Subscribe: US-CERT National Cyber Alert System
http://www.us-cert.gov/channels/cas.rdf
Preview: US-CERT National Cyber Alert System

US-CERT: The United States Computer Emergency Readiness Team





 



IC3 Warns of Employment Scams Targeting College Students

Fri, 20 Jan 2017 00:19:57 +0000

Original release date: January 19, 2017

The Internet Crime Complaint Center (IC3) has issued an alert on employment scams targeting college students. Phony job opportunities are advertised via college employment websites or students’ university emails. Unfortunately, students who take the bait suffer financial losses.

US-CERT encourages users and administrators to review the IC3 Alert for information on avoiding these scams. US-CERT Tip ST04-014 is another useful reference on social engineering and phishing attacks.


This product is provided subject to this Notification and this Privacy & Use policy.





Oracle Releases Security Bulletin

Wed, 18 Jan 2017 18:04:54 +0000

Original release date: January 18, 2017

Oracle has released its Critical Patch Update for January 2017 to address 270 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle January 2017 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





SMB Security Best Practices

Tue, 17 Jan 2017 04:45:59 +0000

Original release date: January 16, 2017 | Last revised: January 17, 2017

In response to public reporting of a potential Server Message Block (SMB) vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.

US-CERT recommends that users and administrators consider:

  • disabling SMB v1 and
  • blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 and 204279.


This product is provided subject to this Notification and this Privacy & Use policy.





SB17-016: Vulnerability Summary for the Week of January 9, 2017

Mon, 16 Jan 2017 12:01:13 +0000

Original release date: January 16, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution.2017-01-109.3CVE-2017-2939BIDCONFIRMadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution.2017-01-109.3CVE-2017-2940BIDCONFIRMadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution.2017-01-109.3CVE-2017-2941BIDCONFIRMadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution.2017-01-109.3CVE-2017-2942BIDCONFIRMadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution.2017-01-109.3CVE-2017-2943BIDCONFIRMadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution.2017-01-109.3CVE-2017-2944BIDCONFIRMadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.2017-01-109.3CVE-2017-2945BIDCONFIRMadobe -- acrobat_dcAdobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information.[...]



ISC Releases Security Updates for BIND

Thu, 12 Jan 2017 02:52:51 +0000

Original release date: January 11, 2017

The Internet Systems Consortium (ISC) has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P5
  • BIND 9 version 9.10.4-P5
  • BIND 9 version 9.11.2-P2
  • BIND 9 version 9.9.9-S7

Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01439, AA-01440, AA-01441, and AA-01442 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Adobe Releases Security Updates

Tue, 10 Jan 2017 21:07:46 +0000

Original release date: January 10, 2017

Adobe has released security updates to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-01 and APSB17-02 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Microsoft Releases January 2017 Security Bulletin

Tue, 10 Jan 2017 21:01:01 +0000

Original release date: January 10, 2017

Microsoft has released four updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Microsoft Security Bulletins MS17-001 through MS17-004 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





SB17-009: Vulnerability Summary for the Week of January 2, 2017

Mon, 09 Jan 2017 14:09:04 +0000

Original release date: January 09, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoarista -- dcs-7050t_eos_softwareArista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.2017-01-047.8CVE-2016-6894BIDCONFIRMawebsupport -- aweb_cart_watching_system_for_virtuemartSQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.2017-01-037.5CVE-2016-10114BIDMISCgenexia -- drgosThe Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter.2017-01-059.0CVE-2015-3441MISCgenixcms_project -- genixcmsSQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.2017-01-017.5CVE-2016-10096MISCBIDMISCMISCicu_project -- international_components_for_unicodeStack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.2017-01-047.5CVE-2014-9911CONFIRMMLISTBIDCONFIRMCONFIRMlibgd -- libgdInteger signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.2017-01-047.5CVE-2016-8670MLISTCONFIRMCONFIRMBIDCONFIRMCONFIRMlibvncserver_project -- libvncserverHeap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.2016-12-317.5CVE-2016-99[...]



SB17-002: Vulnerability Summary for the Week of December 26, 2016

Mon, 02 Jan 2017 23:10:33 +0000

Original release date: January 02, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- cloudcenter_orchestratorA vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).2016-12-2610.0CVE-2016-9223BIDCONFIRMdebian -- debian_linuxThrough a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.2016-12-237.5CVE-2016-7966SUSEDEBIANMLISTBIDFEDORAhp -- thinproHP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.2016-12-297.2CVE-2016-2246HPBIDkde -- kmailKMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.2016-12-237.5CVE-2016-7968MLISTBIDMISClinux -- linux_kernelThe sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.2016-12-287.2CVE-2012-6704CONFIRMMLISTBIDCONFIRMCONFIRMlinux -- linux_kernelThe blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.2016-12-287.2CVE-20[...]



GRIZZLY STEPPE - Russian Malicious Cyber Activity

Thu, 29 Dec 2016 19:21:59 +0000

Original release date: December 29, 2016 | Last revised: December 30, 2016

The Department of Homeland Security (DHS) has released a Joint Analysis Report (JAR) that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. This activity by Russian civilian and military intelligence services (RIS) is part of an ongoing campaign of cyber-enabled operations directed at the U.S. Government and private sector entities.

DHS recommends that network administrators review the Security Publication for more information and implement the recommendations provided.


This product is provided subject to this Notification and this Privacy & Use policy.