Security Flaws & Fixes - W/E - 100518
"Hack the Marines" Turns Up 150 Bugs, Pays Out $150K (10/03/2018)
More than 20 days of a white hat hacking challenge resulted in the discovery of nearly 150 vulnerabilities in public-facing Marine Corps Web sites and services, HackerOne revealed. The "Hack the Marine Corps" event was the sixth Department of Defense (DOD) public bug bounty challenge and over 100 hackers participated. The challenge enabled hackers to find and uncover vulnerabilities in Marine systems and paid out over $150,000 in bounties.
More than 20 days of a white hat hacking challenge resulted in the discovery of nearly 150 vulnerabilities in public-facing Marine Corps Web sites and services, HackerOne revealed. The "Hack the Marine Corps" event was the sixth Department of Defense (DOD) public bug bounty challenge and over 100 hackers participated. The challenge enabled hackers to find and uncover vulnerabilities in Marine systems and paid out over $150,000 in bounties.
Adobe's Acrobat and Reader Receive Security Updates (10/02/2018)
Adobe has fixed vulnerabilities in Acrobat and Reader which could result in the execution of arbitrary code. The update addresses both critical and important vulnerabilities.
Adobe has fixed vulnerabilities in Acrobat and Reader which could result in the execution of arbitrary code. The update addresses both critical and important vulnerabilities.
Bloomberg: Apple, Amazon Servers Infected with Chinese Spyware (10/04/2018)
An in-depth report from Bloomberg Businesswee outlines an effort by the Chinese government to implant spyware on server motherboards manufactured in China and used by some of the leading US tech companies as well as the US government. According to sources, a tiny microchip had been inserted during the manufacturing process by operatives from a unit of the People's Liberation Army. The servers were assembled by Super Micro Computer Inc. (also known as Supermicro), a US-based company that is one of the world's leading suppliers of motherboards. US officials say the effort is the most significant supply chain attack to have been carried out against American companies. Almost 30 companies have been affected including government contractors, Amazon, and Apple. Both Supermicro and Apple deny the veracity of the report. "On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," Apple wrote in response to Businessweek. A spokesperson for Supermicro commented, "We remain unaware of any such investigation."
An in-depth report from Bloomberg Businesswee outlines an effort by the Chinese government to implant spyware on server motherboards manufactured in China and used by some of the leading US tech companies as well as the US government. According to sources, a tiny microchip had been inserted during the manufacturing process by operatives from a unit of the People's Liberation Army. The servers were assembled by Super Micro Computer Inc. (also known as Supermicro), a US-based company that is one of the world's leading suppliers of motherboards. US officials say the effort is the most significant supply chain attack to have been carried out against American companies. Almost 30 companies have been affected including government contractors, Amazon, and Apple. Both Supermicro and Apple deny the veracity of the report. "On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," Apple wrote in response to Businessweek. A spokesperson for Supermicro commented, "We remain unaware of any such investigation."
Cisco Addresses Vulnerabilities with Release of Multiple Advisories (10/03/2018)
Cisco released a number of advisories to address vulnerabilities across its product lines. Users are encouraged to check to see if any updates have been made available for their products.
Cisco released a number of advisories to address vulnerabilities across its product lines. Users are encouraged to check to see if any updates have been made available for their products.
Eighteen Bugs Found, Patched in Foxit PDF Reader (10/02/2018)
A Cisco Talos researcher uncovered 18 vulnerabilities in Foxit PDF Reader. Several of the bugs are use-after-free vulnerabilities, Patches have been made available to remedy these bugs.
A Cisco Talos researcher uncovered 18 vulnerabilities in Foxit PDF Reader. Several of the bugs are use-after-free vulnerabilities, Patches have been made available to remedy these bugs.
Emerson Issues Updates for AMS Device Manager (10/02/2018)
Emerson's AMS Device Manager is vulnerable to both arbitrary remote code execution and malware injection, an ICS-CERT advisory warns. Users should update to AMS Device Manager: v12.0 to v13.5.
