Security Flaws & Fixes - W/E - 08/17/18

"Faxsploit" Delivers Malware, Cyber Attacks Via Fax Machines (08/13/2018)
Vulnerabilities in the communication protocols used in fax machines could result in organizations and individuals getting hacked, Check Point Software researchers have discovered. The team demonstrated the vulnerabilities in the HP Officejet Pro All-in-One fax printers, which use the same protocols as other vendors' faxes and multi-function printers, and in online fax services such as fax2email. Using an organization's fax number, the attacker sends a specially created image file by fax to the target. The vulnerabilities enable malware to be coded into the image file, which the fax machine decodes and uploads to its memory. The malware can then potentially breach sensitive data or cause disruption by spreading across any networks to which the fax machine is connected. Check Point, which dubbed this attack method "Faxploit," notified HP of the issues with its printer and the company issued a patch.

Adobe Pushes Out Updates for Flash, Other Products (08/14/2018)
Adobe has released security updates for Flash Player to fix vulnerabilities that could result in arbitrary code execution. In addition, the vendor issued updates for Reader and AcrobatCreative Cloud, and Experience Manager.

Critical Bug in VBScript Engine Affecting Internet Explorer Gets Fix (08/15/2018)
Trend Micro uncovered a user-after-free bug in Internet Explorer in the wild in July. The vulnerability affects the VBScript engine in the latest versions of Windows, Microsoft patched this issue in its August security bulletin.

Critical Vulnerability in Oracle Database Could Result in Complete Compromise (08/13/2018)
Oracle issued an alert for a Database vulnerability in versions 11.2.0.4 and 12.2.0.1 on Windows. The issue can result in a complete compromise of the Oracle Database and shell access to the underlying server. Patches have been released and Oracle recommends that customers immediately take action to mitigate risks.

Defense Department Kicks Off "Hack the Marine Corps" Bug Bounty Program (08/14/2018)
Politico has reported that the Defense Department (DOD) and HackerOne announced "Hack the Marine Corps" bug bounty program, a challenge that will conclude on August 26. The goal is to promote improved security of the Marine Corps Enterprise Network and will focus on the Marines' public Web sites and services.

Intel Details L1 Terminal Fault (08/14/2018)
Intel provided details regarding the L1 Terminal Fault (L1TF), a recently-identified speculative execution side-channel vulnerability affecting some microprocessors supporting Intel SGX. Further information and remediation steps are available via the Intel Web site.

IOActive Researchers Find Flaws in Satellite Communications, Extreme's WingOS (08/13/2018)
IOActive announced two research papers that were disclosed at the Black Hat and DEF CON 26 security conferences. Ruben Santamarta presented Last Call for SATCOM Security, which discussed satellite communications vulnerabilities and how they could be turned into radio frequency weapons. The result is that maritime vessels and airlines are susceptible to cyber attacks. Josep Pi Rodriguez discussed his findings, Breaking Extreme Networks WingOS: How to Own Millions of Devices Running on Aircrafts, Government, Smart Cities and More, highlighting several critical vulnerabilities he found in Extreme Networks' embedded WingOS, which was originally created by Motorola.

ISC's BIND Contains a Flaw in the "Deny-Answer-Aliases" Feature (08/13/2018)
The Internet Systems Consortium (ISC) has warned of a bug in a rarely used feature in BIND. A defect in the "deny-answer-aliases" feature could result in a denial-of-service condition.

Kaspersky VPN Bug Dropped DNS Address (08/14/2018)
A researcher discovered that Kaspersky Lab's VPN application for Android exposed the DNS address even after the user connected to a virtual server. The issue exists in Kaspersky VPN v1.4.0.216 and potentially earlier versions. Dhiraj Mishra found the bug and reported it to Kaspersky Lab. It has since been fixed.

Key Reuse Alters Encrypted Communications, Leads to Attacks (08/14/2018)
Researchers have identified an attack method that can break encrypted communications and impacts products from Clavister, CiscoHuawei, and ZyXEL. According to the team of scientists, reusing a key pair across different versions and modes of the IKE (Internet KeyExchange) protocol can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. The attack method could be used against products from Cisco, Huawei, ZyXEL, and Clavister -- all have since released updates to mitigate this vulnerability.

Microsoft Squashes Multiple Bugs with August Batch of Fixes (08/14/2018)
Microsoft issued updates for various software, including Internet Explorer, Edge, Windows, Office, and .NET Framework. Among the vulnerabilities fixed is a bug in Active Directory Federation Services (ADFS) that was detailed by researchers at Okta. A weakness in the ADFS protocol enabled attackers to bypass multi-factor authentication methods.

