Security Flaws & Fixes - W/E - 071417
ABB Advises on Vulnerabilities Affecting VSN300 WiFi Logger Card (07/11/2017)
An ICS-CERT advisory discusses several vulnerabilities in ABB's VSN300 WiFi Logger Card. ABB recommends that users update firmware to version 1.9.0 or newer for WiFi Logger Card, and version 2.2.5 or newer for WiFi Logger Card for React. This can be done via remote firmware updating with Aurora Vision or via integrated Web user interface by downloading the firmware from the ABB server.
An ICS-CERT advisory discusses several vulnerabilities in ABB's VSN300 WiFi Logger Card. ABB recommends that users update firmware to version 1.9.0 or newer for WiFi Logger Card, and version 2.2.5 or newer for WiFi Logger Card for React. This can be done via remote firmware updating with Aurora Vision or via integrated Web user interface by downloading the firmware from the ABB server.
Adobe Fixes Bugs in Flash, Connect (07/11/2017)
Adobe has pushed out fixes for Flash Player and Connect. The vendor is reminding users to immediately update these products because the updates remedy some highly critical bugs.
Adobe has pushed out fixes for Flash Player and Connect. The vendor is reminding users to immediately update these products because the updates remedy some highly critical bugs.
Advisory Offers Details into SEL-3620, SEL-3622 Security Vulnerabilities (07/11/2017)
Schweitzer Engineering Laboratories' SEL-3620 and SEL-3622 have improper access control vulnerabilities. ICS-CERT has posted an advisory with additional information.
Schweitzer Engineering Laboratories' SEL-3620 and SEL-3622 have improper access control vulnerabilities. ICS-CERT has posted an advisory with additional information.
Broadpwn Bug Hits Both Android and iOS Devices (07/11/2017)
Broadcom Wi-Fi chips which are used in Android and iOS devices contain a bug that could enable an attacker to execute code on the affected devices, Softpedia has reported. Exodus Intelligence researcher Nitay Artenstein found the bug, which is documented in CVE-2017-3544 and reported it to Google, which fixed it in its Android Security Bulletin for July. The bug has been dubbed "Broadpwn." Apple has not commented on details regarding Broadpwn affecting its iOS devices.
Broadcom Wi-Fi chips which are used in Android and iOS devices contain a bug that could enable an attacker to execute code on the affected devices, Softpedia has reported. Exodus Intelligence researcher Nitay Artenstein found the bug, which is documented in CVE-2017-3544 and reported it to Google, which fixed it in its Android Security Bulletin for July. The bug has been dubbed "Broadpwn." Apple has not commented on details regarding Broadpwn affecting its iOS devices.
Check Point Addresses Security Bugs Exploiting Streaming Platforms (07/10/2017)
Check Point Software's posted analysis of an attack vector the vendor's research team had first discussed back in May that is more in-depth. The attack vector entailed a number of vulnerabilities found in streaming platforms including VLC, Kodi (XBMC), PopcornTime, and strem.io. The vulnerabilities ranged from simple cross-site scripting attacks to memory corruption issues, but have since been fixed.
Check Point Software's posted analysis of an attack vector the vendor's research team had first discussed back in May that is more in-depth. The attack vector entailed a number of vulnerabilities found in streaming platforms including VLC, Kodi (XBMC), PopcornTime, and strem.io. The vulnerabilities ranged from simple cross-site scripting attacks to memory corruption issues, but have since been fixed.
Free Eternal Blues Tool Finds Thousands of Exposed Hosts (07/12/2017)
Imperva's Elad Erez has created Eternal Blues, a free scanner that checks to see if networks are vulnerable to the EternalBlue exploit. Between July 1 and July 12, Eternal Blues was used for more than 23,000 scans of over eight million IP addresses, and 60,000 hosts were identified as vulnerable.
