Subscribe: US-CERT National Cyber Alert System
http://www.us-cert.gov/channels/cas.rdf
Preview: US-CERT National Cyber Alert System

US-CERT: The United States Computer Emergency Readiness Team





 



Drupal Releases Security Updates

Wed, 21 Feb 2018 23:34:18 +0000

Original release date: February 21, 2018

Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.57 or 8.4.5.


This product is provided subject to this Notification and this Privacy & Use policy.





IC3 Issues Alert on Increase in W-2 Phishing Campaigns

Wed, 21 Feb 2018 23:31:16 +0000

Original release date: February 21, 2018

The Internet Crime Complaint Center (IC3) has issued an alert on the increase in W-2-related phishing campaigns. Fraudsters often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom.

NCCIC/US-CERT encourages taxpayers to review the IC3 Alert and refer to the NCCIC/US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of a phishing campaign, report it to IC3 at www.ic3.gov


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Updates for Multiple Products

Wed, 21 Feb 2018 17:09:27 +0000

Original release date: February 21, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.





SB18-050: Vulnerability Summary for the Week of February 12, 2018

Mon, 19 Feb 2018 05:15:08 +0000

Original release date: February 19, 2018 | Last revised: February 20, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to topMedium VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to topLow VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to topSeverity Not Yet AssignedPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3s-smart -- codesys_web_serverA Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.2018-02-15not yet calculatedCVE-2018-5440BIDMISCadvantech -- webaccessThe VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).2018-02-13not yet calculatedCVE-2018-6911EXPLOIT-DBapache -- couchdbThe Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.2018-02-12not yet calculatedCVE-2016-8742MLISTBIDEXPLOIT-DBapache -- jmeterWhen using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.2018-02-13not yet calculatedCVE-2018-1297MLISTCONFIRMapache -- jmeterIn Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.2018-02-1[...]



Microsoft Releases February 2018 Security Updates

Tue, 13 Feb 2018 20:09:07 +0000

Original release date: February 13, 2018

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review Microsoft's February 2018 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Adobe Releases Security Updates

Tue, 13 Feb 2018 18:45:50 +0000

Original release date: February 13, 2018

Adobe has released security updates to address vulnerabilities in Adobe Experience Manager, Acrobat, and Reader. A remote attacker could exploit these vulnerabilities to take control of an affected system.                  

NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-02 and APSB18-04 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





North Korean Malicious Cyber Activity

Tue, 13 Feb 2018 15:01:09 +0000

Original release date: February 13, 2018

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as HARDRAIN and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

NCCIC/US-CERT encourages users and administrators to review the HIDDEN COBRA - North Korean Malicious Cyber Activity page, which contains links to Malware Analysis Reports MAR-10135536-F and MAR-10135536-G, for more information.


This product is provided subject to this Notification and this Privacy & Use policy.





SB18-043: Vulnerability Summary for the Week of February 5, 2018

Mon, 12 Feb 2018 05:46:58 +0000

Original release date: February 12, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.  High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top Medium VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top Low VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top Severity Not Yet AssignedPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabrt -- abrt The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.2018-02-09not yet calculatedCVE-2015-1862MISCMISCMISCFULLDISCMLISTBIDCONFIRMCONFIRMEXPLOIT-DBEXPLOIT-DBadobe -- flash_player A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to quality of service functionality. A successful attack can lead to arbitrary code execution.2018-02-06not yet calculatedCVE-2018-4877BIDREDHATMISCadobe -- flash_player A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to the handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.2018-02-06not yet calculatedCVE-2018-4878MISCBIDSECTRACKREDHATMISCMISCMISCMISCanymail -- anymail webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.2018-02-03not yet calculatedCVE-2018-6596CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMDEBIANapache -- allura In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.2018-02-06not yet calculatedCVE-2018-1299CONFIRMMLISTapache -- cloudstack In [...]



Cisco Releases Security Updates for Multiple Products

Wed, 07 Feb 2018 18:08:00 +0000

Original release date: February 07, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Adobe Releases Security Updates for Flash Player

Tue, 06 Feb 2018 18:09:45 +0000

Original release date: February 06, 2018

Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.                 

NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-03 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.