Wednesday, November 14, 2018

Microsoft Releases November 2018 Security Updates

Original release date: November 13, 2018Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Microsoft’s...
Cisco

Cisco Small Business Switches Privileged Access Vulnerability

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account...
WMware

New VMware Security Advisory VMSA-2018-0028

Today, VMware has released the following new security advisory:   “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The...
MSRC

November 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.   More information about this month’s security updates can be found on the Security Update Guide. 

Adobe Releases Security Updates

Original release date: November 13, 2018Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and...
DHS

Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC

This advisory includes mitigations for an improper access control vulnerability in the Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products.
DHS

Siemens S7-400 CPUs

This advisory includes mitigations for improper input validation vulnerabilities in the Siemens S7-400 CPUs.
DHS

Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)

This advisory includes mitigations for a code injection vulnerability in the Siemens SIMATIC Panels software and SIMATIC WinCC (TIA Portal).
DHS

Siemens SCALANCE S

This advisory includes mitigations for a cross-site scripting vulnerability in Siemens' SCALANCE S security appliance.
DHS

Siemens SIMATIC S7

This advisory includes mitigations for a resource exhaustion vulnerability in Siemens' Simatic S7 controllers.
DHS

Siemens SIMATIC STEP 7 (TIA Portal)

This advisory includes mitigations for an unprotected storage of credentials vulnerability in Siemens' SIMATIC STEP 7 engineering software.
DHS

Siemens SIMATIC IT Production Suite

This advisory includes mitigations for an improper authentication vulnerability in Siemens' SIMATIC IT Production Suite software.
DHS

Siemens SIMATIC Panels

This advisory includes mitigations for path traversal and open redirect vulnerabilities in Siemens' SIMATIC panels.

Security Bulletins Posted

Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is...
F5 Networks

PHP vulnerability CVE-2018-17082

PHP vulnerability CVE-2018-17082. Security Advisory. Security Advisory Description. The Apache2 component in PHP before ...
MSRC

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of...

SB18-316: Vulnerability Summary for the Week of November 5, 2018

Original release date: November 12, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

VMware Releases Security Updates

Original release date: November 09, 2018VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the VMware...
F5 Networks

Apache Tomcat vulnerability CVE-2018-11759

Apache Tomcat vulnerability CVE-2018-11759. Security Advisory. Security Advisory Description. The Apache Web Server ...
Cisco

Cisco TelePresence Video Communication Server Test Validation Script Issue

A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco...
ZDNet

Dutch government report says Microsoft Office telemetry collection breaks GDPR

Microsoft pledges to address issues; has already released a "zero exhaust" Office telemetry setting.

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.
SC Magazine

‘DarkGate’ password-stealer could open up world of hurt for Windows users

Windows users in Europe are the target of a sophisticated new malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers. Named DarkGate by its developer, the malware is reportedly distributed...
The Security Ledger

Survey Finds Attacks Find Insecure IoT Devices

A survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints.  The post Survey Finds Attacks Find Insecure IoT Devices appeared first on The Security Ledger.Related StoriesNigerian ISP Hijacks...

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.