Security Bulletins

US-CERT: The United States Computer Emergency Readiness Team   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:49:06 GMT

 Sat, 18 Aug 2018 02:05:47 +0000 Apache Releases Security Updates for Tomcat Native
Original release date: August 17, 2018 | Last revised: August 18, 2018

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server.

NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 15 Aug 2018 17:48:46 +0000  Cisco Releases Security Updates
Original release date: August 15, 2018

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.  

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 15 Aug 2018 02:04:49 +0000 FBI Releases Guidance on Defending Against Travel Scams
Original release date: August 14, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against travel scams. FBI explains how scammers trick consumers with "free" vacation ploys. These offers may be fake or involve hidden fees. Legitimate companies will not ask prize winners to pay to claim their reward.

NCCIC encourages consumers to review the FBI Article, the Federal Trade Commission's Travel Tips, and NCCIC's Tip on Avoiding Social Engineering and Phishing Attacks for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 14 Aug 2018 23:16:25 +0000 VMware Releases Security Updates
Original release date: August 14, 2018 | Last revised: August 15, 2018

VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information.

NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020, VMSA-2018-0021, and VMSA-2018-0022 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 14 Aug 2018 22:23:46 +0000 Samba Releases Security Updates
Original release date: August 14, 2018

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, and CVE-2018-1140 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



[logo] SecurityFocus Vulnerabilities   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:41:53 GMT

 2018-08-18 Vuln: Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
 2018-08-17 Vuln: Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
 2018-08-16 Vuln: Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
 2018-08-16 Vuln: Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
  Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

[logo] Yahoo News - Latest News & Headlines   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:49:08 GMT

 Thu, 16 Aug 2018 19:49:41 -0400 Catholics On Twitter Call For Drastic Reform After Pennsylvania Sexual Abuse Report

Catholics On Twitter Call For Drastic Reform After Pennsylvania Sexual Abuse ReportPennsylvania's newly released grand jury report on clerical sexual abuse


 Thu, 16 Aug 2018 22:56:13 -0400 Judge says Trump campaign screwed up on wording of confidentiality agreements

Judge says Trump campaign screwed up on wording of confidentiality agreementsA Manhattan judge issued a ruling on Thursday that thwarts the Trump campaign’s attempts to keep a lawsuit out of open court.


 Fri, 17 Aug 2018 10:10:44 -0400 Bodies of missing Colorado girls allegedly killed by dad found in oil and gas tanks: report

Bodies of missing Colorado girls allegedly killed by dad found in oil and gas tanks: reportThe bodies of two missing Colorado girls who disappeared along with their


 Fri, 17 Aug 2018 21:20:33 -0400 Ryan Zinke Would 'Sell His Grandkids For Big Oil,' Says Washington Governor

Ryan Zinke Would 'Sell His Grandkids For Big Oil,' Says Washington GovernorWashington Gov. Jay Inslee slammed Ryan Zinke's record on the environment


 Fri, 17 Aug 2018 06:33:22 -0400 Yazidi 'ex-sex slave' trapped both in Iraq and in German exile

Yazidi 'ex-sex slave' trapped both in Iraq and in German exileA young Yazidi woman who fled to Germany but returned home to northern Iraq says she cannot escape her Islamic State group captor who held her as a sex slave for three months. Ashwaq Haji, 19, says she ran into the man in a German supermarket in February. Traumatised by the encounter, she returned to Iraq the following month.


 Thu, 16 Aug 2018 20:14:52 -0400 California high court rules for immigrant kids in visa fight

California high court rules for immigrant kids in visa fightSAN FRANCISCO (AP) — The California Supreme Court on Thursday made it easier for some immigrant children who are abused or abandoned by a parent to seek a U.S. visa to avoid deportation in a ruling that advocates said would help thousands of children.


