Security Bulletins

  more  xml  hide  
last updated: Thu, 29 Nov 2018 21:48:00 GMT


US-CERT: The United States Computer Emergency Readiness Team   more  xml  hide  
last updated: Thu, 13 Dec 2018 23:18:26 GMT

 Thu, 13 Dec 2018 20:06:49 +0000 WordPress Releases Security Update
Original release date: December 13, 2018

WordPress 5.0 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency (CISA), encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.0.1.


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 12 Dec 2018 22:00:33 +0000 Google Releases Security Updates for Chrome
Original release date: December 12, 2018

Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Chrome Releases page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 11 Dec 2018 21:11:28 +0000 Microsoft Releases December 2018 Security Updates
Original release date: December 11, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Microsoft’s December 2018 Security Update Summary and Deployment Information and apply the necessary updates.

 


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 11 Dec 2018 16:13:44 +0000 Mozilla Releases Security Updates for Firefox
Original release date: December 11, 2018

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 64 and Firefox ESR 60.4 and apply the necessary updates.

 


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 11 Dec 2018 16:10:16 +0000 Adobe Releases Security Updates
Original release date: December 11, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Adobe Security Bulletin APSB18-41 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



[logo] SecurityFocus Vulnerabilities   more  xml  hide  
last updated: Thu, 13 Dec 2018 23:21:37 GMT

 2018-12-13 Vuln: FreeBSD Network File System Multiple Security Vulnerabilities
FreeBSD Network File System Multiple Security Vulnerabilities
 2018-12-13 Vuln: Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities
Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities
 2018-12-13 Vuln: QEMU CVE-2018-16867 Directory Traversal Vulnerability
QEMU CVE-2018-16867 Directory Traversal Vulnerability
 2018-12-12 Vuln: phpMyAdmin CVE-2018-19968 Local File Include Vulnerability
phpMyAdmin CVE-2018-19968 Local File Include Vulnerability
  Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

[logo] Yahoo News - Latest News & Headlines   more  xml  hide  
last updated: Thu, 13 Dec 2018 23:19:44 GMT

 Thu, 13 Dec 2018 08:46:09 -0500 Trump denies directing lawyer to break law

Trump denies directing lawyer to break lawDonald Trump on Thursday denied directing his ex-lawyer Michael Cohen to break the law after the US president's longtime close ally was sentenced to three years for campaign finance violations and other crimes. "I never directed Michael Cohen to break the law. Pleading for leniency in a packed Manhattan courtroom before US District Court Judge William H. Pauley III, Cohen said he had been led astray by misplaced admiration for Trump.


 Tue, 11 Dec 2018 22:17:42 -0500 Michael Flynn's lawyers request no prison time, defend cooperation with Mueller team

Michael Flynn's lawyers request no prison time, defend cooperation with Mueller teamFlynn's lawyers defend cooperation with Robert Mueller; ask for no prison time


 Wed, 12 Dec 2018 08:38:10 -0500 Palestinians offer new details of Israel's botched Gaza raid

Palestinians offer new details of Israel's botched Gaza raidGAZA CITY, Gaza Strip (AP) — The small town of Abassan in the Gaza Strip is a tough place to infiltrate — everyone knows everyone else and outsiders passing through quickly attract attention. So when strangers drove through town, suspicious Hamas security men stopped the van and questioned those inside.


 Tue, 11 Dec 2018 18:55:34 -0500 Gunman kills at least two in French Christmas market and flees

Gunman kills at least two in French Christmas market and fleesWith France still on high alert after a wave of attacks commissioned or inspired by Islamic State militants since early 2015, the counter-terrorism prosecutor opened an investigation. Amid fast-moving, confusing scenes it was not clear if the suspect, identified by police as Strasbourg-born Chekatt Cherif, 29, had been cornered by commandos or had slipped the dragnet. "There was confusion initially but they locked the front doors pretty soon after the gunshots," said U.S. citizen Elizabeth Osterwisch, who was sheltering on the top floor of the Galeries Lafayette department store.


 Wed, 12 Dec 2018 16:38:23 -0500 May Survives Confidence Vote to Face Uphill Struggle in Brexit

May Survives Confidence Vote to Face Uphill Struggle in BrexitTheresa May survived an attempt to oust her as U.K. prime minister on Wednesday, but the size of the rebellion against her weakens her position at a critical time as she tries to steer the U.K. out of the European Union. May won a vote of confidence in her leadership of the Conservative Party, with Tory members of Parliament backing her by 200 to 117 in the secret ballot.


 Thu, 13 Dec 2018 06:32:14 -0500 Former Baylor fraternity president accused of rape is banned from graduation, University of Texas campus

Former Baylor fraternity president accused of rape is banned from graduation, University of Texas campusJacob Anderson, accused of sexually assaulting a 19-year-old student, has been banned from University of Texas at Dallas, but will receive a degree.


