weekly awareness report (war)informationwarfarecenter.com/cir/archived/cyber...may 13, 2019 · * 7...
TRANSCRIPT
05-13
Weekly Awareness Report (WAR)
May 13, 2019
The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.
Summary
Symantec ThreatCon Low: Basic network posture
This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.
Sophos: last 10 Malware* Troj/Stealer-PA* Troj/Stealer-PB* Troj/DocDrp-HT* Troj/Trickbo-QX* Troj/PShlBat-Z* Java/Adwind-FEI* Java/Adwind-FEH* Java/Adwind-FEG* Java/Adwind-FEF* Troj/BokBot-S
Last 10 PUAs* Somoto BetterInstaller* XMRig Miner* Adposhel* Download Assistant* AdvancedMacCleaner* Advanced Mac Tuneup* KuaiZip* IStartSurfInstaller* PowerTool* DealPly Updater
Interesting News
* The 2019 DBIR is outWe are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While ourdata contribution is completely anonymous, it is based in some of the 2018 data set that our private report customersreceive.
* * The IWC Cyber Range is scheduled to release a new version May 1st. Ghidra and Grass Marlin are now installed alongwith several more Red/Blue Team tools. If you are interested, we have an active FaceBook Group and YouTube Channel. As always, if you have any suggestions, feel free to let us know. Subscribe if you would like to receive the CIR updates bysending us an email: [email protected]
Index of Sections
Current News
* Packet Storm Security
* Dark Reading
* Krebs on Security
* The Hacker News
* Infosecurity Magazine
* Threat Post
* Naked Security
* Quick Heal - Security Simplified
Hacker Corner: Tools, Hacked Defacements, and Exploits
* Security Conferences
* Packet Storm Security Latest Published Tools
* Zone-H Latest Published Website Defacements
* Packet Storm Security Latest Published Exploits
* Exploit Database Releases
Advisories
* Secunia Chart of Vulnerabilities Identified
* US-Cert (Current Activity-Alerts-Bulletins)
* Symantec's Latest List
* Packet Storm Security's Latest List
Credits
News
Packet Storm Security
* SIM Hijacking Ring Dismantled By The Feds* SHA-1 Collision Attacks Are Now Actually Practical And A Looming Danger* Facebook Sues Analytics Firm Rankwave Over Alleged Data Misuse* Swedish Authorities Want To Extradite Julian Assange For Rape* North Korea Debuts New Electricfish Malware In Hidden Cobra Campaigns* Data Breaches A Time Bomb, Warns Security Report* Unhackable eyeDisk Flash Drive Exposes Passwords In Clear Text* Feds Charge Chinese National In 2015 Breach Of Anthem* Amazon Sellers Hit By Extensive Fraud Campaign* School Lunch Baron Allegedly Hacked Students' Data To Take Down His Competitor* CIA Camps Out In Anonymized Tor Network* Binance Exchange Hackers Steal Bitcoins Worth $41 Million* AirBNB Hosts Are Getting Creepy And Recording People* Cisco Elastic Services Controller Allows Takeover* Facebook Deletes More Accounts Linked To Russia* Amid Bug Bounty Hype, Sometimes Security Is Left In The Dust* Stolen NSA Hacking Tools Were Used In The Wild 14 Months Before Shadow Brokers Leak* 3rd Party Software Now Blamed For 737 MAX Fiasco* The Russians Are Using A Clever Microsoft Exchange Backdoor* In A First, Israel Responds To Hamas Hackers With An Air-Strike* Japanese Govt To Create And Maintain Defensive Malware* Australia's Cybersecurity Chief Alastair MacGibbon Resigns* Inside Facebook's War Room: The Battle To Protect EU Elections* Retefe Banking Trojan Resurfaces, Says Goodbye To Tor* Denial Of Service Event Impacted U.S. Power Utility Last Month
Dark Reading
* Korean APT Adds Rare Bluetooth Device-Harvester Tool* Thrangrycat Claws Cisco Customer Security* LockerGoga, MegaCortex Ransomware Share Unlikely Traits* Attacks on JavaScript Services Leak Info From Websites* Poorly Configured Server Exposes Most Panama Citizens' Data* 78% of Consumers Say Online Companies Must Protect Their Info* How Open Testing Standards Can Improve Security* Demystifying the Dark Web: What You Need to Know* Microsoft SharePoint Bug Exploited in the Wild* How We Collectively Can Improve Cyber Resilience* Symantec CEO Greg Clark Steps Down* Hackers Still Outpace Breach Detection, Containment Efforts* Bumper Crop of New Briefings Added for Black Hat USA * Data Dump Purportedly Reveals Details on Previously Unknown Iranian Threat Group* US DoJ Indicts Chinese Man for Anthem Breach* Nation-State Breaches Surged in 2018: Verizon DBIR* How the Skills Gap Strains - and Constrains - Security Pros* New Initiative Aims to Fast-Track Women into Cybersecurity Careers
News
Krebs on Security
