NATIONAL CRITICAL INFORMATION INFRASTRUCTURE PROTECTION CENTRE (NCIIPC)

A Unit of National Technical Research Organisation


Alert and Advisories- 2017

  • Cisco Releases Security Updates (29 Nov 2017)

    Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities to take control of an affected system.

  • NCSC Releases Security Advisory (29 Nov 2017)

    The United Kingdom's National Cyber Security Centre (NCSC) has released an advisory to highlight Neuron and Nautilus tools used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats.

  • Oracle Security Alert (22 Nov 2017)

  • Intel Firmware Vulnerability (21 Nov 2017)

    Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Symantec Releases Security Update (21 Nov 2017)

    Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system.

  • Windows ASLR Vulnerability (20 Nov 2017)

    The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.

  • Cisco Releases security update (15 Nov 2017)

    Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

  • Mozilla release security update (14 Nov 2017)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Microsoft Releases November 2017 Security Updates (14 Nov 2017)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Adobe Releases Security Updates (14 Nov 2017)

    Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

  • Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE) (09 Nov 2017)

    Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system

  • Joomla! Releases Security Update (07 Nov 2017)

    Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

  • OpenSSL Security Advisory (02 Nov 2017)

    There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.

  • Cisco Releases Security Updates (01 Nov 2017)

    Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • WordPress Releases Security Update (31 Oct 2017)

    WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information.

  • Oracle Security Alert on Oracle Identity Manager (27 Oct 2017)

  • Alert on BadRabbit Ransomware (27 Oct 2017)

  • Users Bypass Security Restriction vulnerability in Apache HTTPD on Red Hat Enterprise Linux (20 Oct 2017)

    A vulnerability was reported in Apache HTTPD on Red Hat Enterprise Linux. A remote user can bypass security controls on the target system. The system may not properly parse comments in the 'Allow' and 'Deny' configuration lines. as a result, a remote user may be able to access an ostensibly restricted HTTP resource.
    Remediation : Red hat has issued a fix.

  • Infineon RSA library Security Bypass Vulnerability (20 Oct 2017)

    A remote attacker may be able recover the RSA private key from a victim's public key, if it was generated by the Infineon RSA library.
    Remediation : Apply appropriate updates

  • Multiple Vulnerability in Oracle Products (17 Oct 2017)

    A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.
    Remediation : Apply appropriate Patches

  • WiFi Vulnerabilities (KRACK) (17 Oct 2017)

    Severe vulnerabilities have brought all modern secure WiFi networks under serious Threat. Researchers have unearthed flaws in WPA2 protocol implementation in WiFi Clients and Wireless Access points (APs). Remediation : Apply appropriate updates from OEMs on all WiFi devices frequently. E.g. OS of Clients (Systems/Phones) and Firmware of APs. Security updates will assure a key is only installed once and therefore likely to preventing possible attack.

  • Mozilla Releases Security Update (11 Oct 2017)

    Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

  • Data Stealer Malware Hits Critical Cyber Infrastructure (11 Oct 2017)

    It has been intimated that several high-volume FormBook malware distribution campaigns were observed primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. Dubbed FormBook, the data stealer malware is distributed u sing different methods which steal clipboard contents, log keystrokes and extract data from HTTP sessions.
    Remediation: Since FormBook targets Windows devices, it is high time for high-profile institutions to either upgrade their Windows OS to the latest or move to a secure one. Moreover, don’t open any unknown or suspicious emails, don’t click links in an anonymous email and avoid downloaded attachments from the email address you are not familiar with

  • Microsoft Releases October 2017 Security Updates (10 Oct 2017)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. In this release, Microsoft has resolved three publicly disclosed issues, one of which has been actively exploited in the wild. The Windows zero day vulnerability is memory corruption vulnerability in Microsoft Office (CVE-2017-11826). According to Microsoft, the Windows zero day could allow remote code execution by an attacker and affects programs in Office 2007, 2010, 2013 and 2016.
    Remediation: It is recommended to apply the available patches for the above vulnerabilities.

