09-30

September 30, 2019

The Cyber WAR (Weekly Awareness Report) is an Open Source Intelligence AKA OSINT resource focusing on advancedpersistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime categorydirected at both business and political targets. Attack vectors include system compromise, social engineering, and eventraditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: Last Malware* VBS/Drop-BLD* VBS/Agent-BCRC* Troj/Zbot-NQJ* Troj/VBInj-VO* Troj/VBInj-VN* Troj/VB-KNB* Troj/Tofsee-CZ* Troj/Steale-G* Troj/RTFDL-ALK* Troj/Qakbot-DK

Last PUAs* Http File Server* Android FleeceWare* HistoryCollector* Xtron* Ulbi* KuaiZip* IdleBuddyMiner* Bundlore* Android Stalkerware* Bitcoin Miner

Interesting News

* Hello! My name is DtrackWhen we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can addanother family to the Lazarus group's arsenal: ATMDtrack and Dtrack.

* * The Cyber Intelligence Report has a brand new look and the 2019 Quarter 4 issue will be released the begining October. There are some great walkthroughs inside you shouldn't miss. We have an active Facebook group that discusses topicsranging from computer forensics to ethical hacking and more. Join the Cyber Secrets Facebook group here. If you wouldlike to receive the CIR updates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Krebs on Security

* Dark Reading

* The Hacker News

* Security Week

* Infosecurity Magazine

* Naked Security

* Quick Heal - Security Simplified

* Threat Post

The Hacker Corner:

* Security Conferences

* Zone-H Latest Published Website Defacements

Tools & Techniques

* Packet Storm Security Latest Published Tools

* Kali Linux Tutorials

* GBHackers Analysis

Exploits and Proof of Concepts

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

Packet Storm Security

* Canada Says Its Spy Screwed Us* Chrome Bug, Not Avid Software, Causes Damage To MacOS* Mystery Of The Disappearing Cryptoqueen Ruja Ignatova* White House Played Shell Games With Whistleblower Record* US Military Veterans Targeted By Iranian State Hackers* Notorious GandCrab Hacker Group Returns From Retirement* Hacker House Shoved Under UK Parliament's Spotlight* Donald Trump Confusingly Blabbers About CrowdStrike To The Ukraine* You Have The Right To Be Forgotten By Google, But Only In Europe* Hackers Tried To Compromise Phones Of Tibetans* Russian National Confesses To Biggest Bank Hack In History* Microsoft Internet Explorer Zero Day Flaw Addressed* How Google Changed The Secretive Market For The Most Dangerous Hacks In The World* 200K Sign Petition Against Equifax Data Breach Settlement* Facebook Suspends Tens Of Thousands Of Apps Over Privacy Issues* Forcepoint VPN For Windows Patches Privilege Escalation Vuln* New North Korean Malware Targeting ATMs Spotted In India* WeWork Unsecured WiFi Exposes Documents* Thinkful Confirms Breach* Payment Card Thieves Hack Click2Gov Bill Paying Portals In 8 Cities* Hotel Booking Sites Come Under Fire From Magecart* Advanced Hackers Are Infecting IT Providers To Get At Customers* Iowa Officials Claim Confusion Over Scope In Pen-Test Arrest* Smart TVs, Subscription Services Leak Data To Facebook, Google* Hotel Websites Infected With Skimmer Via Supply Chain Attack

Krebs on Security

* German Cops Raid "Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting* MyPayrollHR CEO Arrested, Admits to $70M Fraud* Interview With the Guy Who Tried to Frame Me for Heroin Possession* Before He Spammed You, this Sly Prince Stalked Your Mailbox* Man Who Hired Deadly Swatting Gets 15 Months* NY Payroll Company Vanishes With $35 Million* Patch Tuesday, September 2019 Edition* Secret Service Investigates Breach at U.S. Govt IT Contractor* 'Satori' IoT Botnet Operator Pleads Guilty* Spam In your Calendar? Here's What to Do.