 Fri, 17 Aug 2018 12:25:00 -0400 22 Pumpkin Bars That Will Make You Forget All About Pie

22 Pumpkin Bars That Will Make You Forget All About Pie


 Thu, 16 Aug 2018 22:51:14 -0400 China sacks top official over vaccine scandal, firm may de-list

China sacks top official over vaccine scandal, firm may de-listChina has sacked a senior provincial official and is probing a former top drug regulator after a safety scandal at vaccine maker Changsheng Biotechnology Co Ltd, which again warned it could be delisted over the scandal. The company was accused in July of falsifying data for a rabies vaccine and manufacturing an ineffective vaccine for babies, sparking widespread consumer anger. While there were no known reports of people being harmed by the vaccines, regulators ordered Changsheng to halt their production and recall the rabies vaccine.


 Sat, 18 Aug 2018 09:22:10 -0400 2 Shot During High School Football Game in Florida

2 Shot During High School Football Game in FloridaAuthorities say both victims are hospitalized with one in critical condition


 Thu, 16 Aug 2018 21:24:12 -0400 Satanic Temple's Baphomet Raises Hell Over Religious Freedom In Arkansas

Satanic Temple's Baphomet Raises Hell Over Religious Freedom In ArkansasMembers and supporters of the Satanic Temple wheeled a statue of winged, goat-


 Fri, 17 Aug 2018 12:20:17 -0400 Trump says he may revoke another security clearance 'very quickly'

Trump says he may revoke another security clearance 'very quickly'President Trump on Friday suggested that he is close to revoking the security clearance of a current Justice Department employee who had been in contact with author of the controversial dossier alleging ties between Trump and Russia.


 Fri, 17 Aug 2018 12:32:12 -0400 Body language expert analyzes Christopher Watts' behavior before arrest in deaths of wife, kids

Body language expert analyzes Christopher Watts' behavior before arrest in deaths of wife, kidsA body language expert has weighed in on the demeanor of Christopher Watts as


 Fri, 17 Aug 2018 14:49:37 -0400 Remains of wife, two young daughters found in Colorado murder case

Remains of wife, two young daughters found in Colorado murder caseThe husband and father, Chris Watts, was arrested on suspicion he killed his family.


 Fri, 17 Aug 2018 18:00:41 -0400 Immigrant Dads Say ICE Separated Them From Their Kids Again With No Explanation

Immigrant Dads Say ICE Separated Them From Their Kids Again With No ExplanationSixteen migrant fathers who had previously been separated from and then


 Sat, 18 Aug 2018 13:23:57 -0400 Ghana mourns Annan, grandson of tribal chiefs to UN chief

Ghana mourns Annan, grandson of tribal chiefs to UN chiefACCRA, Ghana (AP) — Streets were hushed as the West African nation of Ghana on Saturday mourned Kofi Annan, the grandson of tribal chiefs who became the first black African to assume the world's top diplomatic post.


 Fri, 17 Aug 2018 16:44:16 -0400 Tesla shares tumble after Musk interview sparks fresh fears

Tesla shares tumble after Musk interview sparks fresh fearsTesla shares took a pounding Friday amid fresh fears about the future of the electric carmaker after a wide-ranging interview with chief executive Elon Musk in which he revealed his struggles with exhaustion and a lengthy but unsuccessful effort to find a number two executive. In closing trade, Tesla shares skidded 8.9 percent to $305.50 following the publication of the interview with The New York Times. Musk opened up to the newspaper about the personal toll he says he has endured, working marathon hours trying to ensure that deadlines are met, with Tesla ramping up production of its crucial Model 3 sedan.


 Fri, 17 Aug 2018 20:02:20 -0400 Taiwan's president lauds Belize amid dwindling support

Taiwan's president lauds Belize amid dwindling supportBefore a joint session of Congress and Prime Minister Dean Barrow, Tsai said, "At a time of great political pressure against Taiwan's international space, you have spoken for the rights and obligations of Taiwan as a member of the international community." Belize is one of 18 countries that still recognize Taiwan. Belize receives financial aid from Taiwan for scholarships, agriculture and healthcare.


 Fri, 17 Aug 2018 05:45:17 -0400 Socialists Need To Fight For Economic Change -- Not Just Another Version Of Capitalism

Socialists Need To Fight For Economic Change -- Not Just Another Version Of Capitalism"Socialism" has become the new political buzzword. Sen. Bernie Sanders (I-Vt.)