* Nine Charged in Alleged SIM Swapping Ring* What's Behind the Wolters Kluwer Tax Outage?* Feds Bust Up Dark Web Hub Wall Street Market* Credit Union Sues Fintech Giant Fiserv Over Security Claims* Data: E-Retail Hacks More Lucrative Than Ever* P2P Weakness Exposes Millions of IoT Devices* Who's Behind the RevCode WebMonitor RAT?* Marcus "MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware* Wipro Intruders Targeted Other Major IT Firms* How Not to Acknowledge a Data Breach
The Hacker News
* U.S. Charges 9 'SIM Swapping' Attackers For Stealing $2.5 Million* North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data* U.S. Charges Chinese Hacker For 2015 Anthem Data Breach* Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites* Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks* Google Chrome to Introduce Improved Cookie Controls Against Online Tracking* Baltimore City Shuts Down Most of Its Servers After Ransomware Attack* Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin* Cynet's Free Incident Response Tool — Stop Active Attacks With Greater Visibility* Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2
Security Week
* US, EU Spar Over Sharing Electronic Evidence in Investigations* Nine Charged in SIM Hijacking Scheme* GAO Makes Recommendations to Improve Security of Taxpayer Data* New Bill Proposes Cybersecurity Training for U.S. House Members* Website Infections Holding Steady at 1%, But Attacks Becoming Stealthier: Report* Leak Reveals Activity of Iranian Hacking Group* An Ode to CISOs: How Real-World Risks Became Cyber Threats * Sectigo Acquires IoT Security Firm Icon Labs* North Korea-Linked 'ScarCruft' Adds Bluetooth Harvester to Toolkit* Remote Code Execution Flaw Found in Kaspersky Products* NVIDIA Patches High Severity Bugs in GPU Display Driver* Microsoft SharePoint Vulnerability Exploited in the Wild* Facebook Sues South Korea Data Analytics Firm* Over 100 Flaws Expose Buildings to Hacker Attacks* Android Q Enables TLS 1.3 Support by Default* Nigerian Cybercrime 'Group' Has 400 Malicious Actors* Symantec CEO Quits Unexpectedly, Stock Sinks After Missing Estimates* U.S. Charges Chinese Hackers Over Massive 2015 Anthem Breach* Russian Hackers Claim Breach of Three U.S. Anti-Virus Companies* U.S. Government Details ELECTRICFISH Malware Used by North Korea
News
Infosecurity Magazine
* Malicious Attacks Cause of Most Aussie Breaches* ScarCruft APT Develops Malware to Target Bluetooth* Lawmakers Propose Cyber Training for Congress* WannaCry Remains a Global Threat Two Years On* ICO Calls Out HMRC for Illegal Biometric Data Collection* SMS Spammers Expose 80 Million Records Online * US Indicts Chinese Man for Anthem Breach* DHS Releases Analysis of ELECTRICFISH Malware* Photo App Develops Tool with User Images* Top Russian Hacking Group Breaches Three AV Companies
Threat Post
* Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices* Twitter Leaks Apple iOS Users' Location Data to Ad Partner* ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks* ThreatList: Top 5 Most Dangerous Attachment Types* FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug* News Wrap: Facebook Regulation, Verizon DBIR, Hidden Airbnb Cameras* The WannaCry Security Legacy and What's to Come* Nvidia Warns Windows Gamers on GPU Driver Flaws* ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018* 'Unhackable' Biometric USB Offers Up Passwords in Plain Text
Naked Security
* Two people indicted for massive Anthem health data breach* Study finds Android smartphones riddled with suspect 'bloatware'* Break up Facebook, cofounder says: it's an un-American monopoly* Monday review - the hot 18 stories of the week* Chrome browser pushes SameSite cookie security overhaul* 275m personal records swiped from exposed MongoDB database* FTC renews call for single federal privacy law* Airbnb Superhost's creepy spycam sniffed out by sleuthing infosec pro* Sextortion mail from yourself? It doesn't mean you've been hacked…* Metal keys beat smart locks in NYC legal battle
Quick Heal - Security Simplified
* Miners snatching open source tools to strengthen their malevolent power!* 5 ways to instantly detect a phishing email and save yourself from phishing attack* PCs fail to boot up / Freeze after receiving Microsoft Windows 9-April-2019 updates and rebooting the PC* JCry - A Ransomware written in Golang!* This summer vacation let your kids explore the internet with safety of parental control* 3059 android malware detected per day in 2018 - Are you still counting on free android antivirus forprotection?* Essential cyber safety tips every woman should follow* Quick Heal Threat Report - Cryptojacking rising but Ransomware still #1 threat for consumers* GandCrab Riding Emotet's Bus!
