07-22

Weekly Awareness Report (WAR)

July 22, 2019

The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: Last Malware* Troj/Trickbo-SG* Troj/Phish-FPB* Troj/Nanoco-TD* Troj/Fareit-IGZ* Troj/DocPh-GX* Troj/DocPh-GW* Mal/Behav-132* Troj/PDFUri-HNM* Troj/NanoCo-TC* Troj/LokiBot-DQ

Last PUAs* WinDivert* Driver Pack* IStartSurfInstaller* Download Assistant* Coinminer Config* Bundlore* VKontakteDJ* Softcnapp* ICLoader* RemoteAdmin

Interesting News

* Turla renews its arsenal with Topinambour2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they'recreating new tools. Here we'll tell you about several of them, namely "Topinambour” and its related modules.

* * The IWC Academy has been officially released this month! We currently have a Red Team Operator track that coversseveral certifications including the Security+, CEHv10, CySA+, Pentest+, and several specialized courses. Contact us fordetails. We are currently working on our own Cyber Forensics Linux distribution to be released at the begining of Augustcalled CSI Linux. We have an active FaceBook Group and YouTube Channel, Subscribe to both! As always, if you haveany suggestions, feel free to let us know. If you would like to receive the CIR updates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Dark Reading

* Krebs on Security

* The Hacker News

* Infosecurity Magazine

* Threat Post

* Naked Security

* Quick Heal - Security Simplified

Hacker Corner: Tools, Hacked Defacements, and Exploits

* Security Conferences

* Packet Storm Security Latest Published Tools

* Zone-H Latest Published Website Defacements

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* Secunia Chart of Vulnerabilities Identified

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

News

Packet Storm Security

* Fed Sees Crypto Currencies Shifting U.S. Financial System* Microsoft Opens Dynamics 365 Bug Bounty With $20k Top Prize* Hackers Publish List Of Phished Discord Credentials* Oakland Follows San Francisco's Lead In Banning Facial Recognition Tech* Skylight Cyber Bypasses Cylance AI* No, You Don't Need A Burner Phone At A Hacking Conference* US Senator Asks FBI To Investigate FaceApp* Microsoft Warns 10,000 Customers They're Targeted By Nation States* Slack Resets Passwords For 1% Of Its Users Because Of 2015 Hack* Unofficial Telegram App Secretly Loads Malicious Sites* Bluetooth Exploit Can Track And Identify Mobile Device Users* Elon Musk Reveals Brain Hacking Plans* JetBlue Bomb Scare Set Off With Apple AirDrop* MyDashWallet Compromised For Two Months, Wallet Keys Taken* Office 365 Declared Illegal In German Schools Due To Privacy Risks* Amadeus Airline Check-In Bug Exposed Boarding Passes* Sprint Says Hackers Breached Customer Accounts Via Samsung Website* Bitcoin Drops 10 Percent As Scrutiny Grows* Facebooks FTC Fine Will Be $5 Billion* Malicious Code Ousted From PureScript's npm Installer* WhatsApp, Telegram Let Hackers Change What You See* Google Workers Can Listen To What People Say To Its AI Home Devices* Eavesdropping Flaw Prompts Apple To Suspend Walkie Talkie App* Approaches To Implementing Bug Bounty Programs* Engineer Flees To China After Stealing Source Code Of US Train Firm

Dark Reading

* Firmware Vulnerabilities Show Supply Chain Risks* Ex-NSA Contractor Gets 9 Years for Retaining Defense Data* CISO Pressures: Why the Role Stinks and How to Fix It* 6 Actions that Made GDPR Real in 2019* In-Depth* Edge Feature Section* Malware in PyPI Code Shows Supply Chain Risks* Europol Head Fears 5G Will Give Criminals an Edge* Mirai Groups Target Business IoT Devices* The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike* Crack the Defenses of iOS and other Platforms at Black Hat USA* Security Lessons From a New Programming Language* BitPaymer Ransomware Operators Wage Custom, Targeted Attacks* RDP Bug Takes New Approach to Host Compromise* Open Source Hacking Tool Grows Up* 8 Legit Tools and Utilities That Cybercriminals Commonly Misuse* Bulgarian Tax Breach Nets All the Records* How Capture the Flag Competitions Strengthen the Cybersecurity Workforce

News

Krebs on Security

* What You Should Know About the Equifax Data Breach Settlement* QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack* Party Like a Russian, Carder's Edition* Meet the World's Biggest 'Bulletproof' Hoster* Is 'REvil' the New GandCrab Ransomware?* FEC: Campaigns Can Use Discounted Cybersecurity Services* Patch Tuesday Lowdown, July 2019 Edition* Who's Behind the GandCrab Ransomware?* Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers* Breach at Cloud Solution Provider PCM Inc.

