Subscribe: US-CERT Technical Alerts and Bulletins
http://www.us-cert.gov/channels/techdocs.rdf
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
april  cisco  cve  cyber  date april  information  original release  release date  security  updates  vulnerabilities  vulnerability 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: US-CERT Technical Alerts and Bulletins

US-CERT: The United States Computer Emergency Readiness Team





 



Drupal Releases Security Updates

Thu, 19 Apr 2018 00:23:26 +0000

Original release date: April 18, 2018

Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information.

NCCIC encourages users and administrators to review the Drupal Security Advisory for additional information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Updates for Multiple Products

Wed, 18 Apr 2018 20:19:34 +0000

Original release date: April 18, 2018

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.





Google Releases Security Update for Chrome

Wed, 18 Apr 2018 16:59:01 +0000

Original release date: April 18, 2018

Google has released Chrome version 66.0.3359.117 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





Oracle Releases April 2018 Security Bulletin

Tue, 17 Apr 2018 22:11:30 +0000

Original release date: April 17, 2018

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

Mon, 16 Apr 2018 17:25:40 +0000

Original release date: April 16, 2018 | Last revised: April 20, 2018 Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network Devices Overview Update: On April 19, 2018, an industry partner notified NCCIC and the FBI of malicious cyber activity that aligns with the techniques, tactics, and procedures (TTPs) and network indicators listed in this Alert. Specifically, the industry partner reported the actors redirected DNS queries to their own infrastructure by creating GRE tunnels and obtained sensitive information, which include the configuration files of networked devices.NCCIC encourages organizations to use the detection and prevention guidelines outlined in this Alert to help defend against this activity. For instance, administrators should inspect the presence of protocol 47 traffic flowing to or from unexpected addresses, or unexplained presence of GRE tunnel creation, modification, or destruction in log files.Original Post: This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). This TA provides information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices) by Russian state-sponsored cyber actors. Targets are primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. This report contains technical details on the tactics, techniques, and procedures (TTPs) used by Russian state-sponsored cyber actors to compromise victims. Victims were identified through a coordinated series of actions between U.S. and international partners. This report builds on previous DHS reporting and advisories from the United Kingdom, Australia, and the European Union. [1-5] This report contains indicators of compromise (IOCs) and contextual information regarding observed behaviors on the networks of compromised victims. FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.DHS, FBI, and NCSC urge readers to act on past alerts and advisories issued by the U.S. and U.K. Governments, allied governments, network device manufacturers, and private-sector security organizations. Elements from these alerts and advisories have been selected and disseminated in a wide variety of security news outlets and social media platforms. The current state of U.S. network devices—coupled with a Russian government campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States.The purpose of this TA is to inform network device vendors, ISPs, public-sector organizations, private-sector corporations, and small office home office (SOHO) customers about the Russian government campaign, provide information to identify malicious activity, and reduce exposure to this activity.For a downloadable copy of the IOC package, see TA18-106A_TLP_WHITE.stix.xml. Description Since 2015, the U.S. Government received information from multiple sources—including private and public sector cybersecurity research organizations and allies—that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers and switches worldwide. The U.S. Government assesses that cyber actors supported by the Russian government carried out this worldwide campaign. These operations enable espionage and intellectual property theft that supports th[...]



Russian Malicious Cyber Activity

Mon, 16 Apr 2018 16:01:54 +0000

Original release date: April 16, 2018

The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber activity by the Russian government as GRIZZLY STEPPE.

NCCIC encourages users and administrators to review the GRIZZLY STEPPE - Russian Malicious Cyber Activity page, which links to TA18-106A - Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, for more information.


This product is provided subject to this Notification and this Privacy & Use policy.





SB18-106: Vulnerability Summary for the Week of April 9, 2018

Mon, 16 Apr 2018 10:52:56 +0000

Original release date: April 16, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.  High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocmsmadesimple -- cms_made_simpleCMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.2018-04-137.5CVE-2018-10085MISCBack to top Medium VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocmsmadesimple -- cms_made_simpleCMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.2018-04-116.8CVE-2018-10030MISCcmsmadesimple -- cms_made_simpleCMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.2018-04-116.8CVE-2018-10031MISCcmsmadesimple -- cms_made_simpleCMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.2018-04-135.0CVE-2018-10082MISCcmsmadesimple -- cms_made_simpleCMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.2018-04-136.4CVE-2018-10083MISCcmsmadesimple -- cms_made_simpleCMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.2018-04-136.5CVE-2018-10084MISCcmsmadesimple -- cms_made_simpleCMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.2018-04-136.5CVE-2018-10086MISCBack to top Low VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocacti -- cactiCacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri fun[...]



VMware Releases Security Updates

Fri, 13 Apr 2018 17:24:39 +0000

Original release date: April 13, 2018

VMware has released security updates to address a vulnerability in vRealize Automation. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0009 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Juniper Networks Releases Security Updates

Fri, 13 Apr 2018 00:34:11 +0000

Original release date: April 12, 2018

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Juniper Security Advisories and apply necessary updates:

  • Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016)
  • SRX Series: Denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017)
  • SRX Series: Crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies (CVE-2018-0018)
  • Junos: Denial-of-service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019)
  • Junos OS: rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020)
  • Steel-Belted Radius Carrier: Eclipse Jetty information disclosure vulnerability (CVE-2015-2080)
  • NorthStar: Return of Bleichenbacher’s Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385)
  • OpenSSL: Multiple vulnerabilities resolved in OpenSSL
  • Junos OS: Multiple vulnerabilities in stunnel 5.38
  • NSM Appliance: Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release
  • Junos OS: Short MacSec keys may allow man-in-the-middle attacks
  • Junos OS: Mbuf leak due to processing MPLS packets in VPLS networks (CVE-2018-0022)
  • Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission (CVE-2018-0023)

This product is provided subject to this Notification and this Privacy & Use policy.





Microsoft Releases April 2018 Security Updates

Tue, 10 Apr 2018 20:10:58 +0000

Original release date: April 10, 2018

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft's April 2018 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.