Dark Reading

* Edge Feature Section* Best Practices* The Etiquette of Respecting Privacy in the Age of IoT* Cloud Vulnerability Could Let One Server Compromise Thousands* Apple Patches Multiple Vulnerabilities Across Platforms* Cybersecurity Certification in the Spotlight Again * DoorDash Breach Affects 4.9M Merchants, Customers, Workers* Is Your Organization Suffering from Security Tool Sprawl?* Mass Exploitation of vBulletin Flaw Raises Alarm* Cloud-Native Applications: Shift to Serverless is Underway* Ransomware Hits Multiple, Older Vulnerabilities * Voting Machine Systems New & Old Contain 'Design' Flaws* Why Clouds Keep Leaking Data* Bridging the Gap Between Security & DevOps* Airbus Cyberattack Landed on Suppliers' Networks* Why You Need to Think About API Security* New Emergency Communications Plan Released by CISA* GandCrab Developers Behind Destructive REvil Ransomware* When Compliance Isn't Enough: A Case for Integrated Risk Management* Long-Lining: Reeling In the Big Fish in Your Supply Chain

The Hacker News

* Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data* More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed* Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X* Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers* DoorDash Breach Exposes 4.9 Million Users' Personal Data* Outlook for Web Bans 38 More File Extensions in Email Attachments* iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny* [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly* 1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp* Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples* Cynet 360: The Next Generation of EDR* Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw* Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme* Update Google Chrome Browser to Patch New Critical Security Flaws* IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador's History

Security Week

* Driver's License Thefts Spur ADOT to Boost Online Safeguards* Germany Cracks 'Cyber Bunker' Hosting Darknet Sites* Microsoft Expands List of Blocked File Types in Outlook on the Web* Apple Patches iOS 13 Bug Allowing Third-Party Keyboards "Full Access"* Malware Delivery Campaign Employs Advanced Fileless Techniques* Dunkin' Donuts Sued by New York's State Attorney General Over Data Breaches* 'Unpatchable' iOS Bootrom Exploit Allows Jailbreaking of Many iPhones* China Rejects 'Smear' After Airbus Hacking Report* Airbus Says Taking 'Appropriate Measures' Against Hackers* GAO Says Electric Grid Cybersecurity Risks Only Partially Assessed* German Auto and Defense Firm Rheinmetall Says Malware Hit Several Plants* Researchers Disclose Another SIM Card Attack Possibly Impacting Millions* FBI Reviewed Cybersecurity Firm's Evidence in 2016 DNC Election Hack * Magecart Hackers Target L7 Routers* DoorDash Breach Exposes Data of Nearly 5 Mn Users* Chinese Hackers Hit Technology Firms in Southeast Asia With PcShare Backdoor* Incident Pruning, Cutting a Path to More Effective Investigations* Adopt Insertion Point Security for a Microservices World * 'Chameleon' Spam Campaign Employs Randomized Email Headers* There Is Life for the CISO After a Breach

Infosecurity Magazine

* Cyber-Harassment Expert Wins MacArthur Genius Grant* New Spyware Threatens Telegram's 200 Million Users * Dunkin' Sued for Keeping Data Breach Secret * Global Consumers Reject Government-Mandated Encryption Backdoors* Banks Add to Confusion as Scammers Target Thomas Cook Customers* DoorDash Breach Exposes Data on Nearly Five Million Users* Cyber-battle Over Real Model City Planned for Abu Dhabi Security Conference * Health Industry Cybersecurity Matrix Launched * Texas Prepares to Implement Mandatory Cybersecurity Training for Government Employees* Secure DevOps Practices Expected to Increase for Cloud Apps* Magecart Group Goes After Commercial Router Users* Blackmail Fears as Data Leak Exposes Dating App Users

Naked Security

* 'Fleeceware' Play store apps quietly charging up to $250* Apple users, patch now! The 'bug that got away' has been fixed* Chrome cripples movie studio Mac Pros* Google made thousands of deepfakes to aid detection efforts* Match knowingly puts people at risk from scammers, FTC charges* S2 Ep10: Emotet's back, mutant WannaCry and Insta scam - Naked Security Podcast* Hackers are infecting WordPress sites via a defunct plug-in* Russian pleads guilty in massive JPMorgan hacking scheme* Update ColdFusion now! Emergency patch for critical flaws* Vimeo sued for storing faceprints of people without their say-so

Quick Heal - Security Simplified

* Quick Heal reports 29 malicious apps with 10 million+ downloads on Google Play Store* Trivia! 5 things you never imagined could be hacked by cyber criminals* The Free Mobile Anti-virus you are using can be a Fake!* Teacher's Day Special - Things that teachers must know about their students to make them cyber safe* PowerShell: Living off the land!* Cybersquatting and Typosquatting victimizing innocent customers and brands* Phishers using custom 404 Not Found error page to steal Microsoft credentials* Alert! 27 apps found on Google Play Store that prompt you to install Fake Google Play Store* Alert! Income tax refund SMS - Newest way of conducting bank fraud by cyber criminals* Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners

Threat Post

* iOS Exploit 'Checkm8' Could Allow Permanent iPhone Jailbreaks* Masad Spyware Uses Telegram Bots for Command-and-Control* Dunkin' Donuts Gets Hit with Lawsuit Over 2015 Attack* Arcane Stealer V Takes Aim at the Low End of the Dark Web* Microsoft Blacklists Dozens of New File Extensions in Outlook* News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware* Thousands of PCs Affected by Nodersok/Divergent Malware* DoorDash Data Breach Impacts Personal Data of Almost 5M Users* Rash of Exploits Targets Critical vBulletin RCE Bug* 5G and IoT: How to Approach the Security Implications

The Hacker Corner

Conferences

* Advertising Landing Page Copy/Form* Apply: FREE 6 Month InfoSec Speaking Plan* Apply: FREE 6 Month InfoSec Speaking Plan* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)* 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy* An Interview with Jack Daniel: Co-Founder of BSides!

Latest Website Defacements

* http://pn-mandailingnatal.go.id/version.txt* http://ptun-jakarta.go.id/version.txt* https://perpustakaan.pn-balige.go.id* http://essmar.gov.co/vz.htm* https://ppid.pandeglangkab.go.id* https://www.sukhothai1.go.th/wS0.php* http://www.banmaeka.go.th/007.html* http://www.iskan.gov.tr/README.HTM* http://dokumentasi.blitarkab.go.id* http://www.santacruzdoxingu.mt.leg.br* http://www.santacruzdoxingu.mt.gov.br* http://mohesr.gov.iq* http://itpc.gov.iq* http://ceo.gov.iq* http://mot.gov.iq* http://moi.gov.iq* http://moh.gov.iq* http://moc.gov.iq* http://inis.gov.iq* http://pmo.gov.iq

Tools & Techniques

Packet Storm Security Tools Links

* Falco 0.17.1* Suricata IDPE 4.1.5* XSSer Penetration Testing Tool 1.8-1* Wireshark Analyzer 3.0.5* Web-Based Firewall Logging Tool 1.1.2* TOR Virtual Network Tunneling Tool 0.4.1.6* Packet Fence 9.1.0* Wireshark Analyzer 3.0.4* OpenSSL Toolkit 1.1.1d* Wapiti Web Application Vulnerability Scanner 3.0.2

Kali Linux Tutorials

* Router Exploit Shovel : Automated Application Generation for Stack Overflow Types on Wireless Routers* SKA : Simple Karma Attack* ArmourBird CSF - Container Security Framework* Tachyon : Fast Http Dead File Finder* Juicy Potato : A Sugared Version Of RottenPotatoNG, With A Bit Of Juice* Scout Suite : Multi-Cloud Security Auditing Tool* Mitaka : A Browser Extension For OSINT Search* Kirjuri : Web Application For Managing Cases & Physical Forensic Evidence Items* SysAnalyzer : Automated Malcode Analysis System* Pixload : Image Payload Creating/Injecting Tools

GBHackers Analysis

* Magecart Hackers Group Attack High-grade Wi-Fi Routers To Take Control The Public-WiFi Networks* Top 7 Vulnerability Database Sources to Trace New Vulnerabilities* CWE Top 25 (2019) - List of Top 25 Most Dangerous Software Weakness that Developers Need to Focus* Vulnerability in Exim Mail Server Let Hackers Gain Root Access Remotely From 5 Million Email Servers* Twitter CEO Jack Dorsey Account Hacked using Sim Swapping Attack

Proof of Concept (PoC) & Exploits

Packet Storm Security

* V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation* V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting* V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery* V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation* V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download* ACTi ACM-5611 Video Camera Remote Command Execution* ACTi ACD-2100 Video Encoder Remote Command Execution* eBrigade SQL Injection* vBulletin 5.x 0-Day Pre-Auth Remote Command Execution* Duplicate-Post 3.2.3 Cross Site Scripting* all-in-one-seo-pack 3.2.7 Cross Site Scripting* inoERP 4.15 SQL Injection* citecodecrashers Pic-A-Point 1.1 SQL Injection* ACTi ACM-3100 Camera Remote Command Execution* Chrome IndexedDBConnection::Close Use-After-Free* Chrome ~LevelDBIteratorImpl Use-After-Free* YzmCMS 5.3 Host Header Injection* NPMJS gitlabhook 0.0.17 Remote Command Execution* WP Server Log Viewer 1.0 Cross Site Scripting* SpotIE Internet Explorer Password Recovery 2.9.5 Denial Of Service* Chamilo LMS 1.11.8 Shell Upload* vBulletin 5.x Pre-Auth Remote Code Execution* ABRT sosreport Privilege Escalation* Microsoft SharePoint 2013 SP1 Cross Site Scripting* iMessage NSSharedKeyDictionary Decoding Out Of Bounds Read