 Fri, 17 Aug 2018 17:43:15 -0400 Alex Jones Destroyed Evidence In Sandy Hook Defamation Cases, Motion Says

Alex Jones Destroyed Evidence In Sandy Hook Defamation Cases, Motion SaysAlex Jones, the conspiracy theory-peddling host of Infowars, deleted evidence


 Fri, 17 Aug 2018 05:00:37 -0400 The secret Soviet organization that explains what Russia is doing today

The secret Soviet organization that explains what Russia is doing todayRussian attempts to dupe, confuse or weaken the West date back at least to the early decades of the 20th century. An outfit called the Cheka charted a course that’s still being followed today.


 Thu, 16 Aug 2018 17:57:45 -0400 Police say remains are 'consistent' with missing Iowa boy

Police say remains are 'consistent' with missing Iowa boyLA PORTE CITY, Iowa (AP) — Human remains recovered from a creek this week are believed to be those of a 16-year-old autistic boy who vanished from his small Iowa hometown in April, authorities said Thursday.


 Fri, 17 Aug 2018 07:29:03 -0400 Murdered Colorado Mother Called Husband 'the Best Dad Us Girls Could Ask For' in Facebook Posts

Murdered Colorado Mother Called Husband 'the Best Dad Us Girls Could Ask For' in Facebook PostsHer husband Christopher is accused of killing her and their two daughters


 Thu, 16 Aug 2018 17:41:15 -0400 Child's Remains Found At New Mexico Compound Identified As Missing Georgia Boy

Child's Remains Found At New Mexico Compound Identified As Missing Georgia BoyNew Mexico authorities Thursday said the remains found Aug. 6 at a makeshift


 Fri, 17 Aug 2018 16:30:14 -0400 7 Family Members Killed in Horrendous Crash in Oregon

7 Family Members Killed in Horrendous Crash in OregonThe Oregon family was on its way to a Vegas vacation when their SUV was hit head-on.


 Fri, 17 Aug 2018 12:02:29 -0400 Elon Musk Unloads On 'Excruciating' Year As Tesla Stock Drops

Elon Musk Unloads On 'Excruciating' Year As Tesla Stock DropsAnyone can see that Elon Musk has been having a rough year.


 Fri, 17 Aug 2018 06:59:14 -0400 Atlantia to hold board meetings after Genoa bridge disaster: source

Atlantia to hold board meetings after Genoa bridge disaster: sourceItalian toll-road group Atlantia has called special board meetings next week to discuss the deadly collapse of a bridge it operates in Genoa, a source said on Friday. Autostrade per l'Italia, the Atlantia unit that manages the stretch of motorway in northern Italy where the bridge is located, is expected to hold a board meeting on Tuesday while the Benetton-backed parent company will hold its own meeting on Wednesday, the source said. A series of technical and legal issues will be presented to Atlantia and Autostrade board members next week, according to the source .


 Sat, 18 Aug 2018 09:05:19 -0400 'Era of Trump': how Republicans are banking on the president to drive midterm gains

'Era of Trump': how Republicans are banking on the president to drive midterm gainsPolling has shown that the Republican base is still overwhelmingly in favor of Trump. On another night of critical primaries in advance of the midterm elections, another establishment Republican was beaten by an outsider sounding a Trumpian tone. This week, it was former Minnesota governor Tim Pawlenty’s turn to grapple with a party that no longer has room for his kind.


 Thu, 16 Aug 2018 20:41:38 -0400 Chinese plane slides off Manila runway causing flight delays

Chinese plane slides off Manila runway causing flight delaysA Chinese passenger jet slid off the runway as it landed at Manila airport in torrential rain forcing dozens of flight cancellations on Friday, as engineers struggled to remove the stricken aircraft. The Xiamen Airlines plane, carrying 157 passengers and eight crew, landed on its second attempt before skidding onto the grass and ripping off its left engine late Thursday evening, airport general manager Ed Monreal said. All on board were safely evacuated from the aircraft with no serious injuries.


