09-30

September 30, 2019

The Cyber WAR (Weekly Awareness Report) is an Open Source Intelligence AKA OSINT resource focusing on advancedpersistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime categorydirected at both business and political targets. Attack vectors include system compromise, social engineering, and eventraditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: Last Malware* Troj/Ransom-FLS* Troj/Delf-HDA* Troj/Stealer-SA* Troj/Lethic-DK* Troj/Emotet-BJQ* Troj/Emotet-BJP* Troj/DocDrp-HU* Troj/Bladab-O* JS/DwnLdr-YDI* Troj/Steale-H

Last PUAs* Yet Another Cleaner* SuperInstaller* SurfBuyer* Strictor* OxyPumper* Neoreklami* KuaiZip* InstallCore* HistoryCollector* DownWare

Interesting News

* Hello! My name is DtrackWhen we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can addanother family to the Lazarus group's arsenal: ATMDtrack and Dtrack.

* * The Cyber Intelligence Report has a brand new look and the 2019 Quarter 4 issue will be released the begining October. There are some great walkthroughs inside you shouldn't miss. We have an active Facebook group that discusses topicsranging from computer forensics to ethical hacking and more. Join the Cyber Secrets Facebook group here. If you wouldlike to receive the CIR updates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Krebs on Security

* Dark Reading

* The Hacker News

* Security Week

* Infosecurity Magazine

* Naked Security

* Quick Heal - Security Simplified

* Threat Post

The Hacker Corner:

* Security Conferences

* Zone-H Latest Published Website Defacements

Tools & Techniques

* Packet Storm Security Latest Published Tools

* Kali Linux Tutorials

* GBHackers Analysis

Exploits and Proof of Concepts

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

Packet Storm Security

* Canada Says Its Spy Screwed Us* Chrome Bug, Not Avid Software, Causes Damage To MacOS* Mystery Of The Disappearing Cryptoqueen Ruja Ignatova* White House Played Shell Games With Whistleblower Record* US Military Veterans Targeted By Iranian State Hackers* Notorious GandCrab Hacker Group Returns From Retirement* Hacker House Shoved Under UK Parliament's Spotlight* Donald Trump Confusingly Blabbers About CrowdStrike To The Ukraine* You Have The Right To Be Forgotten By Google, But Only In Europe* Hackers Tried To Compromise Phones Of Tibetans* Russian National Confesses To Biggest Bank Hack In History* Microsoft Internet Explorer Zero Day Flaw Addressed* How Google Changed The Secretive Market For The Most Dangerous Hacks In The World* 200K Sign Petition Against Equifax Data Breach Settlement* Facebook Suspends Tens Of Thousands Of Apps Over Privacy Issues* Forcepoint VPN For Windows Patches Privilege Escalation Vuln* New North Korean Malware Targeting ATMs Spotted In India* WeWork Unsecured WiFi Exposes Documents* Thinkful Confirms Breach* Payment Card Thieves Hack Click2Gov Bill Paying Portals In 8 Cities* Hotel Booking Sites Come Under Fire From Magecart* Advanced Hackers Are Infecting IT Providers To Get At Customers* Iowa Officials Claim Confusion Over Scope In Pen-Test Arrest* Smart TVs, Subscription Services Leak Data To Facebook, Google* Hotel Websites Infected With Skimmer Via Supply Chain Attack

Krebs on Security

* German Cops Raid "Cyberbunker 2.0," Arrest 7 in Child Porn, Dark Web Market Sting* MyPayrollHR CEO Arrested, Admits to $70M Fraud* Interview With the Guy Who Tried to Frame Me for Heroin Possession* Before He Spammed You, this Sly Prince Stalked Your Mailbox* Man Who Hired Deadly Swatting Gets 15 Months* NY Payroll Company Vanishes With $35 Million* Patch Tuesday, September 2019 Edition* Secret Service Investigates Breach at U.S. Govt IT Contractor* 'Satori' IoT Botnet Operator Pleads Guilty* Spam In your Calendar? Here's What to Do.