Proof of Concept (PoC) & Exploits

Exploit Database

* [webapps] WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting* [webapps] V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation* [webapps] V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery* [webapps] V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download* [webapps] thesystem App 1.0 - 'username' SQL Injection* [webapps] thesystem App 1.0 - Persistent Cross-Site Scripting* [webapps] thesystem App 1.0 - 'server_name' SQL Injection* [remote] Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)* [webapps] InoERP 0.7.2 - Persistent Cross-Site Scripting* [webapps] citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection* [webapps] inoERP 4.15 - 'download' SQL Injection* [webapps] all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting* [webapps] Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting* [webapps] Chamillo LMS 1.11.8 - Arbitrary File Upload* [webapps] YzmCMS 5.3 - 'Host' Header Injection* [local] ABRT - sosreport Privilege Escalation (Metasploit)* [webapps] NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution* [webapps] WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting* [dos] SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service* [webapps] Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting* [remote] Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)* [dos] iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds* [dos] Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service* [remote] File Sharing Wizard 1.5.0 - POST SEH Overflow* [dos] DeviceViewer 3.12.0.1 - 'creating user' Denial of Service

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* AA19-024A: DNS Infrastructure Hijacking Campaign* Vulnerability Summary for the Week of September 16, 2019* Vulnerability Summary for the Week of September 9, 2019* Vulnerability Summary for the Week of September 2, 2019

Symantec - Latest List

* Microsoft Internet Explorer Scripting Engine CVE-2019-1367 Remote Memory Corruption Vulnerability* Microsoft .NET Core CVE-2019-1301 Denial of Service Vulnerability* Microsoft Windows CVE-2019-1215 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability* Microsoft SharePoint CVE-2019-1296 Remote Code Execution Vulnerability* Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability* Microsoft Excel CVE-2019-1297 Remote Code Execution Vulnerability* Microsoft SharePoint CVE-2019-1295 Remote Code Execution Vulnerability* Microsoft Windows Secure Boot CVE-2019-1294 Local Security Bypass Vulnerability* Microsoft Windows LNK CVE-2019-1280 Remote Code Execution Vulnerability* Microsoft Winlogon CVE-2019-1268 Local Privilege Escalation Vulnerability* Microsoft Compatibility Appraiser CVE-2019-1267 Local Privilege Escalation Vulnerability* Microsoft Exchange Server CVE-2019-1266 Spoofing Vulnerability* Microsoft Yammer CVE-2019-1265 Security Bypass Vulnerability* Microsoft Office CVE-2019-1264 Security Bypass Vulnerability* Microsoft Excel CVE-2019-1263 Information Disclosure Vulnerability* Microsoft Office SharePoint CVE-2019-1262 Cross Site Scripting Vulnerability* Microsoft SharePoint CVE-2019-1261 Spoofing Vulnerability* Microsoft SharePoint CVE-2019-1260 Remote Privilege Escalation Vulnerability* Microsoft SharePoint CVE-2019-1259 Spoofing Vulnerability* Microsoft SharePoint CVE-2019-1257 Remote Code Execution Vulnerability* Microsoft Windows Text Service Framework CVE-2019-1235 Local Privilege Escalation Vulnerability* Microsoft Exchange CVE-2019-1233 Remote Denial of Service Vulnerability* Microsoft Windows Diagnostics Hub CVE-2019-1232 Local Privilege Escalation Vulnerability* Microsoft Rome SDK CVE-2019-1231 Information Disclosure Vulnerability* Microsoft ASP.NET Core CVE-2019-1302 Remote Privilege Escalation Vulnerability