  • Siemens 7KT PAC1200 Data Manager Integrated Web Server Authentication Bypass Vulnerability (05 Oct 2017)

    A vulnerability in Siemens 7KT PAC1200 data manager could allow an unauthenticated, remote attacker to bypass authentication mechanisms and perform unauthorized administrative actions on a targeted system.

  • Apple Releases Security Update for macOS High Sierra (05 Oct 2017)

    Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information.

  • Apache HTTPD Use-After-Free Memory Error Vulnerability (05 Oct 2017)

    A remote user can obtain potentially sensitive information on the target system in certain cases.
    Remediation: The vendor has issued a fix (2.4.28).

  • Cisco Releases Security Updates (04 Oct 2017)

    Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

  • Apache Releases Security Updates for Apache Tomcat(03 Oct 2017)

    The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.
    Remediation: Users of the affected versions should apply mitigationsprovided on link "http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3cf7229e11-5e8d-aa00-ff22-f0a795669010@apache.org%3e"

  • Dnsmasq contains multiple vulnerabilities (02 Oct 2017)

    Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests.
    Remediation:Version 2.78 has been released to address these vulnerabilities.

  • Multiple Vulnerability in Microsoft Outlook ( 31 Jul 2017)

    Multiple vulnerabilities have been reported in Microsoft Office Outlook, which could be exploited by an attacker to obtain sensitive information or execute remote commands on the targeted system.
    Remediation: Apply appropriate patches


  • Continental AG Infineon S-Gold 2 (PMB 8876) ( 27 Jul 2017)

    Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code.
    Remediation: Continental has validated the reported vulnerabilities but has not yet identified a mitigation plan.


  • Mirion Technologies Telemetry Enabled Devices (27 Jul 2017)

    Successful exploitation of these vulnerabilities could allow an attacker to transmit fraudulent data or perform a denial of service.
    Remediation: Mirion Technologies recommends that users of 900 MHz devices compare data received with expected results and past results. Inconsistencies could indicate the presence of an interfering device.


  • PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch (27 Jul 2017)

    Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access to the affected system and to issue unexpected commands to impact the intended operation of the system.
    Remediation: PDQ Manufacturing, Inc. (“PDQ”) has validated the vulnerabilities and is developing product fixes for the affected systems


  • Cisco Releases Security Update cause DoS condition (27 Jul 2017)

    Cisco has released updates to address several vulnerabilities affecting multiple products. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
    Remediation: Apply necessary updates


  • Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency ( 27 Jul 2017)

    Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain.
    Remediation: Install Updates.


  • McAfee Releases Security Bulletin for Web Gateway (27 Jul 2017)

    McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system.
    Remediation: Apply necessary updates


  • Multiple Vaulenerability in Joomla (27 Jul 2017)

    Multiple Vulnerability have been reported in Joomla, which could be exploited by a remote attacker to perform cross-site script (XSS) attacks or access sensitive information on the targeted system.
    Remediation: Upgrade to Joomla version 3.7.4


  • Multiple Vulnerabilities in Oracle Products ( 27 Jul 2017)

    Multiple Vulnerabilities have been reported in various in Oracle Products which could be exploited by an attacker to disclose sensitive information, gain elevated privileges or cause Denial of Service (DoS) conditions on the targeted system.
    Remediation: Apply appropriate patches as mentioned in Oracle Security Advisory


  • Multiple security Vulnerabilities in Oracle Products ( 26 Jul 2017)

    Multiple Vulnerabilities have been reported in various Oracle Products which could be exploited by a remote attacker to cause denial of service conditions via network, disclosure of system information and user information, Modification of system information and user information, user access via local system and via network
    Remediation: Apply appropriate patches as mentioned in Oracle Security Bulletin issue. All affected users should update their firmware as soon as possible.