Millions of Bluetooth Devices Could Be Victimized by Btlejacking Hacks (08/14/2018)
Bluetooth devices are vulnerable to a new attack method, dubbed "Btlejacking," that a researcher described at the DEF CON security conference, eWeek reported. Btlejack involves sniffing existing and new Bluetooth Low Energy (BLE) connections and jamming BLE signals. Btlejack then enables an attacker to take control of a BLE connection. Damien Cauquil, the researcher who discovered Btlejacking, said that an attacker only needs a Micro:BIT embedded computer to run the attack.

Multiple Bugs Could Escalate Privileges in Philips IntelliSpace Cardiovascular Products (08/14/2018)
An advisory warns that an attacker with local access and users privileges to Philips' IntelliSpace Cardiovascular (ISCV)/Xcelera server can escalate privileges and execute arbitrary code. Mitigation techniques are listed in the advisory.

Multiple Bugs Found in NetComm Wireless 4G LTE Light Industrial M2M Router (08/13/2018)
The 4G LTE Light Industrial M2M Router from NetComm Wireless is affected by multiple vulnerabilities, according to an advisory that was issued by the ICS-CERT. A new firmware version has been released to mitigate the vulnerabilities.

Multiple Cisco Advisories Posted to Mitigate Security Issues (08/15/2018)
Cisco released multiple advisories to address security vulnerabilities across its product lines. Among the most critical issues are a Web proxy bug in the AsyncOS Software for Cisco Web Security Appliances; a denial-of-service (DoS) vulnerability in the Adaptive Security Appliance; and a DoS condition in the XCP Router service of the Unified Communications Manager IM & Presence Service and the TelePresence Video Communication Server and Expressway.

Researchers Warn of Exposed Smart Irrigation Systems (08/14/2018)
Researchers from the Ben-Gurion University of the Negev in Israel have presented an attack method that can be used to exploit urban water services using a botnet of commercial smart irrigation systems. By using this method, attackers could empty standard water towers and water reservoirs, potentially disrupting water services. While most smart irrigation systems use WiFi for communications, some systems use a GSM component to connect to the Internet. By using Shodan, the researchers spotted exposed devices that could be easily compromised.

Samba Posts Security Advisories (08/15/2018)
Samba has issued several advisories to address security vulnerabilities. Users are instructed to immediately apply the updates as one of the vulnerabilities could result in a system takeover.

SAP Alleviates Vulnerabilities with Latest Batch of Security Fixes (08/15/2018)
SAP released 27 Security Notes and updated two earlier notes to fix vulnerabilities within its products. Four of the notes have been rated as "high" and address a missing authentication check in the SRM MDM Catalog; a SQL injection bug in BI Launchpad Web Intelligence; and a memory corruption vulnerability in the BusinessObjects Business Intelligence platform

Security Advisories Posted by VMware for Multiple Products (08/15/2018)
VMware is advising users that three alerts were issued on August 14 to address vulnerabilities in multiple products. Among them is an out-of bounds issue that was identified in Workstation and Fusion.
Security Issues Found in Delta Electronics' CNCSoft and ScreenEditor (08/13/2018)
Delta Electronics' CNCSoft and ScreenEditor are both vulnerable to stack-based overflow and out-of-bounds read bugs. An ICS-CERT advisory recommends updating to the latest version and restricting the interaction with the application to trusted files.
Siemens Releases Updates for Multiple Products (08/14/2018)
Siemens has issued multiple advisories for its products. In one advisory, the company details a vulnerability in OpenSSL that affects Siemens industrial products. A second advisory discusses fixes for two vulnerabilities in SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal). Finally, Siemens posted updates for Automation License Manager to remedy two vulnerabilities.

Speculative Execution Side-Channel Issue Found in Intel SGX (08/14/2018)
Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF) that impacts select microprocessor products supporting Intel Software Guard Extensions (Intel SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices. The researchers have dubbed this attack "Foreshadow" and say that this vulnerability "demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine's private attestation key. Making things worse, due to SGX's privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem."

Two Advisories Address Flaws in Medtronic Patient Monitors, Insulin Pumps (08/13/2018)
Medtronic's MyCareLink 24950 Patient Monitor contains vulnerabilities that may allow an attacker with physical access to obtain per-product credentials that are utilized to authenticate data uploads and encrypt data at rest. Additionally, an attacker with access to a set of these credentials and additional identifiers can upload invalid data to the Medtronic CareLink network. Details have been shared in an ICS-CERT advisory. A separate advisory has been issued for Medtronic's MiniMed 508 Insulin Pump because vulnerabilities may allow an attacker to replay captured wireless communications and cause an insulin (bolus) delivery.

Upgrades Squash Bugs in Crestron's TSW-X60 and MC3 (08/13/2018)
Several vulnerabilities have been identified in Crestron's TSW-X60 and MC3, which could result in remote code executions with escalated system privileges. Users are instructed to upgrade to the latest firmware.