07-01

Weekly Awareness Report (WAR)

July 1, 2019

The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: last 10 Malware* Troj/Kryptik-JQ* Troj/VB-KHX* Troj/VBInjec-QI* Troj/Stealer-UK* Troj/Stealer-UJ* Troj/Stealer-UI* Troj/Stealer-UG* Troj/Ransom-FMW* Troj/Ransom-FMV* Troj/Ransom-FMU

Last 10 PUAs* OxyPumper* KuaiZip* HTran* Zdengo* Softcnapp* Sibelius Generic Patcher* PC Accelerate* Neoreklami* Neobar* Mimikatz Exploit Utility

Interesting News

* Criminals, ATMs and a cup of coffeeIn spring 2019, we discovered a new ATM malware sample written in Java that was uploaded to a multiscanner service fromMexico and later from Colombia. After a brief analysis, it became clear that the malware, which we call ATMJaDi, can cashout ATMs.

* * We are currently working on our own Cyber Forensics Linux distribution to be released at the begining of August called CSI Linux. We have an active FaceBook Group and YouTube Channel, Subscribe to both! As always, if you have anysuggestions, feel free to let us know. If you would like to receive the CIR updates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Dark Reading

* Krebs on Security

* The Hacker News

* Infosecurity Magazine

* Threat Post

* Naked Security

* Quick Heal - Security Simplified

Hacker Corner: Tools, Hacked Defacements, and Exploits

* Security Conferences

* Packet Storm Security Latest Published Tools

* Zone-H Latest Published Website Defacements

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* Secunia Chart of Vulnerabilities Identified

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

News

Packet Storm Security

* Trump Reversed Course On Huawei. What Happens Now?* Singapore Government To Run Another Bug Bounty* A Single Court-Ordered Wiretap Order In 2018 Swept Up 9.2 Million Intercepts* Equifax Exec Gets 4 Months For Insider Trading Due To Data Breach* Western Intelligence Hacked Yandex To Spy On Accounts* Iran Seizes 1,000 Bitcoin Mining Machines After Power Spike* AWS S3 Server Leaks Data From Fortune 100 Companies: Ford, Netflix, TD Bank* New Dridex Malware Strain Avoids AV Detection* Cisco Warns Of Critical Flaws In Data Center Network Manager* Russia Denies Role In Israeli Airport GPS Jamming* Half Of Huawei's Gear Has A Potential Backdoor* Android Spyware Campaign Spreads Across The Middle East* China Hacked Eight Major Computer Services Firms* EA Fixes Cloud Flaw That Could Have Left User Accounts At Risk* Guardian Told It Was Target Of Saudi Hacking Unit After Khashoggi Killing* Two US Towns Pay $1.1m Ransom To Hackers* Amazon Granted Patent For Surveillance Drones Service* Anonymous Hacker Exposed After Dropping USB Drive While Throwing Molotov Cocktail* U.S. Launched Cyberattacks On Iranian Intel Sites* Presidential Warnings Easy To Spoof* Facebook Usage Has Collapsed Since Scandals* Nation-Sponsored Hackers Likely Carried Out Hostile Takeover Of Rival Group's Servers* 78,0000 Prescriptions Left In Database With No Password* Firefox Zero Day Was Used In Attack Against Coinbase Employees* NASA's JPL Seems To Be Having A Hard Time With Security

Dark Reading

* Ransomware Hits Georgia Court System* The Truth About Your Software Supply Chain* Building the Future Through Security Internships* Consumer Data, Upcoming Elections Are at Risk, Black Hat Survey Says* MageCart Launches Customizable Campaign* Key Biscayne Hit by Cybersecurity Attack* Cloud Provider PCM Suffers Data Breach* How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy * Black Hat USA's New Micro Summits Deliver Focused, Practical Security Insights* New Exploit for Microsoft Excel Power Query * Chronicle Folds into Google* NIST Issues IoT Risk Guidelines* Former Equifax CIO Sentenced to Prison for Insider Trading* 7 Ways to Mitigate Supply Chain Attacks* Inside MLS, the New Protocol for Secure Enterprise Messaging* How Hackers Infiltrate Open Source Projects * Understanding & Defending Against Polymorphic Attacks* More Supply, More Demand: Cybersecurity Skills Gap Remains

News

Krebs on Security

* Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers* Breach at Cloud Solution Provider PCM Inc.* Tracing the Supply Chain Attack on Android* Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy* Microsoft Patch Tuesday, June 2019 Edition* LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach* Report: No 'Eternal Blue' Exploit Found in Baltimore City Ransomware* NY Investigates Exposure of 885 Million Mortgage Documents* Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors* Should Failing Phish Tests Be a Fireable Offense?