Imperva's Elad Erez has created Eternal Blues, a free scanner that checks to see if networks are vulnerable to the EternalBlue exploit. Between July 1 and July 12, Eternal Blues was used for more than 23,000 scans of over eight million IP addresses, and 60,000 hosts were identified as vulnerable.
Fuji Electric's V-Server Has Memory Corruption Issue, Patch Available (07/11/2017)
Fuji Electric has produced a patch for V-Server due to a memory corruption vulnerability. ICS-CERT has issued its own advisory regarding this issue, providing further information.
Fuji Electric has produced a patch for V-Server due to a memory corruption vulnerability. ICS-CERT has issued its own advisory regarding this issue, providing further information.
Google Swats 138 Bugs in Its July Security Patch Bulletin (07/11/2017)
Google has released its Android Security Bulletin for July, and among the most severe issues is a vulnerability in media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. Overall, Google patched 138 bugs.
Google has released its Android Security Bulletin for July, and among the most severe issues is a vulnerability in media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. Overall, Google patched 138 bugs.
HPE Takes Care of Vulnerabilities with Updates, Workarounds (07/12/2017)
Hewlett-Packard Enterprise (HPE) has provided information on various vulnerabilities within its products. Workarounds have been released for NonStop Server, which is affected by an access restriction bypass in the Samba component. Issues, including cross-site scripting and security bypass bugs, have been patched in Network Node Manager. Updates to SiteScope fix four vulnerabilities. HPE also updated an earlier advisory to provide users with information regarding vulnerabilities in the Intelligent Management Center.
Hewlett-Packard Enterprise (HPE) has provided information on various vulnerabilities within its products. Workarounds have been released for NonStop Server, which is affected by an access restriction bypass in the Samba component. Issues, including cross-site scripting and security bypass bugs, have been patched in Network Node Manager. Updates to SiteScope fix four vulnerabilities. HPE also updated an earlier advisory to provide users with information regarding vulnerabilities in the Intelligent Management Center.
Microsoft Alleviates NTLM Vulnerabilities (07/11/2017)
The Preempt research team discovered and reported two Microsoft NT LAN Manager (NTLM) vulnerabilities. These vulnerabilities have a common theme around two different protocols handling NTLM improperly. These issues are significant as they can potentially allow an attacker to create new domain administrator accounts even when best-practice controls such as LDAP server signing and RDP restricted admin mode are enabled. NTLM is a suite of Microsoft security protocols that enables authentication, integrity, and confidentiality for users. Microsoft patched the vulnerabilities as part of its July Security Bulletin release.
The Preempt research team discovered and reported two Microsoft NT LAN Manager (NTLM) vulnerabilities. These vulnerabilities have a common theme around two different protocols handling NTLM improperly. These issues are significant as they can potentially allow an attacker to create new domain administrator accounts even when best-practice controls such as LDAP server signing and RDP restricted admin mode are enabled. NTLM is a suite of Microsoft security protocols that enables authentication, integrity, and confidentiality for users. Microsoft patched the vulnerabilities as part of its July Security Bulletin release.
Microsoft Remedies Over 50 Vulnerabilities in Product Lines (07/11/2017)
Microsoft has issued updates to fix more than 50 vulnerabilities across its product lines including Internet Explorer, the Edge browser, Office, and more. Among the most critical fixes is a patch for a remote code execution vulnerability that exists when Windows Search handles objects in memory.
Microsoft has issued updates to fix more than 50 vulnerabilities across its product lines including Internet Explorer, the Edge browser, Office, and more. Among the most critical fixes is a patch for a remote code execution vulnerability that exists when Windows Search handles objects in memory.
NIST Announces Deprecation of TDEA/3DES (07/12/2017)
NIST is urging users of the Triple Data Encryption Algorithm (TDEA), also called Triple Data Encryption Standard (or 3DES), to migrate to the Advanced Encryption Standard (AES) due to a ciphertext collision that can occur when about 232 blocks are encrypted with a single key bundle. TDEA is a 64-block cipher, and a collision in ciphertext blocks, once found, reveals information about the corresponding plaintext blocks. NIST plans to disallow the algorithm for TLS, Ipsec, and possibly other protocols.