 Thu, 16 Aug 2018 23:26:46 -0400 565 Migrant Children Remain Separated From Families 3 Weeks Past Judge's Deadline

565 Migrant Children Remain Separated From Families 3 Weeks Past Judge's DeadlineOnly a small fraction of the nearly 600 migrant children reported to still be


 Thu, 16 Aug 2018 19:36:05 -0400 Four planes make emergency landings in Chile and Peru after bomb threats: authorities

Four planes make emergency landings in Chile and Peru after bomb threats: authoritiesBy Felipe Iturrieta and Aislinn Laing SANTIAGO (Reuters) - Four planes were forced to make emergency landings in Chile and Peru on Thursday due to bomb threats issued to the Chilean Civil Aviation Authority, it said in a statement. Two of the planes were operated by LATAM Airlines and two by Sky, a low-cost Chilean airline, the aviation authority said. The planes were undergoing checks of passengers, baggage, and their cabins and holds by police and airport security, it said. (Reporting by Aislinn Laing and Felipe Iturrieta, Editing by Rosalba O'Brien)


 Thu, 16 Aug 2018 21:20:42 -0400 New Horrifying Details Released About Fire Tornado That Killed California Firefighter

New Horrifying Details Released About Fire Tornado That Killed California FirefighterThe fire tornado shot glass into one of the firefighter's eyes


 Thu, 16 Aug 2018 21:07:37 -0400 The Latest: Searchers find bodies of 2 young Colorado girls

The Latest: Searchers find bodies of 2 young Colorado girlsFREDERICK, Colo. (AP) — The Latest on the arrest of a Colorado man in the disappearance of his family (all times local):


 Fri, 17 Aug 2018 18:56:35 -0400 Girl who pushed friend off bridge charged

Girl who pushed friend off bridge charged18-year-old Taylor Smith was charged with reckless endangerment for pushing her friend off a 60-foot-bridge.


 Fri, 17 Aug 2018 00:59:00 -0400 Tucker Carlson's Taco Tantrum: 'It’s An American Food! ... Those Are My Tacos. Mine!'

Tucker Carlson's Taco Tantrum: 'It’s An American Food! ... Those Are My Tacos. Mine!'Tucker Carlson likes his tacos to be American.


 Fri, 17 Aug 2018 09:09:00 -0400 Elon Musk Is Using Ambien to Push Through Tesla Model 3 Pressure

Elon Musk Is Using Ambien to Push Through Tesla Model 3 PressureMusk also dismissed ideas that his private Tesla offer was not serious.


 Fri, 17 Aug 2018 14:12:57 -0400 A Jury Is Deciding Paul Manafort's Fate. Then It's Donald Trump's Turn.

A Jury Is Deciding Paul Manafort's Fate. Then It's Donald Trump's Turn.WASHINGTON ― As jurors in Alexandria, Virginia, deliberate in the tax and bank


 Thu, 16 Aug 2018 19:19:51 -0400 New York University makes tuition free for all medical students

New York University makes tuition free for all medical studentsNew York University said Thursday it would offer all its current and future medical school students free tuition in an effort to tackle soaring debt levels and encourage more applicants. It does not cover living and administrative costs averaging $27,000 a year. "A population as diverse as ours is best served by doctors from all walks of life, we believe, and aspiring physicians and surgeons should not be prevented from pursuing a career in medicine because of the prospect of overwhelming financial debt," said Dr. Robert Grossman, dean of the NYU School of Medicine.


 Fri, 17 Aug 2018 15:51:06 -0400 Officials Defend Plan To Close Almost All Polling Places In Majority Black Georgia County

Officials Defend Plan To Close Almost All Polling Places In Majority Black Georgia CountyElection officials in a rural southwest Georgia county are defending a plan to


 Fri, 17 Aug 2018 11:22:02 -0400 3M to pay $9.1 million over defective military ear plugs

3M to pay $9.1 million over defective military ear plugsThe 3M Co. has agreed to pay $9.1 million to settle allegations it knowingly sold defective combat ear plugs to the U.S. military without disclosing defects that limited the effectiveness of the hearing protection devices, the U.S. Justice Department said on Thursday. A settlement frees 3M from the inconvenience of a long investigation and litigation, it said. The 3M payment settles allegations that 3M and its predecessor, Aearo Technologies Inc., knew the ear plugs it sold the military were too short for proper insertion into the users' ears and could loosen and not perform effectively in some people, the Justice Department said.