The Hacker News

* Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets* Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month* Account Takeover Vulnerability Found in Popular EA Games Origin Platform* 'Legit Apps Turned into Spyware' Targeting Android Users in Middle East* Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage* New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched* OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks* PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery* Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer* This Cryptomining Malware Launches Linux VMs On Windows and macOS

Security Week

* Risk-Based Vulnerability Management is a Must for Security & Compliance* European Legislation and the American Tech Industry* Threat Actor Poisons OpenPGP Certificates* Cyber Deception Company TrapX Raises $18 Million* 'Good Chance' for More US Exports to Huawei: Trump Aide* Dridex Employs Polymorphism in Recent Campaign* Trump Hints at Softer Stance on China's Huawei* Singapore Government Announces Third Bug Bounty Program* Massachusetts City Bans Facial Recognition Technology* Some Medtronic Insulin Pumps Vulnerable to Hacker Attacks* Italy Fines Facebook Over Cambridge Analytica Case* "Silexbot" Malware Bricks IoT Devices* Provider of Data Integration Services for Fortune 100 Firms Exposed Sensitive Files* New Spelevo Exploit Kit Spreads via B2B Website* Industry Reactions to Nation-State Hacking of Global Telcos* Baltimore Approves $10M in Funding for Cyber Attack Relief* Russian Tech Giant Yandex Targeted With 'Regin' Malware: Report* Former Equifax Executive Gets 4 Months for Insider Trading* US Cyber Attack on Iran: Search to Exploit Flaw* Many Potential Backdoors Found in Huawei Equipment: Study

News

Infosecurity Magazine

* Insulin Pumps Recalled By FDA For Cybersecurity Risks* Financial Industry Hit By Surging Numbers of Cyber-Incidents* Nearly 20% of UK Children Exposed to Self-Harm Images Online* New Dridex Variant Evading Traditional Antivirus * Client Data at Ford, TD Bank Exposed by Attunity* Attackers Hack PCM Inc. to Access to Client Files* Data Mapping & Discovery Tools Top Privacy Shopping Lists* Five Million IP Camera Cyber-Attacks Blocked in Just Five Months* Silexbot Bricks Nearly 4000 IoT Devices* China's 'Cloud Hopper' Hacked Eight Tech Service Companies

Threat Post

* Dating App Jack'd Fined After Leaking Users' Nude Pics* New Dridex Variant Slips By Anti-Virus Detection* MongoDB Leak Exposed Millions of Medical Insurance Records* FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps* Death of the VPN: Enterprise Security Needs New Foundations* Smart Lock Turns Out to be Not So Smart, or Secure* Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank* Scammers Prey on Instagram Vanity and 'Verified Account' Status* New Microsoft Excel Attack Vector Surfaces* Thousands of IoT Devices Bricked By Silex Malware

Naked Security

* RDP BlueKeep exploit shows why you really, really need to patch* ETERNALBLUE sextortion scam puts your password where your name should be* Cloud computing giant PCM hacked* Crave that Instagram verified badge? Don't fall for this login-stealing scam* Monday review - the hot 21 stories of the week* $50 DeepNude app undresses women with a single click* Mozilla's bizarre robo-surfer project demonstrates ad snooping* Google Maps shortcut turns into 100-car mud pie in farmer's field* Cryptocurrency phish dials back the fear, cranks up the politeness* Tesla 3 navigation system fooled with GPS spoofing

Quick Heal - Security Simplified

* Beware! Email attachments can make you victim of spear phishing attacks* The website I visited behaves weirdly. I wonder if I'm hacked?* Beware! The padlock icon and HTTPS are no more indicators of safe website* What makes Quick Heal's Next Generation Suite of Features a SMART choice to protect your privacy?* APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise* CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel* Quick Heal supports the Windows 10 May 2019 Update* What is Emotet?* CVE-2019-0708 - A Critical "Wormable” Remote Code Execution Vulnerability in Windows RDP

Security Conferences* Free 6 Month Speaking Plan* Free 6 Month Speaking Plan* Free 6 Month Speaking Plan Questionnaire* How To Speak At DEF CON* Join Our LinkedIn Group

Tools & Techniques* SQLMAP - Automatic SQL Injection Tool 1.3.7* GRR 3.3.0.3* GNUnet P2P Framework 0.11.5* Lynis Auditing Tool 2.7.5* Flawfinder 2.0.10* Falco 0.15.3* Falco 0.15.2* Hyperion Runtime Encrypter 2.0* HiddenWall Linux Firewall* Zed Attack Proxy 2.8.0 Cross Platform Package* PTF : A Way For Modular Support For Up-To-Date Tools* Scapy : Python-Based Interactive Packet Manipulation Program & Library* Best Way to Learn Programming Online If You're Tired of Books and Tutors* TwitterShadowBanV2 : Twitter Shadowban Tests* PivotSuite : Network Pivoting Toolkit To Hack The Hidden Network* Lynis : Security Auditing Tool for Unix/Linux Systems* Blisqy : Exploit Time-Based Blind-SQL Injection In HTTP-Headers* Ponce : IDA Pro Plugin That Provides Users The Ability To Perform Taint Analysis & Symbolic Execution* Cryptr : A Simple Shell Utility For Encrypting & Decrypting Files Using OpenSSL* Project iKy - Tool To Collects Information From An Email

