Security Flaws & Fixes - W/E - 083118
Adobe Fixes Privilege Escalation Bug in Creative Cloud (08/29/2018)
Adobe released an update for Creative Cloud. This update alleviates an issue that could result in a privilege escalation condition.
Adobe released an update for Creative Cloud. This update alleviates an issue that could result in a privilege escalation condition.
Advisory Describes Mitigation Methods for ABB eSOMS Vulnerability (08/28/2018)
ABB eSOMS, an electronic shift operations management system, is affected by an improper authentication issue, which has been described in an advisory. Mitigation techniques are depicted in the alert.
ABB eSOMS, an electronic shift operations management system, is affected by an improper authentication issue, which has been described in an advisory. Mitigation techniques are depicted in the alert.
Chashing Apps Serve Up Private Data Via SDKs (08/28/2018)
According to analysis from Appthority, several software developer kits (SDKs) from AppSee and Testfairy have the capability to capture sensitive data whenever a mobile app crashes. These particular SDKs enable developers to understand why apps crash, but when an app indeed crashes, the SDKs take screenshots of the devices. "This opens up doors for new exploits in enterprise mobile environments, as third-parties are increasingly recording mobile screens for debugging purpose and sending them back to external servers," Appthority's Su Mon Kywe warned in a blog post.
According to analysis from Appthority, several software developer kits (SDKs) from AppSee and Testfairy have the capability to capture sensitive data whenever a mobile app crashes. These particular SDKs enable developers to understand why apps crash, but when an app indeed crashes, the SDKs take screenshots of the devices. "This opens up doors for new exploits in enterprise mobile environments, as third-parties are increasingly recording mobile screens for debugging purpose and sending them back to external servers," Appthority's Su Mon Kywe warned in a blog post.
Cisco Advises on Multiple Product Vulnerabilities (08/29/2018)
Cisco has released a batch of advisories discussing vulnerabilities across its product lines. Among the most critical issues are a Linux kernel IP fragment assembly bug affecting multiple products, Linux and FreeBSD kernel bugs affecting multiple bugs, and a path transversal vulnerability in the Data Center Network Manager.
Cisco has released a batch of advisories discussing vulnerabilities across its product lines. Among the most critical issues are a Linux kernel IP fragment assembly bug affecting multiple products, Linux and FreeBSD kernel bugs affecting multiple bugs, and a path transversal vulnerability in the Data Center Network Manager.
Facebook Squashes Info Disclosure Bug (08/29/2018)
A Facebook server bug that could leak information and enable command execution has been patched after the company received notification from the researchers at SCRT Information Security. The server's Sentry service, an open-source error tracking app that is written in Python and Django, regularly showed stack traces, which identify the functions that are working at the time of an error, and appeared to be unstable.
A Facebook server bug that could leak information and enable command execution has been patched after the company received notification from the researchers at SCRT Information Security. The server's Sentry service, an open-source error tracking app that is written in Python and Django, regularly showed stack traces, which identify the functions that are working at the time of an error, and appeared to be unstable.
Further investigation showed the stack traces printing the entire application.
Firmware Update Available for Qualcomm Life's Capsule (08/28/2018)
Qualcomm Life's Capsule Datacaptor Terminal Server contains a code weakness bug that could enable an attacker to execute unauthorized code to obtain administrator-level privileges on the device. Users may download updated firmware for this issue, as discussed in an ICS-CERT advisory.
Qualcomm Life's Capsule Datacaptor Terminal Server contains a code weakness bug that could enable an attacker to execute unauthorized code to obtain administrator-level privileges on the device. Users may download updated firmware for this issue, as discussed in an ICS-CERT advisory.
Fiserv Bug Exposed Accounts at Numerous Banks (08/28/2018)
Security researcher Brian Krebs uncovered information regarding a vulnerability within Fiserv's Web platform that resulted in the compromise of customer personal and financial data across hundreds of banking Web sites. Fiserv is a technology service provider offering account and transaction processing systems to financial institutions. KrebsOnSecurity was notified by third-party researcher Kristian Erik Hermansen of a flaw in the Fiserv platform that enabled him to access account data for customers through sequential event numbers. Hermansen attempted to contact Fiserv with no luck but Krebs was able to notify the company, which has since resolved the issue. Krebs has been told by experts that 1,700 banks use the Fiserv platform.
Security researcher Brian Krebs uncovered information regarding a vulnerability within Fiserv's Web platform that resulted in the compromise of customer personal and financial data across hundreds of banking Web sites. Fiserv is a technology service provider offering account and transaction processing systems to financial institutions. KrebsOnSecurity was notified by third-party researcher Kristian Erik Hermansen of a flaw in the Fiserv platform that enabled him to access account data for customers through sequential event numbers. Hermansen attempted to contact Fiserv with no luck but Krebs was able to notify the company, which has since resolved the issue. Krebs has been told by experts that 1,700 banks use the Fiserv platform.
