for Ubuntu 14.04 ESM. It was discovered that Patch incorrectly handled certain files. Anattacker could possibly use this issue to access sensitive information. Various other issues were alsoaddressed.FreeBSD Security Advisory - FreeBSD-SA-19:14.freebsd32FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the componentslisted above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memorymight contain sensitive information, such as portions of the file cache or terminal buffers. This information mightbe directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminalbuffer might include a user-entered password.FreeBSD Security Advisory - FreeBSD-SA-19:13.ptsFreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2)fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel

memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privilegesor escape a jail.Ubuntu Security Notice USN-4070-1Ubuntu Security Notice 4070-1 - Multiple security issues were discovered in MySQL and this update includes anew upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, newfeatures, and possibly incompatible changes. Various other issues were also addressed.Apple Security Advisory 2019-7-23-3Apple Security Advisory 2019-7-23-3 - iCloud for Windows 10.6 is now available and addresses code executionand cross site scripting vulnerabilities.Tufin Secure Change Remote Code ExecutionTufin SecureChange uses Richfaces version 4.3.5 which suffers from a remote code execution vulnerability.Apple Security Advisory 2019-7-23-2Apple Security Advisory 2019-7-23-2 - iTunes for Windows 12.9.6 is now available and addresses codeexecution and cross site scripting vulnerabilities.Apple Security Advisory 2019-7-23-1Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code executionand cross site scripting vulnerabilities.Ubuntu Security Notice USN-4071-1Ubuntu Security Notice 4071-1 - It was discovered that Patch incorrectly handled certain files. An attackercould possibly use this issue to access sensitive information. It was discovered that Patch incorrectly handledcertain files. An attacker could possibly use this issue to execute arbitrary code.Red Hat Security Advisory 2019-1839-01Red Hat Security Advisory 2019-1839-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 JavaRuntime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include adeserialization vulnerability.Red Hat Security Advisory 2019-1833-01Red Hat Security Advisory 2019-1833-01 - Red Hat CloudForms Management Engine delivers the insight,control, and automation needed to address the challenges of managing virtual environments. CloudFormsManagement Engine is built on Ruby on Rails, a model-view-controller framework for web applicationdevelopment. Action Pack implements the controller and the view components. This update fixes various bugsand adds enhancements.

https://www.informationwarfarecenter.com