Security Flaws & Fixes - W/E -051917
Apple Updates iOS, Safari, Other Products (05/16/2017)
Apple has released multiple advisories to address vulnerabilities across various products. The products that have been updated include macOS Sierra, iOS, watchOS, tvOS, iCloud for Windows, Safari, and iTunes for Windows.
Apple has released multiple advisories to address vulnerabilities across various products. The products that have been updated include macOS Sierra, iOS, watchOS, tvOS, iCloud for Windows, Safari, and iTunes for Windows.
Critical Update Released for Unsupported Microsoft Platforms in Wake of WannaCry (05/15/2017)
In a highly unprecedented action, Microsoft announced that it was providing updates to unsupported Windows platforms to protect against the WannaCry ransomware attacks that have crippled computers worldwide. The attacks locked up systems in hospitals, schools, and at various organizations including FedEx, Russia's ministry of the interior, and China National Petroleum beginning on May 12. Microsoft released an update for Windows XP, Windows 8, and Windows Server 2003, all of which are in custom support only. Customers running Windows 10 weren't affected by WannaCry. Microsoft patched the vulnerability causing WannaCry in March for supported programs.
In a highly unprecedented action, Microsoft announced that it was providing updates to unsupported Windows platforms to protect against the WannaCry ransomware attacks that have crippled computers worldwide. The attacks locked up systems in hospitals, schools, and at various organizations including FedEx, Russia's ministry of the interior, and China National Petroleum beginning on May 12. Microsoft released an update for Windows XP, Windows 8, and Windows Server 2003, all of which are in custom support only. Customers running Windows 10 weren't affected by WannaCry. Microsoft patched the vulnerability causing WannaCry in March for supported programs.
ICS-CERT Advises on WannaCry Ransomware Attacks (05/16/2017)
ICS-CERT issued an alert and a fact sheet regarding industrial control system and medical device vendors who have offered recommendations to mitigate risks against the WannaCry ransomware attacks. Rockwell Automation, Becton, Dickinson and Company, and Schneider Electric all support products that use Windows and have proactively issued customer notifications with recommendations for users.
ICS-CERT issued an alert and a fact sheet regarding industrial control system and medical device vendors who have offered recommendations to mitigate risks against the WannaCry ransomware attacks. Rockwell Automation, Becton, Dickinson and Company, and Schneider Electric all support products that use Windows and have proactively issued customer notifications with recommendations for users.
Issues Affect Security of Satel Iberia SenNet Data Logger and Electricity Meters (05/15/2017)
Command injection vulnerabilities have been discovered in Satel Iberia's SenNet data logger and electricity meters, as discussed in an ICS-CERT advisory. Successful exploitation of this vulnerability could allow the attacker to gain root privilege to run arbitrary commands and change system data. Users should contact Satel Iberia for updates.
Command injection vulnerabilities have been discovered in Satel Iberia's SenNet data logger and electricity meters, as discussed in an ICS-CERT advisory. Successful exploitation of this vulnerability could allow the attacker to gain root privilege to run arbitrary commands and change system data. Users should contact Satel Iberia for updates.
Joomla! Fixes Critical Vulnerability with Newly Released Version (05/17/2017)
Joomla! 3.7.1 has been released to address a critical security issue as well as several bugs. The main issue that has been remedied is a SQL injection that affected Joomla version 3.7.0.
Joomla! 3.7.1 has been released to address a critical security issue as well as several bugs. The main issue that has been remedied is a SQL injection that affected Joomla version 3.7.0.
Multiple Advisories Released for Security Issues with Cisco Products (05/17/2017)
Cisco pushed out advisories for various products. Among the fixes is an update for Prime Collaboration Provisioning that is affected by an authentication bypass bug.
Cisco pushed out advisories for various products. Among the fixes is an update for Prime Collaboration Provisioning that is affected by an authentication bypass bug.
New Version of WordPress Has Been Released (05/17/2017)
Version 4.7.5 of WordPress is now available. Earlier versions are affected by various issues including cross-site scripting, improper handling of post metadata values, and insufficient redirect validation vulnerabilities.