The Hacker News

* Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully* Slack Resets Passwords For Users Who Hadn't Changed It Since 2015 Breach* Hacker Stole Data of Over 70% Bulgarian Citizens from Tax Agency Servers* EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users* New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission* Engage Your Management with the Definitive 'Security for Management' Presentation Template* Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram* Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu* iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts* This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

Security Week

* AMCA Breach: Many More Impacted Healthcare Firms Come Forward* Huawei's Czech Unit Secretly Collected Data: Report* Browser Extensions Massively Collecting User Data* FSB Contractor Hacked, Secret Russian Projects Exposed* Critical RCE Vulnerability Found in Palo Alto Networks VPN Product* Questions to Ask Before Choosing a Threat Intelligence RFI Service* Equifax to Pay up to $700 Million to Consumers, Authorities Over 2017 Breach* Digital Transformation Makes the Case for Log Retention in Cloud SIEMs* Report: Equifax to Pay $700 Million in Breach Settlement* BlackBerry Cylance Downplays, Patches Antivirus Bypass* Ex-NSA Contractor Sentenced to 9 Years for Stolen Documents* Scotland Yard Twitter and Emails Hacked* Iranian Hackers Use New Malware in Recent Attacks* The Growing Threat of Targeted Ransomware* Author of Dryad and Rubella Macro Builders Arrested* Why Incident Response Must Adopt a Kill Chain Perspective* Israel Spyware Firm Can Mine Data From Social Media: FT* Microsoft Launches Bug Bounty Program for Dynamics 365 * Ex-NSA Contractor to Be Sentenced in Stolen Documents Case* Google Increases Bug Bounty Program Rewards

News

Infosecurity Magazine

* New Laws in Asia Pacific Impact Threat Landscape* TrickBot Trojan Pushed as Browser Update* Equifax to Pay $575m in Data Breach Settlement * Ex-NSA Contractor Gets Nine Years for Stealing Secret Docs* Over 60 US Colleges Compromised by ERP Exploit* Russian FSB Contractor Breach Reveals 7.5TB of Data* Slack Resets 1% of Passwords After 2015 Data Breach* FinServ Fears Cert-Related Outages Will Hurt Brand * New Malware Frame Cashing in on Ad Fraud * Magecart Group Spotted Operating From War Zone

Threat Post

* Tackling the Collaboration Conundrum* Large-Scale Government Hacks Hit Russia, Bulgaria* Amazon Alexa, Google Home On Collision Course With Regulation* Equifax to Pay $700 Million in 2017 Data Breach Settlement* Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections* Adult Sites Lack Privacy, Open the Door for Harassment and Tracking* Bug in NVIDIA's Tegra Chipset Opens Door to Malicious Code Execution* Security Watch: Elon Musk's NeuraLink Links Brains to iPhones via Bluetooth* Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises* Slack Initiates Mass Password Reset

Naked Security

* Chrome 76 blocks websites from detecting incognito mode* Hacked Bulgarian database reaches online forums* Stop facial recognition trials now, warns UK committee* Monday review - the hot 22 stories of the week* Firefox to pile on more native privacy features* Shapeshifting Morpheus chip aims to baffle hackers* FaceApp privacy panic sets internet alight* Series 2 launch episode - RDP exposed [PODCAST]* Hacked Bluetooth hair straighteners are too hot to handle* Google Chrome is ditching its XSS detection tool

Quick Heal - Security Simplified

* Webcam Hacking - How to prevent webcam from hacking into your privacy?* Ransomware As A Tool - LockerGoga* Beware! Email attachments can make you victim of spear phishing attacks* The website I visited behaves weirdly. I wonder if I'm hacked?* Beware! The padlock icon and HTTPS are no more indicators of safe website* What makes Quick Heal's Next Generation Suite of Features a SMART choice to protect your privacy?* APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise* CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel* Quick Heal supports the Windows 10 May 2019 Update