AdvisoriesPacket Storm Security - Latest List

Slackware Security Advisory - mozilla-thunderbird UpdatesSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -currentto fix security issues. Ubuntu Security Notice USN-4140-1Ubuntu Security Notice 4140-1 - It was discovered that no user notification was given when pointer lock isenabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploitthis to hijack the mouse pointer and confuse users.Samsung Mobile Android FotaAgent Arbitrary File CreationA vulnerability in Samsung Mobile Android FotaAgent allows creating privileged files without proper permissionfrom an unprivileged process.Samsung Mobile Android SamsungTTS Privilege EscalationThe Samsung Text-to-speech Engine System Component on Android suffers from a local privilege escalationvulnerability. Versions before 3.0.02.7 and 3.0.00.101 are affected.Jira Server / Data Center Template InjectionJira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.Bitbucket Server / Data Center Argument InjectionBitbucket Server and Bitbucket Data Center suffer from an argument injection vulnerability. Versions affectedinclude those below 5.16.10, 6.0.0 up to 6.0.10, 6.1.0 up to 6.1.8, 6.2.0 up to 6.2.6, 6.3.0 up to 6.3.5, 6.4.0 upto 6.4.3, and 6.5.0 up to 6.5.2.Ubuntu Security Notice USN-4139-1Ubuntu Security Notice 4139-1 - It was discovered that File Roller incorrectly handled certain TAR files. Anattacker could possibly use this issue to overwrite sensitive files during extraction.Red Hat Security Advisory 2019-2900-01Red Hat Security Advisory 2019-2900-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include a buffer overflow vulnerability.Red Hat Security Advisory 2019-2899-01Red Hat Security Advisory 2019-2899-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include a buffer overflow vulnerability.Debian Security Advisory 4531-1Debian Linux Security Advisory 4531-1 - Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation, denial of service or information leaks.Debian Security Advisory 4532-1Debian Linux Security Advisory 4532-1 - It was discovered that SPIP, a website engine for publishing, wouldallow unauthenticated users to modify published content and write to the database, perform cross-site requestforgeries, and enumerate registered users.Red Hat Security Advisory 2019-2825-01

Red Hat Security Advisory 2019-2825-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. This advisorycontains cri-o RPM packages for Red Hat OpenShift Container Platform 4.1.17. A credential disclosure issuewas addressed.Red Hat Security Advisory 2019-2896-01Red Hat Security Advisory 2019-2896-01 - In accordance with the Red Hat Enterprise Linux Errata SupportPolicy, Extended Update Support for Red Hat Enterprise Linux 7.4 is retired as of August 31, 2019, and activesupport will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, includingCritical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.4 EUS after August31, 2019. Red Hat Security Advisory 2019-2901-01Red Hat Security Advisory 2019-2901-01 - The kernel packages contain the Linux kernel, the core of any Linuxoperating system. Issues addressed include a buffer overflow vulnerability.Ubuntu Security Notice USN-4138-1Ubuntu Security Notice 4138-1 - It was discovered that LibreOffice incorrectly handled embedded scripts indocument files. If a user were tricked into opening a specially crafted document, a remote attacker couldpossibly execute arbitrary code.Red Hat Security Advisory 2019-2893-01Red Hat Security Advisory 2019-2893-01 - The httpd packages provide the Apache HTTP Server, a powerful,efficient, and extensible web server. Issues addressed include a denial of service vulnerability.Red Hat Security Advisory 2019-2892-01Red Hat Security Advisory 2019-2892-01 - Kernel-based Virtual Machine is a full virtualization solution for Linuxon a variety of architectures. The qemu-kvm packages provide the user-space component for running virtualmachines that use KVM. Issues addressed include buffer overflow and null pointer vulnerabilities.Red Hat Security Advisory 2019-2889-01Red Hat Security Advisory 2019-2889-01 - The redhat-virtualization-host packages provide the Red HatVirtualization Host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linuxwith only the packages required to host virtual machines. RHVH features a Cockpit user interface formonitoring the host's resources and performing administrative tasks. Issues addressed include a bufferoverflow vulnerability.Red Hat Security Advisory 2019-2817-01Red Hat Security Advisory 2019-2817-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. A credentialdisclosure issue was addressed.Red Hat Security Advisory 2019-2885-01Red Hat Security Advisory 2019-2885-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems,written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either themaildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issuesaddressed include an out of bounds write vulnerability.Red Hat Security Advisory 2019-2818-01Red Hat Security Advisory 2019-2818-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or private cloud deployments. Ubuntu Security Notice USN-4137-1Ubuntu Security Notice 4137-1 - It was discovered that Mosquitto incorrectly handled certain specially craftedinput and network packets. A remote attacker could use this to cause a denial of service.Kernel Live Patch Security Notice LSN-0056-1Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linuxkernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possiblyexecute arbitrary code in the host OS.

Ubuntu Security Notice USN-4134-2Ubuntu Security Notice 4134-2 - USN-4134-1 fixed a vulnerability in IBus. The security fix introduced aregression when being used with Qt applications. This update reverts the security fix pending furtherinvestigation. Simon McVittie discovered that IBus did not enforce appropriate access controls on its privateD-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploitthis to capture the key strokes of the other user. Various other issues were also addressed.

https://www.informationwarfarecenter.com