Security Conferences* Upcoming Events in the United States* Upcoming Events In Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)* 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy* An Interview with Jack Daniel: Co-Founder of BSides!
Tools & Techniques* GNUnet P2P Framework 0.11.4* I2P 0.9.40* Lets Map Your Network* SQLMAP - Automatic SQL Injection Tool 1.3.5* Suricata IDPE 4.1.4* ifchk 1.1.1* TestSSL 3.0rc5* TestSSL 2.9.5-8* Lynis Auditing Tool 2.7.4* OpenSSH 8.0p1* OSINT-SPY : Performs OSINT Scan On Email/Domain/IP_Address/Organisation* PAnalizer : Forensic Tool Search Images In A Specific Directory* FinalRecon : OSINT Tool for All-In-One Web Peconnaissance* iCULeak : Tool To Find & Extract Credentials From Phone Configuration Files Hosted On CUCM* Recon-T : Reconnaisance - Footprinting - Information Disclosure* QRGen : Simple Script for Generating Malformed QRCodes* ExtAnalysis : Browser Extension Analysis Framework* BruteDum : Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack* 10minutemail : Python Temporary Email* DumpTheGit : Public Repositories to Find Sensitive Information Uploaded to the Github Repositories
Latest Zone-H Website Defacements* https://www.tekun.gov.my* http://www.mpib.gov.my/galau.htm* http://www3.itapemirim.es.leg.br/Arquivo/pw.html* http://www3.cmgl.es.gov.br/Arquivo/pw.html* http://processosbiblioteca.coppead.ufrj.br* http://processoscompras.coppead.ufrj.br* http://processosdoutorado.coppead.ufrj.br* http://processosespecializacao.coppead.ufrj.br* http://processosfinanceiro.coppead.ufrj.br* http://processosgrh.coppead.ufrj.br* http://processosmestrado.coppead.ufrj.br* http://processosgadm.coppead.ufrj.br* http://eduardoraupp.coppead.ufrj.br* http://cis.coppead.ufrj.br* http://cessaude.coppead.ufrj.br* http://eventos.coppead.ufrj.br* http://epokir.kutaitimurkab.go.id* http://emusrenbang.kutaitimurkab.go.id* http://resolution.environment.gov.rw/0.htm
Proof of Concept (PoC) & Exploits
Packet Storm Security
* System Down: A systemd-journald Exploit* Go Cryptography Libraries Cleartext Message Spoofing* SOCA Access Control System 180612 Cross Site Request Forgery* SOCA Access Control System 180612 SQL Injection* SOCA Access Control System 180612 Cross Site Scripting* SOCA Access Control System 180612 Information Disclosure* SalesERP 8.1 SQL Injection* XOOPS CMS 2.5.9 SQL Injection* Firefly CMS 1.0 Remote Command Execution* WordPress Form Maker 1.13.3 SQL Injection* DNSS Domain Name Search Software 2.1.8 Denial Of Service* SpotMSN 2.4.6 Denial Of Service* CCSP 7.2.5 API XML Injection / Server-Side Request Forgery* WolfCMS 0.8.3.1 Cross Site Scripting* OpenCMS 10.5.4 CSV Injection* OpenCMS 10.5.4 Cross Site Scripting* OpenProject 8.3.1 SQL Injection* Chrome V8 Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Failed Check* CyberArk Enterprise Password Vault 10.7 XML External Entity Injection* PHPRunner 10.1 Denial Of Service* ASPRunner.NET 10.1 Denial Of Service* SpotPaltalk 1.1.5 Denial Of Service
Exploit Database
* [webapps] CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection* [webapps] RICOH SP 4520DN Printer - HTML Injection* [webapps] RICOH SP 4510DN Printer - HTML Injection* [webapps] dotCMS 5.1.1 - HTML Injection* [dos] PHPRunner 10.1 - Denial of Service (PoC)* [dos] ASPRunner.NET 10.1 - Denial of Service (PoC)* [dos] SpotPaltalk 1.1.5 - Denial of Service (PoC)* [dos] SpotIM 2.2 - Denial of Service (PoC)* [webapps] TheHive Project Cortex * [dos] jetCast Server 2.0 - Denial of Service (PoC)* [dos] Convert Video jetAudio 8.1.7 - Denial of Service (PoC)* [dos] Lyric Maker 2.0.1.0 - Denial of Service (PoC)* [dos] Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)* [webapps] Zoho ManageEngine ADSelfService Plus 5.7 * [remote] Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution(Metasploit)* [remote] PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)* [remote] Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)* [webapps] NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass
AdvisoriesUS-Cert Alerts & bulletins
* AA19-122A: New Exploits for Unsecure SAP Systems* AA19-024A: DNS Infrastructure Hijacking Campaign* SB19-133: Vulnerability Summary for the Week of May 6, 2019* SB19-126: Vulnerability Summary for the Week of April 29, 2019
