# SANS ISC

# threatpost.com

  • 7325597489 Mon, 22 Oct 2018 15:52:59 +0000
    The advent of 5G presents an opportunity for us to think the exploding number of IoT devices and how we securely connect to the digital world.
  • Obamacare Sign-Up Channel Breach Affects 75K Consumers Mon, 22 Oct 2018 15:41:32 +0000
    A hack targeted the Direct Enrollment pathway, which allows insurance agents and brokers to help consumers sign up for Affordable Care Act coverage.
  • lead oxide Mon, 22 Oct 2018 14:41:41 +0000
    A critical streaming bug impacts Live Networks LIVE555 RTSPServer, but not the popular VLC and MPLayer client-side software.
  • Two Critical RCE Bugs Patched in Drupal 7 and 8 Sat, 20 Oct 2018 17:09:46 +0000
    Drupal's advisory also included three patches for "moderately critical" bugs.
  • AWS FreeRTOS Bugs Allow Compromise of IoT Devices Fri, 19 Oct 2018 15:24:09 +0000
    The bugs let hackers crash IoT devices, leak their information, and completely take them over.
  • Arthropomata Fri, 19 Oct 2018 14:22:40 +0000
    Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise.
  • New APT Could Signal Reemergence of Notorious Comment Crew Thu, 18 Oct 2018 19:17:58 +0000
    A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew's proprietary code.
  • Tumblr Privacy Bug Could Have Exposed Sensitive Account Data Thu, 18 Oct 2018 15:19:23 +0000
    Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed.
  • 8328719465 Thu, 18 Oct 2018 15:08:31 +0000
    The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack.
  • Oracle Fixes 301 Flaws in October Critical Patch Update Wed, 17 Oct 2018 18:49:00 +0000
    The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.

# Reddit netsec

# Krebs On Security

  • Who Is Agent Tesla? Mon, 22 Oct 2018 19:55:32 +0000
    A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity -- attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware's apparent creator seems to have done little to hide his real-life identity.
  • Supply Chain Security 101: An Expert’s View Sat, 13 Oct 2018 01:03:12 +0000
    Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We  talked at length about many issues, including supply chain security, and I asked Sager whether he'd heard anything about rumors that Supermicro -- a high tech firm in San Jose, Calif. -- had allegedly inserted hardware backdoors in technology sold to a number of American companies.
  • 973-827-8661 Thu, 11 Oct 2018 07:34:56 +0000
    Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.

# Bruce Schneier's blog

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • Zziplib 0.13.62 discovered Denial Of Service Vulnerability Mon, 21 Aug 2017 00:00 UTC
    The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
  • Oracle Advanced Outbound Telephony component unauthorized Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    Oracle Advanced Outbound Telephony is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • 712-433-1828 Mon, 18 Sep 2017 00:00 UTC
    A local user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Core component to partially access and partially modify data
  • Oracle Knowledge Management 12.1.3 critical Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    Oracle Knowledge Management is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • 607-225-2635 Mon, 18 Sep 2017 00:00 UTC
    Oracle Marketing is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle One-to-one Fulfillment 12.2.6 HTTP Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    Oracle One-to-one Fulfillment is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Outside In Technology 8.5.3 suite Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    Oracle Outside In Technology is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Vm Virtualbox 5.0.30 products Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    A local user can exploit a flaw in the Oracle VM VirtualBox Shared Folder component to modify data and cause denial of service conditions
  • Pagekit 1.0.10 Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
  • Phpmyadmin 4.6.0 opened Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors.
  • Quagga 1.1.0 Overflow Vulnerability Mon, 18 Sep 2017 00:00 UTC
    Quagga is prone to a overflow vulnerability.This allows a remote attackers to execute arbitrary code via crafted packets and cause a denial of service (memory corruption)
  • Radare2 1.2.1 function Denial Of Service Overflow Vulnerability Mon, 18 Sep 2017 00:00 UTC
    The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have other impact via a crafted DEX file.
  • Revive Adserver 4.0.0 authenticated Cross Site Scripting Vulnerability Mon, 18 Sep 2017 00:00 UTC
    Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address..
  • Sophos Web Appliance 4.2.1.3 information Remote Code Execution Vulnerability Mon, 18 Sep 2017 00:00 UTC
    an issue in which users can block or unblock an IP address in a quarantine policy and inject a shell command
  • 724-543-3317 Mon, 18 Sep 2017 00:00 UTC
    The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
  • 8135590062 Mon, 18 Sep 2017 00:00 UTC
    Trend Micro Smart Protection Server is prone to a local code-execution vulnerability.This allows a local attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • 5099916093 Mon, 18 Sep 2017 00:00 UTC
    A local user on a NetBackup server can execute an arbitary command on the NetBackup server or cause the server to execute an arbitrary command on a connected NetBackup client. The command will execute with root/admin privileges.
  • 802-926-9394 Mon, 18 Sep 2017 00:00 UTC
    It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
  • Ysurac Flightairmap 1.0 WPO-Foundation Execute Code Cross Site Scripting Vulnerability Mon, 18 Sep 2017 00:00 UTC
    An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
  • Zziplib 0.13.62 heap Denial Of Service Overflow Vulnerability Mon, 18 Sep 2017 00:00 UTC
    Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.