 Wed, 12 Dec 2018 08:59:21 -0500 US military identifies 5 dead in warplanes crash off Japan

US military identifies 5 dead in warplanes crash off JapanTOKYO (AP) — The U.S. military has identified five Marines who were declared dead after their refueling plane collided with a fighter jet last week off Japan's southern coast.


 Thu, 13 Dec 2018 11:58:03 -0500 Man quits his job with epic rant over the store's PA

Man quits his job with epic rant over the store's PAA disgruntled employee at a Canadian Walmart decided that he wasn’t going to


 Wed, 12 Dec 2018 20:04:05 -0500 At least $9bn in insurance claims from California fires

At least $9bn in insurance claims from California firesInsurance claims from the recent devastating California wildfires that killed at least 89 people and destroyed 19,000 homes and businesses have reached at least $9 billion, the state's insurance commissioner said Wednesday. "The devastating wildfires of 2018 were the deadliest and costliest wildfire catastrophes in California's history," said California Insurance Commissioner Dave Jones. Most of the insurance payouts -- some $7 billion -- concern the Camp Fire in Northern California, which wiped out the town of Paradise and killed 86 people, making it the deadliest wildfire in recent California history.


 Thu, 13 Dec 2018 00:58:35 -0500 Middle School Student Dumps Trump From His Name After Relentless Bullying

Middle School Student Dumps Trump From His Name After Relentless BullyingA middle school student in Delaware has been allowed to change his surname


 Wed, 12 Dec 2018 13:36:00 -0500 The Sources of Iranian Conduct

The Sources of Iranian ConductIranian policy remains the same despite the Trump administration's "maximum pressure."


 Wed, 12 Dec 2018 22:10:49 -0500 Lawmaker arrested for child cruelty says he spanked daughter

Lawmaker arrested for child cruelty says he spanked daughterSACRAMENTO, Calif. (AP) — A California lawmaker arrested on suspicion of child cruelty said Wednesday the allegation stemmed from spanking his 7-year-old daughter.


 Tue, 11 Dec 2018 18:43:09 -0500 Canadian court grants bail to CFO of China's Huawei

Canadian court grants bail to CFO of China's HuaweiA top executive of Chinese telecoms giant Huawei Technologies Co Ltd was granted bail on Tuesday while she awaits a hearing for extradition to the U.S.


 Wed, 12 Dec 2018 06:30:00 -0500 Introducing the 2019 AD100

Introducing the 2019 AD100


 Thu, 13 Dec 2018 16:03:04 -0500 Georgia Democrat Stacey Abrams, narrowly defeated in race for governor, says she will 'certainly' run again

Georgia Democrat Stacey Abrams, narrowly defeated in race for governor, says she will 'certainly' run againStacey Abrams, the Georgia Democrat who came up short in her bid to become the nation's first black woman governor, plans to run for office again.


 Wed, 12 Dec 2018 19:54:34 -0500 4th conviction in Los Angeles murder of Chinese student

4th conviction in Los Angeles murder of Chinese studentLOS ANGELES (AP) — A 21-year-old man was found guilty Wednesday of first-degree murder in the beating death of a University of Southern California graduate student from China.


 Tue, 11 Dec 2018 20:06:39 -0500 Washington says observation posts in place on Syria-Turkey border

Washington says observation posts in place on Syria-Turkey borderThe Pentagon announced Tuesday that American observation posts in northern Syria, meant to prevent altercations between the Turkish army and US-supported Kurdish militia, have been erected, despite Ankara's request to scrap the move. US support for the Kurdish People's Protection Units (YPG) has strained relations with Turkey, which fears the emergence of an autonomous Kurdish region on its southern border. "At the direction of Secretary (James) Mattis, the US established observation posts in the northeast Syria border region to address the security concerns of our NATO ally Turkey," Department of Defense spokesman Rob Manning said.


 Tue, 11 Dec 2018 20:59:22 -0500 President Donald Trump Says He's Not Worried About Getting Impeached

President Donald Trump Says He's Not Worried About Getting ImpeachedPresident Donald Trump shot down reports Tuesday that he was worried about


 Wed, 12 Dec 2018 23:25:02 -0500 Israeli woman hurt in Palestinian attack loses baby, gunman killed

Israeli woman hurt in Palestinian attack loses baby, gunman killedA baby who was delivered prematurely to an Israeli woman wounded in a Palestinian drive-by shooting in the occupied West Bank died in hospital on Wednesday, officials said, hours before the gunman was killed by pursuing Israeli forces. Shira Ish-Ran, seven months pregnant, her husband and five others were injured in Sunday's attack at a bus stop outside the Jewish settlement of Ofra in the occupied West Bank. "The security forces are in pursuit of the murderer." After he spoke, Israel's Shin Bet security service said troops operating near the West Bank city of Ramallah tried to arrest Omar al-Barghouthi, a Palestinian who was among suspects in the Ofra attack, but shot him dead when he tried to escape.