Symantec - Latest List
* Microsoft Internet Explorer XML External Entity Information Disclosure Vulnerability* Microsoft Azure CVE-2019-0816 Security Bypass Vulnerability* Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability* Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability* Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Windows LUAFV Driver CVE-2019-0836 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server CVE-2019-0857 Spoofing Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability* Microsoft Azure DevOps Server CVE-2019-0869 HTML Injection Vulnerability* Microsoft Windows MS XML CVE-2019-0793 Remote Code Execution Vulnerability* Microsoft Windows MS XML CVE-2019-0795 Remote Code Execution Vulnerability* Microsoft Windows MS XML CVE-2019-0792 Remote Code Execution Vulnerability* Microsoft Internet Explorer VBScript Engine CVE-2019-0862 Remote Code Execution Vulnerability* Microsoft Open Enclave SDK CVE-2019-0876 Information Disclosure Vulnerability* Microsoft Windows MS XML CVE-2019-0791 Remote Code Execution Vulnerability* Microsoft ASP.NET Core CVE-2019-0815 Denial of Service Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-0739 Remote Memory Corruption Vulnerability* Microsoft Edge CVE-2019-0833 Information Disclosure Vulnerability* Microsoft Edge and Internet Explorer CVE-2019-0764 Tampering Security Bypass Vulnerability* Microsoft Windows JET Database Engine CVE-2019-0879 Remote Code Execution Vulnerability* Microsoft Windows VBScript Engine CVE-2019-0842 Remote Code Execution Vulnerability
Packet Storm Security - Latest List
Red Hat Security Advisory 2019-1152-01Red Hat Security Advisory 2019-1152-01 - The python-jinja2 package contains Jinja2, a template enginewritten in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions andan optional sandboxed environment. Issues addressed include a sandbox escape vulnerability.Ubuntu Security Notice USN-3972-1Ubuntu Security Notice 3972-1 - It was discovered that PostgreSQL incorrectly handled partition routing. Aremote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affectedUbuntu 19.04. Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remoteattacker could possibly use this issue to bypass row security policies.Red Hat Security Advisory 2019-1151-01Red Hat Security Advisory 2019-1151-01 - Ruby is an extensible, interpreted, object-oriented, scriptinglanguage. It has features to process text files and to perform system management tasks. Issues addressedinclude a code execution vulnerability.Red Hat Security Advisory 2019-1148-01Red Hat Security Advisory 2019-1148-01 - Ruby is an extensible, interpreted, object-oriented, scriptinglanguage. It has features to process text files and to perform system management tasks. Issues addressedinclude a code execution vulnerability.Red Hat Security Advisory 2019-1147-01Red Hat Security Advisory 2019-1147-01 - Ruby on Rails is a model-view-controller framework for webapplication development. Action Pack implements the controller and the view components. Issues addressedinclude denial of service and traversal vulnerabilities.Red Hat Security Advisory 2019-1145-01Red Hat Security Advisory 2019-1145-01 - The Berkeley Internet Name Domain is an implementation of theDomain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying thatthe DNS server is operating correctly. Issues addressed include an ineffective connection limitationvulnerability.Red Hat Security Advisory 2019-1143-01Red Hat Security Advisory 2019-1143-01 - Flatpak is a system for building, distributing, and running sandboxeddesktop applications on Linux. Issues addressed include a bypass vulnerability.Red Hat Security Advisory 2019-1144-01Red Hat Security Advisory 2019-1144-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.Red Hat Security Advisory 2019-1150-01Red Hat Security Advisory 2019-1150-01 - Ruby is an extensible, interpreted, object-oriented, scriptinglanguage. It has features to process text files and to perform system management tasks. Issues addressedinclude a code execution vulnerability.Red Hat Security Advisory 2019-1146-01Red Hat Security Advisory 2019-1146-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 