Dark Reading

* 218M Words with Friends Players Compromised in Data Breach* 'Harvesting Attacks' & the Quantum Revolution* 8 Microsegmentation Pitfalls to Avoid* Edge Feature Section* Best Practices* The Etiquette of Respecting Privacy in the Age of IoT* Cloud Vulnerability Could Let One Server Compromise Thousands* Apple Patches Multiple Vulnerabilities Across Platforms* Cybersecurity Certification in the Spotlight Again * DoorDash Breach Affects 4.9M Merchants, Customers, Workers* Is Your Organization Suffering from Security Tool Sprawl?* Mass Exploitation of vBulletin Flaw Raises Alarm* Cloud-Native Applications: Shift to Serverless is Underway* Ransomware Hits Multiple, Older Vulnerabilities * Voting Machine Systems New & Old Contain 'Design' Flaws* Why Clouds Keep Leaking Data* Bridging the Gap Between Security & DevOps* Airbus Cyberattack Landed on Suppliers' Networks* Why You Need to Think About API Security* New Emergency Communications Plan Released by CISA

The Hacker News

* Pay What You Wish - 9 Hacking Certification Training Courses in 1 Bundle* New Critical Exim Flaw Exposes Email Servers to Remote Attacks - Patch Released* Exclusive - Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data* More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed* Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X* Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers* DoorDash Breach Exposes 4.9 Million Users' Personal Data* Outlook for Web Bans 38 More File Extensions in Email Attachments* iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' - Even When You Deny* [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly* 1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp* Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples* Cynet 360: The Next Generation of EDR* Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw* Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme

Security Week

* Critical Remote Code Execution Vulnerability Patched in Exim Email Server * 'Masad Stealer' Uses Telegram to Exfiltrate Data* Vulnerability Management Firm Kenna Security Raises $48 Million* Tridium Niagara Affected by BlackBerry QNX Vulnerabilities* 'WhiteShadow' Downloader Employs Microsoft SQL for Malware Delivery* New Anomali Tool Finds Threat Data in News, Blogs, Social Networks* Spain Security Firm Probed 'for Spying on Assange for CIA'* New 'Gucci' IoT Botnet Targets Europe* Iran's Oil Sector on 'Full Alert' Against Attacks* Driver's License Thefts Spur ADOT to Boost Online Safeguards* Germany Cracks 'Cyber Bunker' Hosting Darknet Sites* Microsoft Expands List of Blocked File Types in Outlook on the Web* Apple Patches iOS 13 Bug Allowing Third-Party Keyboards "Full Access"* Malware Delivery Campaign Employs Advanced Fileless Techniques* Dunkin' Donuts Sued by New York's State Attorney General Over Data Breaches* 'Unpatchable' iOS Bootrom Exploit Allows Jailbreaking of Many iPhones* China Rejects 'Smear' After Airbus Hacking Report* Airbus Says Taking 'Appropriate Measures' Against Hackers* GAO Says Electric Grid Cybersecurity Risks Only Partially Assessed* German Auto and Defense Firm Rheinmetall Says Malware Hit Several Plants

Infosecurity Magazine

* Hiding a Data Breach Can Derail an Acquisition * Pennsylvania Might Be Second State to Criminalize Cyber-Flashing* BlackBerry Launches New Cybersecurity Development Labs* Senate Passes Ransomware Law * Airbus Suppliers Hit in State-Sponsored Attack* Microsoft Launches CyberPeace Institute to Tackle Attacks* Cyber-Harassment Expert Wins MacArthur Genius Grant* New Spyware Threatens Telegram's 200 Million Users * Dunkin' Sued for Keeping Data Breach Secret * Global Consumers Reject Government-Mandated Encryption Backdoors* Banks Add to Confusion as Scammers Target Thomas Cook Customers* DoorDash Breach Exposes Data on Nearly Five Million Users

Naked Security

* Checkm8 jailbreak and AltStore put cracks in Apple's walled garden* Social media manipulation as a political tool is spreading* Outlook on the web bans a further 38 file types* Is the era of social media Likes over?* Monday review - the hot 24 stories of the week* 'Fleeceware' Play store apps quietly charging up to $250* Apple users, patch now! The 'bug that got away' has been fixed* Chrome cripples movie studio Mac Pros* Google made thousands of deepfakes to aid detection efforts* Match knowingly puts people at risk from scammers, FTC charges

Quick Heal - Security Simplified

* Quick Heal reports 29 malicious apps with 10 million+ downloads on Google Play Store* Trivia! 5 things you never imagined could be hacked by cyber criminals* The Free Mobile Anti-virus you are using can be a Fake!* Teacher's Day Special - Things that teachers must know about their students to make them cyber safe* PowerShell: Living off the land!* Cybersquatting and Typosquatting victimizing innocent customers and brands* Phishers using custom 404 Not Found error page to steal Microsoft credentials* Alert! 27 apps found on Google Play Store that prompt you to install Fake Google Play Store* Alert! Income tax refund SMS - Newest way of conducting bank fraud by cyber criminals* Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners

Threat Post

* New Bug Found in NSA's Ghidra Tool* Senate Passes Bill Aimed At Combating Ransomware Attacks* Critical Exim Flaw Opens Servers to Remote Code Execution* iOS Exploit 'Checkm8' Could Allow Permanent iPhone Jailbreaks* Masad Spyware Uses Telegram Bots for Command-and-Control* Dunkin' Donuts Gets Hit with Lawsuit Over 2015 Attack* Arcane Stealer V Takes Aim at the Low End of the Dark Web* Microsoft Blacklists Dozens of New File Extensions in Outlook* News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware* Thousands of PCs Affected by Nodersok/Divergent Malware

The Hacker Corner

Conferences

* Advertising Landing Page Copy/Form* Apply: FREE 6 Month InfoSec Speaking Plan* Apply: FREE 6 Month InfoSec Speaking Plan* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)* 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy* An Interview with Jack Daniel: Co-Founder of BSides!

Latest Website Defacements

* http://dprd-jogjakota.go.id* http://correo.essmar.gov.co/zx.htm* http://primarydata.buriram4.go.th//zx.htm* http://gdabr4.buriram4.go.th//zx.htm* http://gda.buriram4.go.th//zx.htm* http://eff.buriram4.go.th//zx.htm* http://odgo.buriram4.go.th/zx.htm* https://buriram4.go.th//zx.htm* http://www.sidorejobandongan.magelangkab.go.id/olala.htm* http://portal.sawahluntokota.go.id/zad.htm* https://ppid.dinkes.jatengprov.go.id* https://dinkes.jatengprov.go.id* http://bpdb.gov.bd/_index.html* http://pn-rengat.go.id/version.txt* http://pa-wonosobo.go.id/version.txt* https://cimanukkec.pandeglangkab.go.id/C0nn3ct10n-3rr0r.php* http://nakertrans.bungokab.go.id/C0nn3ct10n-3rr0r.php* http://transsemarang.semarangkota.go.id/ay.htm* https://sidatapemda.grobogan.go.id/ay.htm* http://epokir.semarangkota.go.id/ay.htm

Tools & Techniques

Packet Storm Security Tools Links

* Falco 0.17.1* Suricata IDPE 4.1.5* XSSer Penetration Testing Tool 1.8-1* Wireshark Analyzer 3.0.5* Web-Based Firewall Logging Tool 1.1.2* TOR Virtual Network Tunneling Tool 0.4.1.6* Packet Fence 9.1.0* Wireshark Analyzer 3.0.4* OpenSSL Toolkit 1.1.1d* Wapiti Web Application Vulnerability Scanner 3.0.2

Kali Linux Tutorials

* MemProcFS : The Memory Process File System* FDSploit : File Inclusion & Directory Traversal Fuzzing, Enumeration & Exploitation Tool* Rebel Framework : Penetration Testing Framework* Firmware Analysis Toolkit : To Emulate Firmware And Analyse It For Security Vulnerabilities* Router Exploit Shovel : Automated Application Generation for Stack Overflow Types on Wireless Routers* SKA : Simple Karma Attack* ArmourBird CSF - Container Security Framework* Tachyon : Fast Http Dead File Finder* Juicy Potato : A Sugared Version Of RottenPotatoNG, With A Bit Of Juice* Scout Suite : Multi-Cloud Security Auditing Tool

GBHackers Analysis

* Exim Email Server Vulnerability Let Hackers Execute Remote Code on Vulnerable Servers - Update Now!!* Hackers Drop Spyware and Steal the Password, Credit card and Browers Data Using Telegram as a C2Server* Autonomous Systems - Why It is Important in Your Corporate Network & How Hackers Use it* Magecart Hackers Group Attack High-grade Wi-Fi Routers To Take Control The Public-WiFi Networks* Top 7 Vulnerability Database Sources to Trace New Vulnerabilities

Proof of Concept (PoC) & Exploits

Packet Storm Security

* V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation* V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting* V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery* V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation* V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download* ACTi ACM-5611 Video Camera Remote Command Execution* ACTi ACD-2100 Video Encoder Remote Command Execution* eBrigade SQL Injection* vBulletin 5.x 0-Day Pre-Auth Remote Command Execution* Duplicate-Post 3.2.3 Cross Site Scripting* all-in-one-seo-pack 3.2.7 Cross Site Scripting* inoERP 4.15 SQL Injection* citecodecrashers Pic-A-Point 1.1 SQL Injection* ACTi ACM-3100 Camera Remote Command Execution* Chrome IndexedDBConnection::Close Use-After-Free* Chrome ~LevelDBIteratorImpl Use-After-Free* YzmCMS 5.3 Host Header Injection* NPMJS gitlabhook 0.0.17 Remote Command Execution* WP Server Log Viewer 1.0 Cross Site Scripting* SpotIE Internet Explorer Password Recovery 2.9.5 Denial Of Service* Chamilo LMS 1.11.8 Shell Upload* vBulletin 5.x Pre-Auth Remote Code Execution* ABRT sosreport Privilege Escalation* Microsoft SharePoint 2013 SP1 Cross Site Scripting* iMessage NSSharedKeyDictionary Decoding Out Of Bounds Read