Version 4.7.5 of WordPress is now available. Earlier versions are affected by various issues including cross-site scripting, improper handling of post metadata values, and insufficient redirect validation vulnerabilities.
Researcher Warns Chrome Pilfering Leads to Swiped Windows Credentials (05/17/2017)
Security researcher Bosko Stankovic of DefenseCode has determined a method that combines Google Chrome and the Windows Server Message Block (SMB) file-sharing protocol to spit out computer login credentials. "Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his Web site to be able to proceed and reuse victim's authentication credentials," Stankovic said. His method enables an attacker to grab a username and Microsoft LAN Manager password hash which then makes possible SMB relay attacks. The flaw exists in the latest Chrome version running Windows 10.
Security researcher Bosko Stankovic of DefenseCode has determined a method that combines Google Chrome and the Windows Server Message Block (SMB) file-sharing protocol to spit out computer login credentials. "Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his Web site to be able to proceed and reuse victim's authentication credentials," Stankovic said. His method enables an attacker to grab a username and Microsoft LAN Manager password hash which then makes possible SMB relay attacks. The flaw exists in the latest Chrome version running Windows 10.
Schneider Electric Advises on Security Issues (05/17/2017)
Schneider Electric has issued multiple advisories regarding vulnerabilities in its products. SoMachine HVAC, a PLC programming software, is vulnerable to buffer overflow and DLL hijacking. Two advisories have been released, according to ICS-CERT's own advisory. Two more advisories detail memory corruption issues affecting VAMPSET. ICS-CERT has posted an advisory regarding this issue as well.
Schneider Electric has issued multiple advisories regarding vulnerabilities in its products. SoMachine HVAC, a PLC programming software, is vulnerable to buffer overflow and DLL hijacking. Two advisories have been released, according to ICS-CERT's own advisory. Two more advisories detail memory corruption issues affecting VAMPSET. ICS-CERT has posted an advisory regarding this issue as well.
Unauthenticated Access Bug Found in SRN-4000 Portal (05/17/2017)
Hanwha Techwin's SRN-400 network video management platform has a bug that could allow unauthenticated access to the portal. Further information has been made available by ICS-CERT.
Hanwha Techwin's SRN-400 network video management platform has a bug that could allow unauthenticated access to the portal. Further information has been made available by ICS-CERT.
Updated Phoenix Contact's mGuard Firmware Resolves Vulnerabilities (05/15/2017)
Resource exhaustion and improper authentication vulnerabilities in Phoenix Contact's mGuard network devices could enable an attacker to disrupt the availability of the device and gain unauthorized access, according to an advisory from ICS-CERT. Versions 8.3.0 to 8.4.2 of mGuard are affected, and users are directed to upgrade to firmware Version 8.5.0, or higher, for vulnerability mitigation.
Resource exhaustion and improper authentication vulnerabilities in Phoenix Contact's mGuard network devices could enable an attacker to disrupt the availability of the device and gain unauthorized access, according to an advisory from ICS-CERT. Versions 8.3.0 to 8.4.2 of mGuard are affected, and users are directed to upgrade to firmware Version 8.5.0, or higher, for vulnerability mitigation.
Vulnerabilities Affect Legacy Detcon SiteWatch Gateway (05/17/2017)
Some versions of Detcon SiteWatch Gateway, an Ethernet Notification System, are vulnerable to improper authentication and plaintext storage of password vulnerabilities, an ICS-CERT advisory reports. Detcon no longer sells or maintains the SiteWatch Gateway product. The vendor has attempted to send a notification to all SiteWatch users.
Some versions of Detcon SiteWatch Gateway, an Ethernet Notification System, are vulnerable to improper authentication and plaintext storage of password vulnerabilities, an ICS-CERT advisory reports. Detcon no longer sells or maintains the SiteWatch Gateway product. The vendor has attempted to send a notification to all SiteWatch users.