 Fri, 17 Aug 2018 11:10:49 -0400 Top 10 American car shows revealed

Top 10 American car shows revealedThe readers of the USA Today newspaper have voted on the best car shows in America, ranging from classics to vans. Here are the results…


 Fri, 17 Aug 2018 18:43:38 -0400 Will other states follow Pennsylvania on church abuse?

Will other states follow Pennsylvania on church abuse?HARRISBURG, Pa. (AP) — Attorneys general around the U.S. have been largely silent this week about any plans to conduct an investigation like Pennsylvania's that uncovered widespread child sexual abuse in six Roman Catholic dioceses, although New York's top prosecutor is an exception, saying she is exploring teaming up with the local district attorneys.


 Fri, 17 Aug 2018 11:04:55 -0400 Don't worry, your cereal probably won't poison you with pesticides

Don't worry, your cereal probably won't poison you with pesticidesIt may seem like an alarmist local news story to declare your breakfast could kill you, but a new independent study claims that some of your favorite cereals could contain unsafe levels of a chemical used in a popular weed killer. The report, from the Environmental Working Group (EWG), was published online Wednesday and outlines the levels of the chemical glyphosate they found in various breakfast cereals and snacks.  Glyphosate is the major ingredient in the herbicide RoundUp and one at the center of an ongoing tug-of-war.   The World Health Organization (WHO) has ruled the chemical is "probably carcinogenic to humans," and the state of California has categorized it as a chemical linked to cancer. Meanwhile, in late 2017, the EPA concluded an assessment that declared "glyphosate is not likely to be carcinogenic to humans. And its with that intersection in mind that one has to look upon the new EWG report — which wasn't peer reviewed by independent scientists — with quite a bit of scrutiny. EWG versus the EPA For the study, the EWG tested dozens of samples, looking for levels of glyphosate that were above 160 pars per billion (ppb)/0.16 mg, which the organization considers the upper range of safe levels of the chemical for children to be exposed to. You can see their full results here but a few items stand out: Quaker Dinosaur Eggs, Brown Sugar, Instant Oatmeal had readings of 620 ppb/0.62 mg and 780 ppb/0.78 mg. Cheerios Toasted Whole Grain Oat Cereal had readings of 470 ppb/0.47 mg, 490 ppb/0.49 mg, and 530 ppb/0.53 mg. Quaker Old Fashioned Oats had readings of 390 ppb/0.39 mg, 1100 ppb/1.1 mg, and 1300 ppb/1.3 mg.  Those numbers seem not so great — if you use the EWG's threshold.  But the Environmental Protection Agency (EPA) sets a much higher bar for how much glyphosate is safe for a person. According to a 1993 EPA report, the safe exposure level could be as high as 2 mg a day, well above any of the rates that the EWG uncovered in their studies.  For what it's worth, The Guardian recently published a report showing that the FDA has been investigating the use of glyphosate for years but has yet to issue any public findings.  The ongoing research into glyphosate is important because It's a hugely popular pesticide, with hundreds of millions of gallons being used on U.S. crops each year. And, per The Guardian's report, "the FDA has had trouble finding any food that does not carry traces of the pesticide."  Not that eating pesticides is a great thing, but the large discrepancies between the EPA numbers and the EWG numbers can be confusing for consumers trying to determine how much, exactly, is still safe. "Finding glyphosate in food is residue," Kaitlin Stack Whitney, an environmental studies scholar, said in an interview. "Residue limits are a subset of exposure limits as eating pesticides residue is one route of potential exposure." "So finding non-zero amounts isn't unexpected; it's's planned for and limited under current law," Stack Whitney, who also worked as a staff biologist for the EPA, added. There's also the issue of "spray drift," as Stack Whitney notes, pointing to EWG finding traces of the chemical on products labeled organic likely due to some of the pesticide drifting to those organic crops on the wind.  "The current pesticide review process struggles to account for this because agencies can't know what anyone and everyone's neighbors may grow and which chemicals they may apply," she said.  "So whether residues are from direct application or drift is critical to understanding how to address if you think the amount is unsafe." A question of methodology For Lori Hoepner, an assistant professor in the Department of Environmental and Occupational Health Sciences at the State University of New York Downstate Medical Center, it's about methodology.  She notes that "it's hard enough to have consensus among scientists when you're talking about using the same methods."  "So to go from something that would determine the limit of exposure, and try to extend that information to telling consumers about what it means to find glyphosate in their food, I think it can be perceived as something of a stretch," Hoepner said. Noting that she's familiar with the EWG's work and has vouched for them as a good resource for consumers, Hoepner still expressed some reservations about they way they presented their work for this study.  "It always concerns me when science is presented in a way that is not peer-reviewed, doesn't have the oversight of additional researchers who can validate or question the method." Stack Whitney echoed Hoepner's sentiment:  "[The EWG] study is like a white paper or other reports from think tanks, well researched and written but not peer reviewed. It would be useful to review their actual data and methods but those aren't available." Hoepner also wanted to see more about how they took their samples.  "What was their method? Was it randomized? Was it all from one box? How many different boxes were used? Where did they buy them?" Hoepner said. Noting the wide ranges in some of the results, Hoepner says, "that definitely creates a question mark in my mind for validity." The corporations defend their products As for the companies identified in the study, they're standing by the quality of their products.  A statement sent via email from the Quaker brand maintained the brand's stance they're products are perfectly safe and included a passage that denied the use of glyphosate in the making of their products. A spokesperson for General Mills, producers of Cheerios, echoed this sentiment in a statement. Corporate behemoth Monsanto, which produces RoundUp, has been under fire lately for the chemical, including a recent California verdict that ordered the company to pay $289 million to a school groundskeeper who claimed his constant and prolonged exposure to the chemical was to blame for him developing non-Hodgkin’s lymphoma.  In the wake of the EWG's report, Monsanto posted a rebuttal on their website accusing the EWG of "publicizing misleading information." Additionally, in an email exchange, a spokesperson for Monsanto highlighted this portion: Additionally, Monsanto Vice President Scott Partridge told the New York Times in response to EWG study, “[The EWG] have an agenda. They are fear mongering. They distort science.” For consumers, there's no right or wrong answer at the moment. While buying different brands may seem like an option, the prevalence of the pesticides used makes it nearly impossible to completely avoid.  The opposing sets of data can only sow more confusion and consumers are left to decide who they trust more: groups like the EWG, government agencies like the EPA, or corporations.  WATCH: Here's how long fruits and vegetables are stored before you buy them at the store