Proof of Concept (PoC) & Exploits

Exploit Database

* [webapps] WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting* [webapps] V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation* [webapps] V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery* [webapps] V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download* [webapps] thesystem App 1.0 - 'username' SQL Injection* [webapps] thesystem App 1.0 - Persistent Cross-Site Scripting* [webapps] thesystem App 1.0 - 'server_name' SQL Injection* [remote] Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)* [webapps] InoERP 0.7.2 - Persistent Cross-Site Scripting* [webapps] citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection* [webapps] inoERP 4.15 - 'download' SQL Injection* [webapps] all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting* [webapps] Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting* [webapps] Chamillo LMS 1.11.8 - Arbitrary File Upload* [webapps] YzmCMS 5.3 - 'Host' Header Injection* [local] ABRT - sosreport Privilege Escalation (Metasploit)* [webapps] NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution* [webapps] WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting* [dos] SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service* [webapps] Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting* [remote] Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)* [dos] iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds* [dos] Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service* [remote] File Sharing Wizard 1.5.0 - POST SEH Overflow* [dos] DeviceViewer 3.12.0.1 - 'creating user' Denial of Service

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* AA19-024A: DNS Infrastructure Hijacking Campaign* Vulnerability Summary for the Week of September 23, 2019* Vulnerability Summary for the Week of September 16, 2019* Vulnerability Summary for the Week of September 9, 2019

Symantec - Latest List

* Google Android Media Framework Component Multiple Security Vulnerabilities* Dell EMC Integrated Data Protection Appliance Multiple Security Vulnerabilities* Google Android Runtime Components Multiple Local Privilege Escalation Vulnerabilities* Exim CVE-2019-16928 Heap Buffer Overflow Vulnerability* Cloud Foundry UAA CVE-2019-11279 Privilege Escalation Vulnerability* Google Android Library Components Multiple Local Privilege Escalation Vulnerabilities* Adobe Flash Player CVE-2019-8075 Security Bypass Vulnerability* Linux Kernel CVE-2019-16921 Information Disclosure Vulnerability* Apple iOS APPLE-SA-2019-9-26-3 Multiple Security Vulnerabilities* Apple Safari APPLE-SA-2019-9-26-9 Multiple security Vulnerabilities* Microsoft Internet Explorer Scripting Engine CVE-2019-1367 Remote Memory Corruption Vulnerability* Microsoft .NET Core CVE-2019-1301 Denial of Service Vulnerability* Microsoft Windows CVE-2019-1215 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability* Microsoft SharePoint CVE-2019-1296 Remote Code Execution Vulnerability* Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability* Microsoft Excel CVE-2019-1297 Remote Code Execution Vulnerability* Microsoft SharePoint CVE-2019-1295 Remote Code Execution Vulnerability* Microsoft Windows Secure Boot CVE-2019-1294 Local Security Bypass Vulnerability* Microsoft Windows LNK CVE-2019-1280 Remote Code Execution Vulnerability* Microsoft Winlogon CVE-2019-1268 Local Privilege Escalation Vulnerability* Microsoft Compatibility Appraiser CVE-2019-1267 Local Privilege Escalation Vulnerability* Microsoft Exchange Server CVE-2019-1266 Spoofing Vulnerability* Microsoft Yammer CVE-2019-1265 Security Bypass Vulnerability* Microsoft Office CVE-2019-1264 Security Bypass Vulnerability* Microsoft Excel CVE-2019-1263 Information Disclosure Vulnerability