JavaRuntime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out ofbounds access vulnerability.Red Hat Security Advisory 2019-1149-01Red Hat Security Advisory 2019-1149-01 - Ruby on Rails is a model-view-controller framework for webapplication development. Action Pack implements the controller and the view components. Issues addressedinclude denial of service and traversal vulnerabilities.Red Hat Security Advisory 2019-1142-01Red Hat Security Advisory 2019-1142-01 - FreeRADIUS is a high-performance and highly configurable freeRemote Authentication Dial In User Service server, designed to allow centralized authentication andauthorization for a network. Issues addressed include a bypass vulnerability.
Debian Security Advisory 4442-1Debian Linux Security Advisory 4442-1 - A vulnerability was discovered in Ghostscript, the GPL PostScript/PDFinterpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript fileis processed (despite the - -dSAFER sandbox being enabled).Sqlite3 Window Function Remote Code ExecutionAn exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. Aspecially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote codeexecution. An attacker can send a malicious SQL command to trigger this vulnerability.Debian Security Advisory 4441-1Debian Linux Security Advisory 4441-1 - Multiple vulnerabilities were discovered in the Symfony PHPframework which could lead to cache bypass, authentication bypass, information disclosure, open redirect,cross-site request forgery, deletion of arbitrary files, or arbitrary code execution.Debian Security Advisory 4440-1Debian Linux Security Advisory 4440-1 - Multiple vulnerabilities were found in the BIND DNS server.Debian Security Advisory 4439-1Debian Linux Security Advisory 4439-1 - Dean Rasheed discovered that row security policies in thePostgreSQL database system could be bypassed.Texture Canada Unencrypted Third Party AnalyticsThe Texture Canada Android and iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below)sends potentially sensitive information such as number of app launches, device model, Android or iOS versionand screen resolution, unencrypted to a third party site (ScorecardResearch).dotCMS 5.1.1 Vulnerable DependenciesdotCMS version 5.1.1 suffers from cross site scripting and various other vulnerabilities due to various opensource dependencies.Red Hat Security Advisory 2019-1140-01Red Hat Security Advisory 2019-1140-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on theKeycloak project, that provides authentication and standards-based single sign-on capabilities for web andmobile applications. This release of Red Hat Single Sign-On 7.3.1 serves as a replacement for Red Hat SingleSign-On 7.3.0, and includes bug fixes and enhancements, which are documented in the Release Notesdocument linked to in the References. Issues addressed include a deserialization vulnerability.Ubuntu Security Notice USN-3969-2Ubuntu Security Notice 3969-2 - USN-3969-1 fixed a vulnerability in wpa_supplicant and hostapd. This updateprovides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant and hostapdincorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use thisissue to cause a denial of service. Various other issues were also addressed.Red Hat Security Advisory 2019-1131-01Red Hat Security Advisory 2019-1131-01 - FreeRADIUS is a high-performance and highly configurable freeRemote Authentication Dial In User Service server, designed to allow centralized authentication andauthorization for a network. Issues addressed include a bypass vulnerability.Ubuntu Security Notice USN-3956-2Ubuntu Security Notice 3956-2 - USN-3956-1 fixed a vulnerability in Bind. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bind incorrectlyhandled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue tocause Bind to consume resources, leading to a denial of service. Various other issues were also addressed.Ubuntu Security Notice USN-3971-1Ubuntu Security Notice 3971-1 - Zack Flack discovered that Monit incorrectly handled certain input. A remoteauthenticated user could exploit this to conduct cross-site scripting attacks. Zack Flack discovered a bufferoverread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitiveinformation.