  • Multiple vulnerabilities in IBM Tivoli Enterprise Portal Server (25 Jul 2017)

    Multiple Vulnerability have been reported in IBM Tivoli Enterprise Portal Server , which could be exploited by a attacker to execute arbitrary code , modify data and obtain elevated privilieges on the target system.
    Remediation: Apply appropriate patches.


  • Microsoft alert on CRASHOVERRIDE Malware (25 Jul 2017)

  • Telerik Web UI contains cryptographic weakness (25 Jul 2017)

    The Telerik Web UI, versions R2 2017 (2017.2.503) and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys.
    Remediation: Apply an Update.


  • Google Releases Security Updates for Chrome (25 Jul 2017)

    Google has released Chrome version 60.0.3112.78 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.
    Remediation: Apply an Update.


  • NXP i.MX Product Family (25 Jul 2017)

    Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service on the device due to a buffer overflow condition.
    Remediation: Because this is a hardware vulnerability, there are no software workarounds available.


  • Gnome Thumbnail VBScript-Injection Vulnerability ( Bad Taste) (24 Jul 2017)

    A Vulnerability has been reported in Gnome Files which could allow a local attacker to compromise the target system withot further user interaction.
    Remediation: Apply source code fix.


  • Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account ( 21 Jul 2017)

    Inmarsat Solutions offers a shipboard email client service, AmosConnect 8 (AC8), which was designed to be utilized over satellite networks in a highly optimized manner. A third-party security research firm has identified two security vulnerabilities in the client software.

  • IBM Cisco Security Update (21 Jul 2017)

    IBM has released a security update to address some vulnerabilities in its IBM Cisco MDS Series Switches Data Center Network Manager (DCNM) software. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.
    Remediation: Apply necessary updates


  • Cisco Releases Security Update in WSA (20 Jul 2017)

    Cisco has released a security update to address a vulnerability in its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take control of a system.
    Remediation: Apply necessary updates


  • Schneider Electric PowerSCADA Anywhere and Citect Anywhere (20 Jul 2017)

    Successful exploitation of these vulnerabilities could allow an attacker to perform actions on behalf of a legitimate user, perform network reconnaissance, or gain access to resources beyond those intended with normal operation of the product.

  • Multiple Vulnerabilities in Google Android ( 19 Jul 2017)

    Multiple Vulnerabilities have been reported in Google Android which could allow a remote attacker to cause obtain elevated privileges or execute arbitrary code on the targeted system.
    Remediation: Contact device vendor or manufacturer for appropiate over-the-air updates


  • Apple Releases Security Updates (19 July 17)

    Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

  • Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow (18 July 17)

    Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.
    Remediation: Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue. All affected users should update their firmware as soon as possible. If you have any questions, you may contact cybersecurity@dahuatech.com.


  • Rockwell Automation MicroLogix 1100 Controllers (18 Jul 2017)

    Successful exploitation of this vulnerability could cause the device that the attacker is accessing to enter a Denial-of-Service (DoS) condition.
    Remediation: Rockwell Automation recommends updating to the latest firmware revision of MicroLogix 1100 controllers, Version FRN 16.0 or later


  • ABB VSN300 WiFi Logger Card (18 Jul 2017)

    Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized access to privileged information.
    Remediation: ABB recommends that users update firmware to version 1.9.0 or newer for WiFi Logger Card, and version 2.2.5 or newer for WiFi Logger Card for React.