 Wed, 12 Dec 2018 20:10:06 -0500 Jailed former Venezuela oil minister dies in state custody

Jailed former Venezuela oil minister dies in state custodyCARACAS, Venezuela (AP) — Nelson Martinez, the jailed former head of Venezuela's state-run oil giant PDVSA who was arrested last year as part of anti-corruption purge, died in state custody Wednesday, authorities said.


 Wed, 12 Dec 2018 07:15:39 -0500 Indian girl seeks father's arrest over broken promise to build lavatory

Indian girl seeks father's arrest over broken promise to build lavatoryMillions of Indians do not have access to sanitation and open defecation is a problem, even in developed, industrial states. The girl, E. Hanifa Zaara, didn't want to go out in the open and won a promise from her father to build a lavatory indoors, said police officer A. Valarmathi. Prime Minister Narendra Modi's government has been pushing a campaign to build 100 million toilets over five years but the drive has not covered large parts of the country.


 Wed, 12 Dec 2018 10:39:12 -0500 Rep. Steve King makes Apple iPhone complaint to Google CEO, demands list of employees

Rep. Steve King makes Apple iPhone complaint to Google CEO, demands list of employees"Congressman, iPhone is made by a different company," Google CEO Sundar Pichai explained to the Republican Iowa lawmaker.


 Thu, 13 Dec 2018 11:41:00 -0500 Plot Thickens for Carlos Ghosn: Financial Charges Filed in Japan, But Renault Declares He Did Nothing Wrong in France

Plot Thickens for Carlos Ghosn: Financial Charges Filed in Japan, But Renault Declares He Did Nothing Wrong in FranceIn Japan, the former Nissan, Renault, and Mitsubishi chief faces as much as 10 years in prison, while Renault keeps him on as chairman and CEO after finding he did not break French finance laws.


 Wed, 12 Dec 2018 13:04:19 -0500 United Airlines expands in San Francisco with flights to Melbourne, New Delhi, Toronto

United Airlines expands in San Francisco with flights to Melbourne, New Delhi, TorontoUnited Airlines on Wednesday announced a major expansion at San Francisco International Airport, adding flights to Melbourne, New Delhi and Toronto.


 Wed, 12 Dec 2018 17:32:04 -0500 Turkey vows to take on US-backed Kurdish militia in Syria

Turkey vows to take on US-backed Kurdish militia in SyriaANKARA, Turkey (AP) — Turkey will launch a new military operation against U.S.-backed Kurdish fighters in Syria "within a few days," President Recep Tayyip Erdogan said Wednesday, a move likely to further strain ties between NATO allies Turkey and the United States.


 Wed, 12 Dec 2018 07:20:39 -0500 Irish police home in on classic car scam with four arrests

Irish police home in on classic car scam with four arrestsFour men were arrested during a Garda operation that targeted sellers of classic cars in County Limerick, Ireland – after evidence of deception was uncovered


 Tue, 11 Dec 2018 19:51:04 -0500 Trump Says He Would Meet Xi Again, Hails China Soybean Purchases

Trump Says He Would Meet Xi Again, Hails China Soybean PurchasesChina intends to announce this month a batch of U.S. soybean purchases, according to government officials, after the country’s imports of the product from American farmers plunged because of the trade conflict. Trump is in the midst of delicate negotiations with China after agreeing to a 90-day tariff truce with Xi at a Dec. 1 dinner in Buenos Aires.


 Thu, 13 Dec 2018 03:49:21 -0500 Alexandria Ocasio-Cortez Expertly Dismisses Kellyanne Conway Insult

Alexandria Ocasio-Cortez Expertly Dismisses Kellyanne Conway InsultRep.-elect Alexandria Ocasio-Cortez (D-N.Y.) has once again refused to ignore


 Wed, 12 Dec 2018 01:22:06 -0500 Pakistan rejects US rebuke on religious freedoms

Pakistan rejects US rebuke on religious freedomsISLAMABAD (AP) — Pakistan on Wednesday condemned a U.S. decision to add it to a list of nations that infringe on religious freedom, calling the move "unilateral and politically motivated."


 Thu, 13 Dec 2018 00:05:51 -0500 Beto O'Rourke tops new poll as possible Democratic nominee for 2020 Presidential run

Beto O'Rourke tops new poll as possible Democratic nominee for 2020 Presidential runAccording to the poll, the Texas Congressman beat out Sen. Bernie Sanders by less than one percent.