Security Conferences* Premium Enterprise Speaking Service* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe

Tools & Techniques* Wireshark Analyzer 3.0.3* Falco 0.16.0* GNU Privacy Guard 2.2.17* Scapy Packet Manipulation Tool 2.4.3rc3* Samhain File Integrity Checker 4.3.3* pArAnoIA Browser 0.1* I2P 0.9.41* GRR 3.3.0.4* Scapy Packet Manipulation Tool 2.4.3rc2* SQLMAP - Automatic SQL Injection Tool 1.3.7* Userrecon PY : Recognition Usernames In 187 Social Networks* Explo : Human & Machine Readable Web Vulnerability Testing Format* Blisqy : Exploit Time-based Blind-SQL Injection In HTTP-Headers* Brute Force : BruteForce Gmail, Hotmail, Twitter, Facebook & Netflix* DIE : Program For Determining Types Of Files For Windows, Linux & MacOS* Machinae : Machinae Security Intelligence Collector* Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox/VM* Blind SQL Bitshifting : A Blind SQL Injection Module That Uses Bitshfting To Calculate Characters* Caldera : An Automated Adversary Emulation System* Shellsum : A Defense Tool - Detect Web Shells In Local Directories Via MD5Sum

Latest Zone-H Website Defacements* https://naranjos.gob.mx/index.php* https://chinampa.gob.mx* http://taiwan-rotary.org/vendor/readme.html* http://desalakomea.bombanakab.go.id* https://bombanakab.go.id/ies.php* https://funcultural.portovelho.ro.gov.br* https://cidadedigital.portovelho.ro.gov.br* https://semdestur.portovelho.ro.gov.br* https://sgp.portovelho.ro.gov.br* https://pgm.portovelho.ro.gov.br* https://sgg.portovelho.ro.gov.br* https://ouvidoria.portovelho.ro.gov.br* https://semagric.portovelho.ro.gov.br* https://planodiretor.portovelho.ro.gov.br* https://sistemas.portovelho.ro.gov.br* https://arquivos.portovelho.ro.gov.br* http://dct.portovelho.ro.gov.br* https://semtran.portovelho.ro.gov.br

Proof of Concept (PoC) & Exploits

Packet Storm Security

* Microsoft Windows Task Scheduler Local Privilege Escalation* MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow* fuelCMS 1.4.1 Remote Code Execution* Web Ofisi E-Ticaret 3 SQL Injection* Web Ofisi Emlak 3 SQL Injection* Web Ofisi Emlak 2 SQL Injection* Web Ofisi Platinum E-Ticaret 5 SQL Injection* REDCap Cross Site Scripting* Web Ofisi Firma 13 SQL Injection* Web Ofisi Rent A Car 3 SQL Injection* Web Ofisi Firma Rehberi 1 SQL Injection* Microsoft Windows RPCSS Activation Kernel Security Callback Privilege Escalation* WordPress OneSignal 1.17.5 Cross Site Scripting* Oracle Siebel CRM 19.0 Cross Site Scripting* MAPLE Computer WBT SNMP Administrator 2.0.195.15 Buffer Overflow* Huawei HG530 Reboot / Restore Authentication Bypass* WinMPG iPod Convert 3.0 Denial Of Service* FANUC Robotics Virtual Robot Controller 8.23 Path Traversal* FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow* Microsoft Windows NtUserSetWindowFNID Win32k User Callback* Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling

Exploit Database

* [webapps] Axway SecureTransport 5 - Unauthenticated XML Injection* [local] Comtrend-AR-5310 - Restricted Shell Escape* [dos] BACnet Stack 0.8.6 - Denial of Service* [local] Docker - Container Escape* [webapps] REDCap * [webapps] Web Ofisi Firma 13 - 'oz' SQL Injection* [webapps] Web Ofisi Rent a Car 3 - 'klima' SQL Injection* [webapps] Web Ofisi Firma Rehberi 1 - 'il' SQL Injection* [webapps] Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection* [webapps] Web Ofisi Emlak 2 - 'ara' SQL Injection* [webapps] Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection* [webapps] Web Ofisi E-Ticaret 3 - 'a' SQL Injection* [webapps] fuelCMS 1.4.1 - Remote Code Execution* [remote] MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)* [webapps] WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting* [local] Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation* [local] Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* Vulnerability Summary for the Week of July 8, 2019* Vulnerability Summary for the Week of July 1, 2019