  • Multiple vulnerabilities in Microsoft Windows (14 Jul 2017)

    Multiple vulnerabilities have been reported in Microsoft Windows, which could be exploited by an attacker to obtain sensitive information, remote code execution, security feature bypass and gain elevated privilege on the targeted system.
    Remediation: Apply appropriate patch as mentioned in Microsoft Security Guidances (https://portal.msrc.microsoft.com/en-us/security-guidance)


  • Multiple Vulnerabilities in Apache HTTP server (14 Jul 2017)

    Multiple vulnerabilities have been reported in Apache HTTP Server, which could allow a remote attacker to cause Denial of Service (DoS) and access sensitive information on a targeted system.
    Remediation: Apply appropriate updates as mention in the following link: http://httpd.apache.org/download.cgi


  • Juniper Releases ScreenOS Security Update (13 July 2017)

    Juniper has released ScreenOS 6.3.0r24 to address multiple cross-site scripting vulnerabilities found in prior versions. An attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Juniper’s Security Bulletin (link is external) and update all affected ScreenOS versions.

  • Siemens SiPass integrated ( 13 Jul 17)

    Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to the server to perform administrative operations.
    Remediation: Siemens provides SiPass integrated V2.70, which fixes the vulnerabilities, and recommends users update to the new version.


  • Siemens SIMATIC Sm@rtClient Android App(13 Jul 2017)

    Successful exploitation of these vulnerabilities could allow an attacker in a privileged network position to read and modify data within a Transport Layer Security TLS session.
    Remediation: Siemens has released SIMATIC WinCC Sm@rtClient V1.0.2.2 for Android to address these vulnerabilities and recommends updating as soon as possible.


  • Samba Releases Security Updates (12 Jul 2017)

    The Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A remote attacker could exploit this vulnerability to take control of an affected system.

  • Denial of Service Vulnerability in Microsoft .NET Framework (12 Jul 2017)

    A vulnerability exists in Microsoft Common Object Runtime Library due to improperly handling of web requests. An unauthenticated remote attacker could exploit this vulnerability by injecting a specially crafted web requests to the .NET application to cause a denial of service condition (DoS) on targeted system.
    Remediation: Apply appropriate update as mentioned in the Microsoft Security Guidance. (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8585)


  • Multiple Vulnerabilities in Microsoft Edge (12 Jul 2017)

    Multiple vulnerabilities have been reported in Microsoft Edge which could allow remote attacker to bypass same origin policy and spoof content and execute arbitrary code on the target system.
    Remediation: Apply appropriate patches as mentioned in the Microsoft Security Guidance from link : https://portal.msrc.microsoft.com/en-us/security-guidance


  • Multiple Vulnerabilities in Microsoft Office (12 Jul 2017)

    Multiple vulnerabilities have been reported in Microsoft Office that could allow a remote attacker to execute arbitrary code and gain elevated privileges on the target system.
    Remediation: Apply appropriate software fixes as available on the vendor website.


  • Multiple Vulnerability in Microsoft Internet Explorer (12 Jul 2017)

    Multiple vulnerabilities have been reported in Microsoft Internet Explorer that could allow a remote attacker to bypass security restrictions , spoof content and execute arbitrary code on the targeted system.
    Remediation: Apply appropriate updates as mentioned in the Microsoft Security Bulletins.


  • OSIsoft PI Coresight (11 Jul 2017)

    Successful exploitation of this vulnerability may allow access to the PI System resulting in unauthorized viewing or alteration of PI System data.
    Remediation: OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.


  • Siemens SIMATIC Logon (11 Jul 2017)

    Successful exploitation of this vulnerability could allow attackers to cause a denial of service of the SIMATIC Logon Remote Access service under certain conditions.
    Remediation: Siemens created a software upgrade V1.6 for SIMATIC Logon which fixes the vulnerability, and they recommend users upgrade to the newest version.


  • Fuji Electric V-Server (11 Jul 2017)

    Successful exploitation of this memory corruption vulnerability could allow an attacker to remotely execute arbitrary code.