Latest Zone-H Website Defacements* http://amlu.gov.jo/rx.html* http://difcoahuila.gob.mx/rx.html* http://conagoparesantodomingo.gob.ec/images/modric.gif* http://mthe.gov.sl/rx.html* http://www.den.ufla.br/images/* http://des.ufla.br/images/* https://dae.ufla.br/images/* http://dade.ufla.br/images/* http://cigov.ufla.br/images/* http://www.editora.ufla.br/images/* http://www.dfp.ufla.br/images/* http://prpg.ufla.br/images/* http://proplag.ufla.br/images/* http://prg.ufla.br/images/* https://praec.ufla.br/images/* https://biophee-19.ipmc.cnrs.fr/fichiers/image/z.jpg* http://bappeda.kedirikota.go.id/id.html* http://desaklegen.magelangkab.go.id/readme.htm* http://pingtung-house.gov.tw/rx.html

Proof of Concept (PoC) & Exploits

Packet Storm Security

* Packet Storm New Exploits For June, 2019* FaceSentry Access Control System 6.4.8 Cleartext Password Storage* REDDOXX Appliance Information Disclosure* FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure* SquirrelMail 1.4.22 Cross Site Scripting* FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting* FaceSentry Access Control System 6.4.8 Remote SSH Root Access* CyberPanel 1.8.4 Cross Site Request Forgery* FaceSentry Access Control System 6.4.8 Remote Root* Linux Mint 19.1 yelp Command Injection* Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation* FaceSentry Access Control System 6.4.8 Cross Site Request Forgery* Carpool Web App 1.0 Cross Site Scripting / SQL Injection* EA Origin Template Injection Remote Code Execution* FaceSentry Access Control System 6.4.8 Remote Command Injection* Premier Ilan Scripti 1 SQL Injection* Varient 1.6.1 SQL Injection* SAP Crystal Reports Information Disclosure* PowerPanel Business Edition 3.4.0 Cross Site Scripting* Sahi Pro 8.x Directory Traversal* ZoneMinder 1.32.3 Cross Site Scripting* CiuisCRM 1.6 SQL Injection

Exploit Database

* [webapps] LibreNMS 1.46 - 'addhost' Remote Code Execution* [shellcode] Linux/x86 - Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129bytes)* [shellcode] Windows/x86 - Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes)* [shellcode] Windows/x86 - bitsadmin Download and Execute (http://192.168.10.10/evil.exe "c:\evil.exe")Shellcode (210 Bytes)* [shellcode] Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode* [remote] Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)* [dos] Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion* [webapps] WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting* [webapps] WordPress Plugin iLive 1.0.4 - Cross-Site Scripting* [webapps] BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal* [webapps] AZADMIN CMS 1.0 - SQL Injection* [webapps] Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution* [papers] Buffer Overflows, C Programming, NSA GHIDRA and More* [remote] SAPIDO RB-1732 - Remote Command Execution* [remote] SuperDoctor5 - 'NRPE' Remote Code Execution* [dos] Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation* [dos] Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation* [webapps] GrandNode 4.40 - Path Traversal / Arbitrary File Download

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* Vulnerability Summary for the Week of June 24, 2019* Vulnerability Summary for the Week of June 17, 2019

Symantec - Latest List

* Microsoft Internet Explorer CVE-2019-0995 Security Bypass Vulnerability* Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability* Microsoft Windows CVE-2019-1064 Local Privilege Escalation Vulnerability* Microsoft Windows Shell CVE-2019-1053 Local Privilege Escalation Vulnerability* Microsoft Windows Installer CVE-2019-0973 DLL Loading Local Privilege Escalation Vulnerability* Microsoft Windows Hyper-V CVE-2019-0711 Denial of Service Vulnerability* Microsoft Windows Hyper-V CVE-2019-0710 Denial of Service Vulnerability* Microsoft Windows Hyper-V CVE-2019-0713 Remote Denial of Service Vulnerability* Microsoft Windows Audio Service CVE-2019-1007 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1028 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1027 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1026 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1022 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1021 Local Privilege Escalation Vulnerability* Microsoft Windows Hyper-V CVE-2019-0709 Remote Code Execution Vulnerability* Microsoft Windows Hyper-V CVE-2019-0722 Remote Code Execution Vulnerability* Microsoft Windows GDI Component CVE-2019-0977 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-0968 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1050 Information Disclosure Vulnerability* Microsoft Windows Hyper-V CVE-2019-0620 Remote Code Execution Vulnerability* Microsoft Windows GDI Component CVE-2019-1049 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1048 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1047 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1046 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1016 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1015 Information Disclosure Vulnerability