Emerson's AMS Device Manager is vulnerable to both arbitrary remote code execution and malware injection, an ICS-CERT advisory warns. Users should update to AMS Device Manager: v12.0 to v13.5.
FruitFly Malware Used Weakly Protected Systems as Means of Infection (10/01/2018)
In a secret alert that was released in March 2017 but only recently became public, the FBI explains the attack vector that was used by the FruitFly malware to target a US-based university. FruitFly, also known as OSX.Backdoor.Quimitchin, exploited Internet-facing machines that used weak passwords to install the malware. Security researcher Patrick Wardle found the FBI document and posted details about it on September 28. Phillip R. Durachinsky used FruitFly for over 13 years to siphon data and spy on people. He has since been indicted by the Justice Department (DOJ).
In a secret alert that was released in March 2017 but only recently became public, the FBI explains the attack vector that was used by the FruitFly malware to target a US-based university. FruitFly, also known as OSX.Backdoor.Quimitchin, exploited Internet-facing machines that used weak passwords to install the malware. Security researcher Patrick Wardle found the FBI document and posted details about it on September 28. Phillip R. Durachinsky used FruitFly for over 13 years to siphon data and spy on people. He has since been indicted by the Justice Department (DOJ).
Fuji Electric's FRENIC Devices, Alpha5 Smart Loader Hit with Vulnerabilities (10/02/2018)
Alpha5 Smart Loader from Fuji Electric has critical vulnerabilities that have been described in an ICS-CERT advisory. A second advisory details vulnerabilities in the vendor's FRENIC devices. Fuji Electric has said it is working on fixes for all of these issues.
Alpha5 Smart Loader from Fuji Electric has critical vulnerabilities that have been described in an ICS-CERT advisory. A second advisory details vulnerabilities in the vendor's FRENIC devices. Fuji Electric has said it is working on fixes for all of these issues.
GE Communicator Vulnerable to Heap-Based Overflow (10/04/2018)
An ICS-CERT advisory recommends that users of GE's Communicator update to Version 4.0 or the latest available release as a heap-based overflow vulnerability affects versions 3.15 and earlier. Communicator is an application for programming and monitoring supported metering devices.
An ICS-CERT advisory recommends that users of GE's Communicator update to Version 4.0 or the latest available release as a heap-based overflow vulnerability affects versions 3.15 and earlier. Communicator is an application for programming and monitoring supported metering devices.
Google Boosts Security by Beefing up Chrome Extensions Rules (10/02/2018)
Google has made policy changes and updates to strengthen security in its Chrome browser. Among the announcements are that Google will scrutinize any extensions that require powerful permissions and Chrome's Web Store will no longer allow extensions with obfuscated code. Further details about these changes are available from a blog post.
Google has made policy changes and updates to strengthen security in its Chrome browser. Among the announcements are that Google will scrutinize any extensions that require powerful permissions and Chrome's Web Store will no longer allow extensions with obfuscated code. Further details about these changes are available from a blog post.
Google Issues Its Monthly Batch of Security Fixes for Android (10/04/2018)
Google patched multiple vulnerabilities with the October release of its Android Security Bulletin. Eight of the 26 vulnerabilities were rated critical, among them an issue in Framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Google patched multiple vulnerabilities with the October release of its Android Security Bulletin. Eight of the 26 vulnerabilities were rated critical, among them an issue in Framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Mozilla Updates Firefox, Firefox ESR (10/02/2018)
Mozilla released updates for Firefox and Firefox ESR. The vendor recommends that users immediately apply the updates.
Mozilla released updates for Firefox and Firefox ESR. The vendor recommends that users immediately apply the updates.
Researcher Bypasses Lockscreen for iOS 12 (10/02/2018)
A Spanish researcher has found a way to bypass iOS 12's lockscreen, SecurityWeek reported. Jose Rodriguez, who uses the YouTube channel "videosdebarraquito," has found a method but it requires physical access to the device, Siri must be enabled, and the Face ID recognition has to be disabled. Rodriquez posted a video of his findings.