Multiple Advisories Posted for Schneider Electric Vulnerabilities (08/28/2018)
Multiple vulnerabilities affect Schneider Electric products. The ICS-CERT has issued two advisories for Modicon M221 to address an improper check for unusual or exceptional conditions and bugs that could result in attackers replaying authentication sequences, overwriting passwords, or decoding passwords. A third advisory pertains to a cross-site scripting issue in PowerLogic PM5560.
Multiple vulnerabilities affect Schneider Electric products. The ICS-CERT has issued two advisories for Modicon M221 to address an improper check for unusual or exceptional conditions and bugs that could result in attackers replaying authentication sequences, overwriting passwords, or decoding passwords. A third advisory pertains to a cross-site scripting issue in PowerLogic PM5560.
Patched Apache Struts Bug Being Exploited to Drop Cryptocurrency Miner (08/28/2018)
Within a day of the Apache Foundation's August 22 release of a fix for a critical bug in the Struts Framework, a proof-of-concept (PoC) exploit was issued online. On August 24, a Python script was released to make use of the exploit. Once the PoC was released, Volexity observed active scanning and attempted exploitation of the vulnerability across its sensor network. One threat actor was seen exploiting the Struts vulnerability in an effort to install the CNRig cryptocurrency miner.
Within a day of the Apache Foundation's August 22 release of a fix for a critical bug in the Struts Framework, a proof-of-concept (PoC) exploit was issued online. On August 24, a Python script was released to make use of the exploit. Once the PoC was released, Volexity observed active scanning and attempted exploitation of the vulnerability across its sensor network. One threat actor was seen exploiting the Struts vulnerability in an effort to install the CNRig cryptocurrency miner.
TechCrunch: Sprint's Security Blunder Leaves Customer Data Exposed (08/27/2018)
Sprint is coming under fire for a report by TechCrunch which revealed a major security blunder on the carrier's part. According to the expose, Sprint was employing at least two sets of easily-guessed login credentials to secure a portal which provided access to customer data for Boost Mobile and Virgin Mobile customers. The issue was apparently brought to light by a third-party security researcher, who was able to obtain unauthorized access to the portal in question. Making matters worse was the fact the portal could also be accessed by a hacker with nothing more than a customer account phone number and a four-digit pin. The phone number could be easily obtained, while the system provided an unlimited number of guesses for entering the pin. This means that any hacker could brute-force their way into the system with a maximum of 9,999 attempts. One mitigating factor in this incident is the fact that the customer portal was never meant for public use, and is largely unknown outside of Sprint's own staff. However, the carrier has confirmed the incident to TechCrunch and promises that it is already in the process of "research[ing] the issue" to prevent any future recurrence.
Sprint is coming under fire for a report by TechCrunch which revealed a major security blunder on the carrier's part. According to the expose, Sprint was employing at least two sets of easily-guessed login credentials to secure a portal which provided access to customer data for Boost Mobile and Virgin Mobile customers. The issue was apparently brought to light by a third-party security researcher, who was able to obtain unauthorized access to the portal in question. Making matters worse was the fact the portal could also be accessed by a hacker with nothing more than a customer account phone number and a four-digit pin. The phone number could be easily obtained, while the system provided an unlimited number of guesses for entering the pin. This means that any hacker could brute-force their way into the system with a maximum of 9,999 attempts. One mitigating factor in this incident is the fact that the customer portal was never meant for public use, and is largely unknown outside of Sprint's own staff. However, the carrier has confirmed the incident to TechCrunch and promises that it is already in the process of "research[ing] the issue" to prevent any future recurrence.
Windows 10 Susceptible to Unpatched Local Privilege Escalation Bug (08/28/2018)
A security researcher tweeted details about an unpatched bug in the Windows 10 operating system. The researcher also posted a link to the proof-of-concept on GitHub. Will Dormann, an analyst at CERT/CC, confirmed the local privilege escalation vulnerability in a fully patched 64-bit Windows 10 system. The bug is in the Advanced Local Procedure Call interface. US-CERT has published an advisory.
A security researcher tweeted details about an unpatched bug in the Windows 10 operating system. The researcher also posted a link to the proof-of-concept on GitHub. Will Dormann, an analyst at CERT/CC, confirmed the local privilege escalation vulnerability in a fully patched 64-bit Windows 10 system. The bug is in the Advanced Local Procedure Call interface. US-CERT has published an advisory.