Saturday, November 17, 2018
Have I Been Pwned

Elasticsearch Sales Leads – 5,788,169 breached accounts

In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses. The data contained...
Have I Been Pwned

KnownCircle – 1,957,600 breached accounts

In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party. The data belonging to the now defunct service appeared in JSON format and...
F5 Networks

MySQL vulnerabilities CVE-2018-3276, CVE-2018-3277, CVE-2018-3278, CVE-2018-3279, and CVE-2018-3280

MySQL vulnerabilities CVE-2018-3276, CVE-2018-3277, CVE-2018-3278, CVE-2018-3279, and CVE-2018-3280. Security Advisory. ...
F5 Networks

MySQL vulnerabilities CVE-2018-3203, CVE-2018-3212, CVE-2018-3247, CVE-2018-3251, and CVE-2018-3258

MySQL vulnerabilities CVE-2018-3203, CVE-2018-3212, CVE-2018-3247, CVE-2018-3251, and CVE-2018-3258. Security Advisory. ...
F5 Networks

MySQL vulnerabilities CVE-2018-3282, CVE-2018-3283, CVE-2018-3284, CVE-2018-3285, and CVE-2018-3286

MySQL vulnerabilities CVE-2018-3282, CVE-2018-3283, CVE-2018-3284, CVE-2018-3285, and CVE-2018-3286. Security Advisory. ...
WMware

VMware and the Tianfu Cup PWN Contest

We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organisers...

Microsoft Releases November 2018 Security Updates

Original release date: November 13, 2018Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Microsoft’s...
Cisco

Cisco Small Business Switches Privileged Access Vulnerability

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account...
WMware

New VMware Security Advisory VMSA-2018-0028

Today, VMware has released the following new security advisory:   “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The...
MSRC

November 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.   More information about this month’s security updates can be found on the Security Update Guide. 

Adobe Releases Security Updates

Original release date: November 13, 2018Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and...
DHS

Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC

This advisory includes mitigations for an improper access control vulnerability in the Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products.
DHS

Siemens S7-400 CPUs

This advisory includes mitigations for improper input validation vulnerabilities in the Siemens S7-400 CPUs.
DHS

Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)

This advisory includes mitigations for a code injection vulnerability in the Siemens SIMATIC Panels software and SIMATIC WinCC (TIA Portal).
DHS

Siemens SCALANCE S

This advisory includes mitigations for a cross-site scripting vulnerability in Siemens' SCALANCE S security appliance.
DHS

Siemens SIMATIC S7

This advisory includes mitigations for a resource exhaustion vulnerability in Siemens' Simatic S7 controllers.
DHS

Siemens SIMATIC STEP 7 (TIA Portal)

This advisory includes mitigations for an unprotected storage of credentials vulnerability in Siemens' SIMATIC STEP 7 engineering software.
DHS

Siemens SIMATIC IT Production Suite

This advisory includes mitigations for an improper authentication vulnerability in Siemens' SIMATIC IT Production Suite software.
DHS

Siemens SIMATIC Panels

This advisory includes mitigations for path traversal and open redirect vulnerabilities in Siemens' SIMATIC panels.

Security Bulletins Posted

Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.