A Spanish researcher has found a way to bypass iOS 12's lockscreen, SecurityWeek reported. Jose Rodriguez, who uses the YouTube channel "videosdebarraquito," has found a method but it requires physical access to the device, Siri must be enabled, and the Face ID recognition has to be disabled. Rodriquez posted a video of his findings.
TP-Link Consumer Routers Vulnerable to Remote Takeover (10/04/2018)
Tenable Research has discovered multiple vulnerabilities in the TP-Link TL-WRN841N, a consumer router, one of which could be used by an attacker to remotely take over the device. The bugs, which include improper authentication, cross-site request forgery, and two local/unauthenticated denial-of-service vulnerabilities, remain unpatched although TP-Link is preparing fixes.
Tenable Research has discovered multiple vulnerabilities in the TP-Link TL-WRN841N, a consumer router, one of which could be used by an attacker to remotely take over the device. The bugs, which include improper authentication, cross-site request forgery, and two local/unauthenticated denial-of-service vulnerabilities, remain unpatched although TP-Link is preparing fixes.
Update Alleviates Security Issues in Entes' EMG 12 (10/04/2018)
Several vulnerabilities in Entes' EMG 12 could result in attackers gaining access to the device to change the configuration and settings. An advisory from the ICS-CERT says that Entes recommends that users update to the latest available firmware version.
Several vulnerabilities in Entes' EMG 12 could result in attackers gaining access to the device to change the configuration and settings. An advisory from the ICS-CERT says that Entes recommends that users update to the latest available firmware version.
Updates for Delta Electronics' Industrial Automation PMSoft Mitigate Vulnerability (10/02/2018)
Delta Electronics' Industrial Automation PMSoft is affected by an out-of-bounds read bug. Users should update to at least PMSoft v2.12. Further information has been posted in an ICS-CERT advisory.
Delta Electronics' Industrial Automation PMSoft is affected by an out-of-bounds read bug. Users should update to at least PMSoft v2.12. Further information has been posted in an ICS-CERT advisory.
Users of Delta Electronics' ISPSoft Should Update to Alleviate Bug (10/03/2018)
A stack-based overflow bug has been detected in Delta Electronics' ISPSoft, a PLC program development tool. Users are instructed to update to ISPSoft v3.0.6 or newer. Further information is available from the ICS-CERT.
A stack-based overflow bug has been detected in Delta Electronics' ISPSoft, a PLC program development tool. Users are instructed to update to ISPSoft v3.0.6 or newer. Further information is available from the ICS-CERT.
Vulnerability discovered in MacOS Code Signature Handling (10/04/2018)
In a talk at the Virus Bulletin conference, Thomas Reed from Malwarebytes said that a vulnerability in the way MacOS handles code signatures can result in the compromise of apps. ThreatPost reported this information from Reed who revealed that although the Macintosh platform doesn't run unsigned code apps for security purposes, the process in which it handles this task has a serious flaw. App code signatures are checked to make sure they aren't malware and if they pass, MacOS considers them trusted software. The app is never again checked once it passes the protective review, but Reed says this system is flawed because an attacker could infect an application that is already running and deemed safe. Reed said, "An attacker would simply replace the legit executable in an app bundle with a malicious copy - and then rename the original to something else."
In a talk at the Virus Bulletin conference, Thomas Reed from Malwarebytes said that a vulnerability in the way MacOS handles code signatures can result in the compromise of apps. ThreatPost reported this information from Reed who revealed that although the Macintosh platform doesn't run unsigned code apps for security purposes, the process in which it handles this task has a serious flaw. App code signatures are checked to make sure they aren't malware and if they pass, MacOS considers them trusted software. The app is never again checked once it passes the protective review, but Reed says this system is flawed because an attacker could infect an application that is already running and deemed safe. Reed said, "An attacker would simply replace the legit executable in an app bundle with a malicious copy - and then rename the original to something else."