 Thu, 16 Aug 2018 18:58:05 -0400 Long-Lost U.S. WWII 'Dakota' Plane Found in Melting Swiss Glacier

Long-Lost U.S. WWII 'Dakota' Plane Found in Melting Swiss GlacierThe European heat wave helped uncover the wreckage in the Bernese Alps.


 Fri, 17 Aug 2018 05:16:28 -0400 Passenger films Xiamen Airlines flight overshooting runway

Passenger films Xiamen Airlines flight overshooting runwayA Xiamen Air flight veers off a rain-soaked runway when it lands in Manila's main airport, which causes widespread disruptions to flights. No reporter narration.


 Fri, 17 Aug 2018 09:41:02 -0400 Donald Trump's Postponed Military Parade Is Turned Into A Mocking Meme

Donald Trump's Postponed Military Parade Is Turned Into A Mocking MemeThe brakes have been put on President Donald Trump's idea for a military


 Fri, 17 Aug 2018 02:12:00 -0400 Elon Musk repeatedly breaks down in interview as he admits taking pills to sleep and explains bizarre Tesla tweet

Elon Musk repeatedly breaks down in interview as he admits taking pills to sleep and explains bizarre Tesla tweetElon Musk repeatedly broke down in an interview in which he attempted to explain some of his recent strange behaviour. The Tesla boss has admitted to taking pills to sleep and that he has had a difficult year, alternating between laughter and crying as he did. Mr Musk made the revelations in an interview with the New York Times that appeared to have been organised primarily to address the controversy around a recent tweet he posted about Tesla.