  • Adobe Releases Security Updates (11 Jul 2017)

    Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Connect. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft Releases July 2017 Security Updates (11 Jul 2017)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

  • Schneider Electric Ampla MES (06 Jul 2017)

    Successful exploitation of this vulnerability could compromise credentials used to connect to third party databases or compromise credentials of Ampla users configured with Simple Security.
    Remediation: Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. Software updates can be downloaded from Schneider Electric’s Ampla Support “Shopping Kiosk” area or from the link : "http://shoppingkiosk.schneider-electric.com/doc_info.aspx?DocRef=Ampla2016R1Software&isdvd=False&df=12&gid=411131"


  • Schneider Electric Wonderware ArchestrA Logger (06 Jul 2017)

    Successful exploitation of these vulnerabilities could allow a remote attacker to execute code or cause a denial of service.
    Remediation: Schneider Electric recommends that users of any Wonderware, Avantis, SimSci, or Skelta product that installs the Wonderware ArchestrA Logger version 2017.426.2307.1 or prior should apply the Wonderware ArchestrA Logger Security Patch v2017.517.2328.1 as soon as possible.


  • Siemens SIPROTEC 4 and SIPROTEC Compact (06 Jul 2017)

    Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow an attacker access to sensitive information, or allow an attacker to perform administrative functions.
    Remediation: Siemens provides updates and recommends users update to the latest version


  • CopyCat Malware Infects Millions of Android Devices (06 Jul 2017)

  • Siemens Reyrolle (06 Jul 2017)

    Successful exploitation of these vulnerabilities could allow an attacker to access sensitive device information, circumvent authentication, and perform administrative actions.
    Remediation: Siemens has released a new firmware version (V4.29.01) to address these vulnerabilities. It can be found at the SIPROTEC 4 downloads area at the following Siemens web site: http://www.siemens.com/downloads/siprotec-4


  • Joomla! Releases Security Update (05 Jul 2017)

    Joomla! has released version 3.7.3 of its Content Management System (CMS) software to address several vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

  • Cisco Releases Security Updates (05 Jul 2017)

    Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

  • NCIIPC advisory on PetrWrap ransomware (28 Jun 2017, Latest Update 05 Jul 2017)

    A new variant of Petya ransomware, also known as Petrwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused using EternalBlue exploit.

  • Ransom.Haknata (04 Jul 2017)

    Ransom.Haknata is a Trojan horse that encrypts files on the compromised computer and demands a payment to decrypt them.
    Remediation: Run a full system scan. If that does not resolve the problem you can try one of the options available in link https://www.symantec.com/security_response/writeup.jsp?docid=2017-070415-3657-99&tabid=3


  • Siemens Security Advisory by Siemens ProductCERT (04 Jul 2017)

    OZW672 and OZW772 devices are affected by two vulnerabilities, which could allow attackers to read and write historical measurement data under certain conditions, or to read and modify data in TLS sessions.
    Remediation: Siemens recommends customers to apply specific mitigations.


  • Siemens Viewport for Web Office Portal (29 Jun 2017)

    Successful exploitation of this vulnerability could allow a remote attacker to upload and execute arbitrary code.
    Remediation: Siemens recommends the following mitigations until patches can be applied:
    > Protect access to Port 443/TCP and Port 80/TCP of the affected product with appropriate measures.
    > Disable Port 80/TCP and use TLS client certificates (PKI) to access Port 443/TCP.
    > Apply Defense-in-Depth.


  • Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320 (29 Jun 2017)

    A remote attacker can gain system privileges by exploiting this vulnerability.
    Remediation: Siemens strongly recommends users protect network access to the non-perimeter industrial products with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.


  • Schneider Electric U.motion Builder (29 Jun 2017)

    A successful exploit of these vulnerabilities could allow an attacker to execute arbitrary commands or compromise the confidentiality, integrity, and availability of the system.
    Remediation: Schneider Electric says a firmware update which includes fixes for these vulnerabilities, is scheduled for availability to download by the end of August.
    NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
    >Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
    >Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
    >When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.


  • SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software (29 Jun 2017)

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.