Packet Storm Security - Latest List

Debian Security Advisory 4473-1Debian Linux Security Advisory 4473-1 - Multiple security issues were found in the rdesktop RDP client, whichcould result in denial of service and the execution of arbitrary code.Ubuntu Security Notice USN-4041-1Ubuntu Security Notice 4041-1 - USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately,the update introduced a regression that interfered with networking applications that setup very lowSO_SNDBUF values. This update fixes the problem. Jonathan Looney discovered that the Linux kernel couldbe coerced into segmenting responses into multiple TCP segments. A remote attacker could construct anongoing sequence of requests to cause a denial of service. Various other issues were also addressed.Ubuntu Security Notice USN-4041-2Ubuntu Security Notice 4041-2 - USN-4041-1 provided updates for the Linux kernel in Ubuntu. This updateprovides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM. USN-4017-2 fixedvulnerabilities in the Linux kernel. Unfortunately, the update introduced a regression that interfered withnetworking applications that setup very low SO_SNDBUF values. This update fixes the problem. Various otherissues were also addressed.Debian Security Advisory 4472-1Debian Linux Security Advisory 4472-1 - It was discovered that Expat, an XML parsing C library, did notproperly handled XML input including XML names that contain a large number of colons, potentially resulting indenial of service.Google Chrome PDF Plugin Pepper Socket API AccessThere is a security issue where Google Chrome's PDF plugin is allowed to use the Pepper Socket API. Patchesare included in this archive.Red Hat Security Advisory 2019-1626-01Red Hat Security Advisory 2019-1626-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.Ubuntu Security Notice USN-4042-1Ubuntu Security Notice 4042-1 - It was discovered that poppler incorrectly handled certain files. If a user orautomated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service, orpossibly execute arbitrary codeRed Hat Security Advisory 2019-1623-01Red Hat Security Advisory 2019-1623-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.Red Hat Security Advisory 2019-1632-01Red Hat Security Advisory 2019-1632-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. Issuesaddressed include an arbitrary file write vulnerability.Red Hat Security Advisory 2019-1633-01Red Hat Security Advisory 2019-1633-01 - Red Hat OpenShift Container Platform is the company's cloudcomputing Platform-as-a-Service solution designed for on-premise or private cloud deployments. All OpenShiftContainer Platform 3.11 users are advised to upgrade to these updated packages and images. Issuesaddressed include an arbitrary file write vulnerability.Red Hat Security Advisory 2019-1624-01Red Hat Security Advisory 2019-1624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.Red Hat Security Advisory 2019-1619-01Red Hat Security Advisory 2019-1619-01 - Vim is an updated and improved version of the vi editor. An arbitrarycommand execution vulnerability was addressed.Ubuntu Security Notice USN-4040-1

Ubuntu Security Notice 4040-1 - It was discovered that Expat incorrectly handled certain XML files. An attackercould possibly use this issue to cause a denial of service.Ubuntu Security Notice USN-4040-2Ubuntu Security Notice 4040-2 - USN-4040-1 fixed a vulnerability in expat. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectlyhandled certain XML files. An attacker could possibly use this issue to cause a denial of service.Red Hat Security Advisory 2019-1591-01Red Hat Security Advisory 2019-1591-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. An issue wasaddressed where OAuth access tokens were written in plaintext to the API server audit logs.Coldfusion / JNBridge Remote Code ExecutionColdfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote codeexecution vulnerability.Ubuntu Security Notice USN-4038-2Ubuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Variousother issues were also addressed.Ubuntu Security Notice USN-4038-1Ubuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. Anattacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue toexecute arbitrary code.AMD Secure Encrypted Virtualization (SEV) Key RecoveryAMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guestvirtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation atlaunch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curveattack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves,and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collectingenough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attackercan recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered bySEV.WebEx Man-In-The-MiddleWebEx appears to suffer from man-in-the-middle attacks due to accepting any TLS certificates as valid.Red Hat Security Advisory 2019-1603-01Red Hat Security Advisory 2019-1603-01 - Mozilla Firefox is an open-source web browser, designed forstandards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Red Hat Security Advisory 2019-1604-01Red Hat Security Advisory 2019-1604-01 - Mozilla Firefox is an open-source web browser, designed forstandards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Red Hat Security Advisory 2019-1602-01Red Hat Security Advisory 2019-1602-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issuesaddressed include a denial of service vulnerability.Debian Security Advisory 4471-1Debian Linux Security Advisory 4471-1 - Multiple security issues have been found in Thunderbird which maylead to the execution of arbitrary code if malformed email messages are read.

https://www.informationwarfarecenter.com