 Sat, 18 Aug 2018 08:00:23 -0400 World Leaders Opt For China's Money Over The Rights Of 1 Million Jailed Muslims

World Leaders Opt For China's Money Over The Rights Of 1 Million Jailed MuslimsWASHINGTON ― Now that United Nations experts have endorsed widespread reports


 Fri, 17 Aug 2018 15:16:36 -0400 Trump defends ex-aide Manafort as jury weighs verdict

Trump defends ex-aide Manafort as jury weighs verdictIn remarks to reporters at the White House, Trump again called Mueller's investigation, which had cast a cloud over his presidency, a "rigged witch hunt," but sidestepped a question about whether he would issue a presidential pardon for Manafort. The jurors met for about seven hours on Thursday without reaching a verdict on 18 criminal counts with which Manafort is charged. As president, Trump has the power to pardon Manafort on the federal charges.


 Fri, 17 Aug 2018 01:00:00 -0400 How America's Old-School Battleships Got Revenge for Pearl Harbor

How America's Old-School Battleships Got Revenge for Pearl HarborOn the American battleships, the young sailors marveled that despite a night of sound and fury their battleships had suffered nothing. They were all alive to greet the new day. The loudspeakers blared, “Now hear this. Secure from general quarters. Set torpedo defense watch.”


 Thu, 16 Aug 2018 21:45:59 -0400 US police officer uses Taser on woman, 87

US police officer uses Taser on woman, 87A US police chief has defended the use of a Taser on an 87-year-old grandmother cutting dandelions near her home in the southern state of Georgia. The incident occurred last Friday when a youth club worker called 911 after spotting Martha Al-Bishara, who does not speak English, using a knife to cut dandelions in the club's grounds near her home. Responding to the scene, police in Chatsworth, around 85 miles (135 kilometers) north of Atlanta, stunned her with a Taser and handcuffed her after she failed to follow instructions to drop the knife.



Cisco Security Advisory   more  xml  hide  
last updated: Sat, 18 Aug 2018 21:41:55 GMT

 Fri, 17 Aug 2018 20:17:13 CDT CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault (L1TF) that affects modern Intel microprocessors. These vulnerabilities could allow an unprivileged, local attacker, in specific circumstances, to read privileged memory belonging to other processes.

The first vulnerability, CVE-2018-3615, affects Intel SGX technology and is referred to by the researchers who discovered it as foreshadow. This vulnerability is not known to affect any Cisco devices as the Cisco devices do not utilize Intel SGX technology.

The second vulnerability, CVE-2018-3620, and the third vulnerability, CVE-2018-3646, are referred to as L1 Terminal Fault attacks by Intel. These two vulnerabilities affect multi-core processors that leverage Intel Hyper-Threading technology supporting Operating System, System Management Mode, and Virtualized workloads. Like the previously disclosed Spectre vulnerabilities, all three new vulnerabilities leverage cache-timing attacks to infer any disclosed data.

To exploit any of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector from which to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.

A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as the operating system or hypervisor, is patched against the vulnerabilities in question.

Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. See the Affected Products section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.

Cisco will release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel


Security Impact Rating: Medium
CVE: CVE-2018-3615,CVE-2018-3620,CVE-2018-3646
 Thu, 16 Aug 2018 14:14:21 CDT Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series, IP Phone 8800 Series, and Wireless IP Phone 8821 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone.

The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos


Security Impact Rating: Medium
CVE: CVE-2018-0325
 Thu, 16 Aug 2018 13:48:18 CDT Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system.

Cisco has released software updates that address this vulnerability. For information about affected and fixed software releases, consult the Cisco bug IDs in the Vulnerable Products table.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
Security Impact Rating: Medium
CVE: CVE-2016-5195
 Wed, 15 Aug 2018 19:27:12 CDT Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.

The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
Security Impact Rating: High
CVE: CVE-2018-0296
 Wed, 15 Aug 2018 16:00:00 CDT Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-asr-ptp-dos


Security Impact Rating: Medium
CVE: CVE-2018-0418

powered by zFeeder

Reload this page to check for the most recent news updates.

Please read our legal disclaimer for the use of this information.

Stay Secure
Axiom understands how vital the security of your data is to your organization. Please don't hesitate to contact us if you would like a professional assessment of your network infrastructure.
Home Axiom Advisor Security Bulletins