  • Multiple Vulnerabilities in Red Hat JBoss Enterprise Application (29 Jun 2017)

    Multiple vulnerabilities have been reported in Red Hat JBoss which could allow a remote attacker to bypass security restrictions or obtain sensitive information.
    Remediation: Apply appropriate patches as mentioned by the vendor from the link : https://access.redhat.com/errata/RHSA-2017:1549


  • Xavier: Android Information Stealer (27 Jun 2017)

  • NIST Releases New Digital Identity Guidelines (26 Jun 2017)

    The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four-volume suite offers technical guidelines for organisations that use digital identity services.

  • Security Best Practices for ICS/SCADA implementations (23 Jun 2017)

    The attacks on SCADA systems are on the rise, and it is possible that many infiltrated systems have gone undetected. Cyber criminals often infect systems and silently monitor traffic, observe the activities and wait for months or even years before taking any action. This allow them to strike when they can cause the maximum damage.

  • Multiple Vulnerability in Solaris (22 Jun 2017)

    Multiple vulnerabilities are reported in Solaris which could be exploited by a local attacker to disclose sensitive information and cause partial denial of service conditions (partial DoS) on the targeted system.
    Remediation: Apply the source code fix as mentioned in the link: http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html


  • Drupal Releases Security Updates (21 Jun 2017)

    Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4.

  • Cisco Releases Security Updates (21 Jun 2017)

    Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
    (a) Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability cisco-sa-20170621-piepnm1 (link is external)
    (b) Virtualized Packet Core – Distributed Instance Denial-of-Service Vulnerability cisco-sa-20170621-vpc (link is external)
    (c) WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities cisco-sa-20170621-wnrp (link is external)


  • Microsoft Windows GDI Component Object Memory Handling Errors (20 Jun 2017)

    Multiple information disclosure vulnerabilities exists in Microsoft Windows Graphics Component due to Windows kernel related to improper initialization of objects in memory or improper handling of objects in memory. A remote attacker could successfully exploit these vulnerabilities by running arbitrary code in kernel mode which could then allow attacker to install programs; view, change, or delete data; or create new accounts with full user rights. In order to exploit these vulnerabilities, a remote attacker would first have to log on to the system then run a specially crafted application that could exploit these vulnerabilities and take control of an affected system.
    Remediation: Apply appropriate patches as mentioned in Microsoft Security Bulletin.


  • Multiple Vulnerabilities in Microsoft Edge (20 Jun 2017)

    Multiple memory corruption vulnerabilities exists in Microsoft Edge due to improper handling of objects in memory. An attacker could exploit these vulnerabilities by convincing a user to open or visit a specially crafted web page. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code with the privileges of currently loggedin user.
    Remediattion: Apply appropriate patches as mentioned in Microsoft Security Guidance https://portal.msrc.microsoft.com/en-us/security-guidance


  • Adobe Shockwave Player Memory Corruption (20 Jun 2017)

    A memory corruption vulnerability has been discovered in Shockwave. This vulnerability is caused due to insufficient validation on the data inside "rcsL" atom which could be exploited by remote attacker to execute arbitrary code on affected system via a crafted DIR file. Successful exploitation of these vulnerabilities could allow a remote attacker to disclose sensitive information or execute arbitrary code on the targeted system with the context of the affected application.
    Remediation: Apply appropriate updates as mentioned in the Adobe Security Bulletin APSB17-18


  • Acronis True Image fails to update itself securely(19 Jun 2017)

  • IOT Botnets Targeting Vulnerable IP cameras (19 Jun 2017)