AdvisoriesPacket Storm Security - Latest List

Slackware Security Advisory - mozilla-thunderbird UpdatesSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -currentto fix security issues. Ubuntu Security Notice USN-4140-1Ubuntu Security Notice 4140-1 - It was discovered that no user notification was given when pointer lock isenabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploitthis to hijack the mouse pointer and confuse users.Samsung Mobile Android FotaAgent Arbitrary File CreationA vulnerability in Samsung Mobile Android FotaAgent allows creating privileged files without proper permissionfrom an unprivileged process.Samsung Mobile Android SamsungTTS Privilege EscalationThe Samsung Text-to-speech Engine System Component on Android suffers from a local privilege escalationvulnerability. Versions before 3.0.02.7 and 3.0.00.101 are affected.Jira Server / Data Center Template InjectionJira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.Bitbucket Server / Data Center Argument InjectionBitbucket Server and Bitbucket Data Center suffer from an argument injection vulnerability. Versions affectedinclude those below 5.16.10, 6.0.0 up to 6.0.10, 6.1.0 up to 6.1.8, 6.2.0 up to 6.2.6, 6.3.0 up to 6.3.5, 6.4.0 upto 6.4.3, and 6.5.0 up to 6.5.2.Ubuntu Security Notice USN-4139-1Ubuntu Security Notice 4139-1 - It was discovered that File Roller incorrectly handled certain TAR files. Anattacker could possibly use this issue to overwrite sensitive files during extraction.Red Hat Security Advisory 2019-2900-01Red Hat Security Advisory 2019-2900-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include a buffer overflow vulnerability.Red Hat Security Advisory 2019-2899-01Red Hat Security Advisory 2019-2899-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include a buffer overflow vulnerability.Debian Security Advisory 4531-1Debian Linux Security Advisory 4531-1 - Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or information leaks.Debian Security Advisory 4532-1Debian Linux Security Advisory 4532-1 - It was discovered that SPIP, a website engine for publishing, wouldallow unauthenticated users to modify published content and write to the database, perform cross-site requestforgeries, and enumerate registered users.Red Hat Security Advisory 2019-2825-01

Red Hat Security Advisory 2019-2825-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. This advisorycontains cri-o RPM packages for Red Hat OpenShift Container Platform 4.1.17. A credential disclosure issuewas addressed.Red Hat Security Advisory 2019-2896-01Red Hat Security Advisory 2019-2896-01 - In accordance with the Red Hat Enterprise Linux Errata SupportPolicy, Extended Update Support for Red Hat Enterprise Linux 7.4 is retired as of August 31, 2019, and activesupport will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, includingCritical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.4 EUS after August31, 2019. Red Hat Security Advisory 2019-2901-01Red Hat Security Advisory 2019-2901-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include a buffer overflow vulnerability.Ubuntu Security Notice USN-4138-1Ubuntu Security Notice 4138-1 - It was discovered that LibreOffice incorrectly handled embedded scripts indocument files. If a user were tricked into opening a specially crafted document, a remote attacker couldpossibly execute arbitrary code.Red Hat Security Advisory 2019-2893-01Red Hat Security Advisory 2019-2893-01 - The httpd packages provide the Apache HTTP Server, a powerful,efficient, and extensible web server. Issues addressed include a denial of service vulnerability.Red Hat Security Advisory 2019-2892-01Red Hat Security Advisory 2019-2892-01 - Kernel-based Virtual Machine is a full virtualization solution for Linuxon a variety of architectures. The qemu-kvm packages provide the user-space component for running virtualmachines that use KVM. Issues addressed include buffer overflow and null pointer vulnerabilities.Red Hat Security Advisory 2019-2889-01Red Hat Security Advisory 2019-2889-01 - The redhat-virtualization-host packages provide the Red HatVirtualization Host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linuxwith only the packages required to host virtual machines. RHVH features a Cockpit user interface formonitoring the host's resources and performing administrative tasks. Issues addressed include a bufferoverflow vulnerability.Red Hat Security Advisory 2019-2817-01Red Hat Security Advisory 2019-2817-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. A credentialdisclosure issue was addressed.Red Hat Security Advisory 2019-2885-01Red Hat Security Advisory 2019-2885-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems,written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either themaildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issuesaddressed include an out of bounds write vulnerability.Red Hat Security Advisory 2019-2818-01Red Hat Security Advisory 2019-2818-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. Ubuntu Security Notice USN-4137-1Ubuntu Security Notice 4137-1 - It was discovered that Mosquitto incorrectly handled certain specially craftedinput and network packets. A remote attacker could use this to cause a denial of service.Kernel Live Patch Security Notice LSN-0056-1Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linuxkernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possiblyexecute arbitrary code in the host OS.

Ubuntu Security Notice USN-4134-2Ubuntu Security Notice 4134-2 - USN-4134-1 fixed a vulnerability in IBus. The security fix introduced aregression when being used with Qt applications. This update reverts the security fix pending furtherinvestigation. Simon McVittie discovered that IBus did not enforce appropriate access controls on its privateD-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploitthis to capture the key strokes of the other user. Various other issues were also addressed.

https://www.informationwarfarecenter.com