NIST is urging users of the Triple Data Encryption Algorithm (TDEA), also called Triple Data Encryption Standard (or 3DES), to migrate to the Advanced Encryption Standard (AES) due to a ciphertext collision that can occur when about 232 blocks are encrypted with a single key bundle. TDEA is a 64-block cipher, and a collision in ciphertext blocks, once found, reveals information about the corresponding plaintext blocks. NIST plans to disallow the algorithm for TLS, Ipsec, and possibly other protocols.
OPM's Security Continues to Be Hindered by Weaknesses (07/11/2017)
The Office of Personnel Management (OPM) is still deficient in its security posture a little over two years after a massive breach compromised the data for millions of people, an inspector general audit has found. The OPM's LAN/WAN system security plan was missing relevant data including that for inherited controls and the system wasn't properly tested for security.
The Office of Personnel Management (OPM) is still deficient in its security posture a little over two years after a massive breach compromised the data for millions of people, an inspector general audit has found. The OPM's LAN/WAN system security plan was missing relevant data including that for inherited controls and the system wasn't properly tested for security.
Oracle Is Complacent on OAM Flaws Found by Researchers (07/12/2017)
Security researchers have warned that vulnerabilities in Oracle's Access Manager (OAM) 10g that could result in an attacker phishing a victim. OAM contains an open redirect vulnerability and a security issue related to the fact that it sends cookie values in GET requests. The researchers contacted Oracle in March but the vendor has said that the attack vector is a configuration issue and pointed them to SSODomains and told them to use that feature.
Security researchers have warned that vulnerabilities in Oracle's Access Manager (OAM) 10g that could result in an attacker phishing a victim. OAM contains an open redirect vulnerability and a security issue related to the fact that it sends cookie values in GET requests. The researchers contacted Oracle in March but the vendor has said that the attack vector is a configuration issue and pointed them to SSODomains and told them to use that feature.
OSIsoft Products Contain Security Bugs (07/11/2017)
OSIsoft's PI Coresight products are affected by a cross-site request forgery issue. In addition, OSIsoft's PI ProcessBook and PI ActiveView have been found to contain vulnerabilities.
OSIsoft's PI Coresight products are affected by a cross-site request forgery issue. In addition, OSIsoft's PI ProcessBook and PI ActiveView have been found to contain vulnerabilities.
Samba Warns of Vulnerability Due to Embedded Heimdahl Kerberos (07/12/2017)
Samba announced that all versions from 4.0.0 onward are plagued by a vulnerability due to an embedded copy of Heimdahl Kerberos. A patch has been released to mitigate risks. The vulnerability could enable an attacker to gain control of an affected system.
Samba announced that all versions from 4.0.0 onward are plagued by a vulnerability due to an embedded copy of Heimdahl Kerberos. A patch has been released to mitigate risks. The vulnerability could enable an attacker to gain control of an affected system.
SAP Pushes Out Vulnerability Security Fixes (07/12/2017)
SAP released 10 security notes for July along with two updates to previously released notes. The high priority security note 2476601 addresses technical issues in SAP Point of Sale (POS) Retail Xpress Server with potential disclosure.
SAP released 10 security notes for July along with two updates to previously released notes. The high priority security note 2476601 addresses technical issues in SAP Point of Sale (POS) Retail Xpress Server with potential disclosure.
Siemens Posts Software Upgrade for SIMATIC Logon (07/11/2017)
SIMATIC Logon from Siemens is affected by an out-of-bounds write vulnerability. Siemens has issued a software upgrade for this issue.
SIMATIC Logon from Siemens is affected by an out-of-bounds write vulnerability. Siemens has issued a software upgrade for this issue.