Symantec - Latest List

* Microsoft Edge Chakra Scripting Engine CVE-2019-1107 Remote Memory Corruption Vulnerability* Microsoft Windows WLAN Service CVE-2019-1085 Local Privilege Escalation Vulnerability* Microsoft Windows CVE-2019-1082 Local Privilege Escalation Vulnerability* Microsoft Windows CVE-2019-1074 Local Privilege Escalation Vulnerability* Microsoft Windows Error Reporting CVE-2019-1037 Local Privilege Escalation Vulnerability* Microsoft Windows Win32k CVE-2019-1132 Local Privilege Escalation Vulnerability* Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability* Microsoft Windows DirectX CVE-2019-0999 Local Privilege Escalation Vulnerability* Microsoft Windows Active Directory Federation Services CVE-2019-1126 Security Bypass Vulnerability* Microsoft Windows ADFS CVE-2019-0975 Security Bypass Vulnerability* Microsoft Windows Hyper-V CVE-2019-0966 Denial of Service Vulnerability* Microsoft Windows Remote Desktop Protocol Client CVE-2019-1108 Information Disclosure Vulnerability* Microsoft Windows Remote Desktop Services CVE-2019-0887 Remote Code Execution Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1106 Remote Memory Corruption Vulnerability* Microsoft Windows Win32k CVE-2019-1096 Local Information Disclosure Vulnerability* Microsoft Windows Kernel CVE-2019-1073 Local Information Disclosure Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1103 Remote Memory Corruption Vulnerability* Microsoft Windows Kernel CVE-2019-1071 Local Information Disclosure Vulnerability* Microsoft Azure Automation CVE-2019-0962 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1092 Remote Memory Corruption Vulnerability* Microsoft Visual Studio CVE-2019-1079 XML External Entity Information Disclosure Vulnerability* Microsoft Visual Studio CVE-2019-1077 Local Privilege Escalation Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1062 Remote Memory Corruption Vulnerability* Microsoft Exchange Server CVE-2019-1137 Spoofing Vulnerability* Microsoft Team Foundation Server CVE-2019-1076 Cross Site Scripting Vulnerability

Packet Storm Security - Latest List

Ubuntu Security Notice USN-4065-1Ubuntu Security Notice 4065-1 - It was discovered that Squid incorrectly handled Digest authentication. Aremote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. It wasdiscovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to causeSquid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affectedUbuntu 19.04. Various other issues were also addressed.Ubuntu Security Notice USN-4064-1Ubuntu Security Notice 4064-1 - A sandbox escape was discovered in Thunderbird. If a user were tricked in toinstalling a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple securityissues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in abrowsing context, an attacker could potentially exploit these to cause a denial of service, bypass same originrestrictions, conduct cross-site scripting attacks, spoof origin attributes, or execute arbitrary code. Various otherissues were also addressed.Ubuntu Security Notice USN-4063-1Ubuntu Security Notice 4063-1 - Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogoscripts. If a user were tricked into opening a specially crafted document, a remote attacker could causeLibreOffice to execute arbitrary code. Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handledstealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when runningin stealth mode. Various other issues were also addressed.Ubuntu Security Notice USN-4059-2Ubuntu Security Notice 4059-2 - USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. Thisupdate provides the corresponding update for Ubuntu 12.04 ESM. Louis Dion-Marcil discovered that Squidincorrectly handled certain Edge Side Includes responses. A malicious remote server could possibly causeSquid to crash, resulting in a denial of service. Various other issues were also addressed.Debian Security Advisory 4483-1Debian Linux Security Advisory 4483-1 - Two security issues have been discovered in LibreOffice.Red Hat Security Advisory 2019-1799-01Red Hat Security Advisory 2019-1799-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting anduse-after-free vulnerabilities.Ubuntu Security Notice USN-4062-1Ubuntu Security Notice 4062-1 - Rohan Padhye discovered that WavPack incorrectly handled certain WAVfiles. An attacker could possibly use this issue to cause a denial of service.Ubuntu Security Notice USN-4060-2Ubuntu Security Notice 4060-2 - USN-4060-1 fixed several vulnerabilities in nss. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Henry Corrigan-Gibbs discovered thatNSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to causeNSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issueswere also addressed.Red Hat Security Advisory 2019-1797-01Red Hat Security Advisory 2019-1797-01 - Red Hat JBoss BPM Suite is a business rules and processesmanagement system for the management, storage, creation, modification, and deployment of JBoss rules andBPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.12 serves as areplacement for Red Hat JBoss BPM Suite 6.4.11, and includes bug fixes and enhancements, which aredocumented in the Release Notes document linked to in the References. Issues addressed include codeexecution and deserialization vulnerabilities.Ubuntu Security Notice USN-4061-1Ubuntu Security Notice 4061-1 - It was discovered that Redis incorrectly handled the hyperloglog data

structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possiblyexecute arbitrary code.Red Hat Security Advisory 2019-1793-01Red Hat Security Advisory 2019-1793-01 - Vim is an updated and improved version of the vi editor. Issuesaddressed include a command execution vulnerability.Red Hat Security Advisory 2019-1791-01Red Hat Security Advisory 2019-1791-01 - The libssh2 packages provide a library that implements the SSH2protocol. Issues addressed include an out of bounds write vulnerability.Red Hat Security Advisory 2019-1792-01Red Hat Security Advisory 2019-1792-01 - The keepalived utility provides simple and robust facilities for loadbalancing and high availability. The load balancing framework relies on the well-known and widely used IPVirtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers todynamically and adaptively maintain and manage a load balanced server pool according to the health of theservers. Keepalived also implements the Virtual Router Redundancy Protocol to achieve high availability withdirector failover. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.Red Hat Security Advisory 2019-1790-01Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly usedfor system administration utilities and web programming. Issues addressed include a buffer overflowvulnerability.Red Hat Security Advisory 2019-1789-01Red Hat Security Advisory 2019-1789-01 - 389 Directory Server is an LDAP version 3 compliant server. Thebase packages include the Lightweight Directory Access Protocol server and command-line utilities for serveradministration. Issues addressed include a denial of service vulnerability.Ubuntu Security Notice USN-4060-1Ubuntu Security Notice 4060-1 - Henry Corrigan-Gibbs discovered that NSS incorrectly handled importingcertain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial ofservice, or possibly obtain sensitive information. Hubert Kario discovered that NSS incorrectly handled PKCS#1v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. Various other issues werealso addressed.Red Hat Security Advisory 2019-1782-01Red Hat Security Advisory 2019-1782-01 - Red Hat JBoss BRMS is a business rules management system forthe management, storage, creation, modification, and deployment of JBoss Rules. This release of Red HatJBoss BRMS 6.4.11 serves as a replacement for Red Hat JBoss BRMS 6.4.10, and includes bug fixes andenhancements, which are documented in the Release Notes document linked to in the References. Issuesaddressed include code execution and deserialization vulnerabilities.Ubuntu Security Notice USN-4059-1Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. Aremote attacker could possibly use this issue to cause memory consumption, leading to a denial of service.This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Squid incorrectlyhandled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-sitescripting attacks. Various other issues were also addressed.Ubuntu Security Notice USN-4058-1Ubuntu Security Notice 4058-1 - It was discovered that Bash incorrectly handled the restricted shell. Anattacker could possibly use this issue to escape restrictions and execute any command.Deutsche Telekom CERT Advisory DTC-A-20170323-001FRITZ!OS versions 6.83 and 6.80 (AVM DSL Router Fritz!Box 7490) suffer from an information leakagevulnerability.SAPUI5 1.0.0 / SAP Gateway 7.5 / 7.51 / 7.52 / 7.53 Content Spoofing

SAPUI5 version 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53are vulnerable to contentspoofing in multiple parameters.Ubuntu Security Notice USN-4057-1Ubuntu Security Notice 4057-1 - Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files.An attacker could use this vulnerability to cause a denial of service or consume system resources.Slackware Security Advisory - bzip2 UpdatesSlackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -currentto fix security issues. Ubuntu Security Notice USN-4056-1Ubuntu Security Notice 4056-1 - It was discovered that Exiv2 incorrectly handled certain PSD files. An attackercould possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handledcertain PNG files. An attacker could possibly use this issue to cause a denial of service. It was discovered thatExiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial ofservice. Various other issues were also addressed.

https://www.informationwarfarecenter.com