    Several malicious internet worms, targeting embedded/Internet of Things ("IoT") IP cameras of various OEM's spreads by scanning the public internet for devices running with insecure default credentials/ inherent security weaknesses is reported. A remote attacker can completely control the vulnerable device, can remotely control the camera operations, can view the video feeds, upload and download files from attacker controlled remote servers. Additionally these compromised devices can also be used for activities such as DDoS or other malicious activities leading to full loss of confidentiality, integrity and availability, depending on the actions of the attacker. These successors of IOT Mirai botnets [dubeed Persirai, TheMoon, DvrHelper, TheMoon, Hajime] leverage default-insecure user credentials, hidden functionalities, missing authorizations, command injection vulnerabilities, UPnP protocols, in the device firmware to own the devices and further spreading.
    Remediation: Review IOT devices [home Internet routers, DVRs, IP cameras] to ensure they support the latest security protocols and standards and disable older insecure protocols. (check the vendors websites for updates & patches).
    Run updates and contact manufacturers to confirm devices are patched with the latest software and firmware.
    Change the default OEM credentials and ensure that passwords meet the minimum complexity.
    Disable Universal Plug and Play (UPnP) unless absolutely necessary.
    Implement account lockout policies to reduce the risk of brute forcing attacks.
    Telnet and SSH should be disabled on device if there is no requirement of remote management.
    Configure VPN and SSH to access device if remote access is required.
    Configure certificate based authentication for telnet client for remote management of devices
    Implement Egress and Ingress filtering at router level.
    Unnecessary port and services should be stopped and closed.
    Logging must be enabled on the device to log all the activities.
    Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems.


  • ISC Releases Security Updates for BIND (16 Jun 2017)

    The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. An attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Samsung Magician fails to update itself securely (15 Jun 2017)

    Samsung Magician fails to securely check for and retrieve updates, which an allow an authenticated attacker to execute arbitrary code with administrator privileges.

  • Mozilla Releases Security Update (15 Jun 2017)

    Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Google Releases Security Updates for Chrome (15 Jun 2017)

    Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition.

  • Remote Code Execution Vaulunerability in Windows Graphics (14 Jun 2017)

    A Valunerability has been reported in Microsoft Windows Graphics which could allow remote attacker to execute a arbitrary code on the targeted system.

  • Multiple Vaulunerability in Microsoft Outlook (14 Jun 2017)

    Multiple Valunerabilities have been reported in microsoft Outlook which could allow an attacker to bypass security restriction and execute arbiratory code on the targeted system.

  • Information Disclosure Vaulunerability in Microsoft windows kernel (14 Jun 2017)

    Multiple Information Disclosure Valunerabilities have been reported in microsoft windows kernel which could allow a local authenticated user to gain access and disclose sensative information from the target system.

  • HPE SiteScope contains multiple vulnerabilities (13 Jun 2017)

    HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication.

  • Microsoft Releases June 2017 Security Updates (13 Jun 2017)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

  • Mozilla Releases Security Updates (13 Jun 2017)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Adobe Releases Security Updates (13 Jun 2017)

    Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Shockwave Player, Captivate, and Digital Editions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • PHIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure (13 Jun 2017)

  • CrashOverride Malware (13 Jun 2017)

  • Pandemic CIA Cybertool Infects Computers Through File Servers (9 Jun 2017)

  • NCIIPC alert on Judy malware (08 Jun 2017)

  • Rockwell Automation Security Vulnerability (06 Jun 2017)

    The purpose of this advisory is to bring attention to a recently discovered vulnerability to Rockwell Automation PanelView Plus 6 700-1500 graphic terminals and logic module products.
    Remediation: System administrators test and deploy the vendor released firmware updates that address this vulnerability at your earliest convenience:
    V7.00: Apply V7.00-20150209
    V8.00: Apply V8.00-20160418
    V8.10: Apply V8.10-20151026 or later
    V8.20: Apply V8.20-20160308 or later
    V9.00: Apply V9.00-20170328 or later

  • VMware Security Updates (06 Jun 2017)

    The purpose of this advisory is to bring attention to a security advisory released by VMware.
    Remediation: System administrators test and deploy the vendor released updates on affected platforms accordingly.


  • Google Releases Security Update for Chrome (06 Jun 2017)

    The stable channel has been updated to 59.0.3071.86 for Windows, Mac, and Linux.

2024 2023 2022 2021 2020 2019 2018 2017 2016