 Wed, 12 Dec 2018 22:58:02 -0500 Chinese state media urges Canada to defy U.S., free Huawei exec

Chinese state media urges Canada to defy U.S., free Huawei execSHANGHAI/BEIJING (Reuters) - Canada should distance itself from U.S. "hegemonism" and grant unconditional freedom to Meng Wanzhou, a top executive of China's Huawei detained in Vancouver on Washington's request, state-owned tabloid Global Times said in a Thursday editorial. Meng, the chief financial officer of Huawei Technologies, has been accused by U.S. prosecutors of misleading banks about transactions linked to Iran, putting the banks at risk of violating sanctions. The United States needs to make a formal extradition request within 60 days of her arrest, which a Canadian judge will weigh to determine whether the case against Meng is strong enough.


 Thu, 13 Dec 2018 08:19:37 -0500 Instant Pot’s biggest multi-cooker is still on sale at its Cyber Week price

Instant Pot’s biggest multi-cooker is still on sale at its Cyber Week priceThe Instant Pot DUO80 8 Qt 7-in-1 Multi-Use Programmable Pressure Cooker is the largest available version of Instant Pot's best-selling DUO line. This multi-use cooking machine does it all, but it typically comes with a hefty $140 price tag. With Christmas fast approaching, the price has been slashed by $40, dropping this insanely popular model back down to its Cyber Week sale price. If you don't already have a machine like this, you definitely need to snag one at a discount because it'll change your life. Here's more info from the product page: * Duo 8 Quart, the number 1 selling multi-cooker, combines 7 kitchen appliances in 1, Pressure Cooker, Slow Cooker, Rice Cooker, Steamer, Saute, Yogurt Marker and Warmer, prepares dishes up to 70% faster to support your busy lifestyle * Features 14 Smart Programs - Soup, Meat/Stew, Bean/Chili, Poultry, Saute/Simmer, Rice, Multigrain, Porridge, Steam, Slow Cook, Keep Warm, Yogurt, Manual, and Pressure Cook. Now, your favorite dishes are as easy as pressing a button * Healthy, stainless steel (18/8) inner cooking pot made from food grade 304, no chemical coating, 3-ply bottom for even heat distribution, fully sealed environment traps the flavours, nutrients and aromas within the food * Built with the latest 3rd generation technology, the microprocessor monitors pressure, temperature, keeps time, and adjusts heating intensity and duration to achieve your desired results every time * UL and ULC certified with 10 safety mechanisms to provide you with added assurance, designed to eliminate many common errors * Accessories include stainless steel steam rack with handles, rice paddle, soup spoon, measuring cup, condensation collector and recipe booklet * Power supply: 120V - 60Hz


 Tue, 11 Dec 2018 20:44:16 -0500 Lalanne Chairs, a Frank Lloyd Wright Urn, and a $2 Million Tiffany Lamp: The Best of This Week's Design Auctions

Lalanne Chairs, a Frank Lloyd Wright Urn, and a $2 Million Tiffany Lamp: The Best of This Week's Design Auctions


 Wed, 12 Dec 2018 06:01:08 -0500 Holiday tipping: Here's who you should include and how much you should give them

Holiday tipping: Here's who you should include and how much you should give themHow much should you tip your doorman, hairstylist and babysitter this holiday season? Here's a tipping guide.


 Thu, 13 Dec 2018 13:54:26 -0500 Maria Butina Admits Conspiring as Kremlin Agent Targeting GOP, NRA

Maria Butina Admits Conspiring as Kremlin Agent Targeting GOP, NRAThe 30-year-old gun enthusiast operated as a Kremlin agent as she befriended National Rifle Association leaders and influential U.S. conservatives, she admitted Thursday in federal court in Washington. “Butina sought to establish unofficial lines of communication with Americans having power and influence over U.S. politics,” prosecutor Erik Kenerson said at the hearing, reading from the government’s statement of facts.


 Wed, 12 Dec 2018 22:16:45 -0500 Kosovo tests Serbia with vote to build an army

Kosovo tests Serbia with vote to build an armyKosovo will vote Friday on whether to create its own army, in a heavily symbolic show of independence from Serbia that has inflamed tensions between the former wartime foes. Since breaking away from Belgrade in a guerilla war in the late 1990s, Kosovo has relied on NATO-led forces to guarantee its security. The measure is widely expected to pass as it draws support from all political parties in ethnic Albanian-majority Kosovo, except for a minority of ethnic Serb MPs who have boycotted the sessions.


 Wed, 12 Dec 2018 00:40:48 -0500 Italy's far-right minister visits Israel, drawing criticism

Italy's far-right minister visits Israel, drawing criticismJERUSALEM (AP) — One of Europe's most divisive political figures, Italian Interior Minister Matteo Salvini, opened his visit to Israel Tuesday with warm words of support for his hosts, condemning Hezbollah as a "terrorist" organization and denouncing rising waves of anti-Semitism in Europe.


 Wed, 12 Dec 2018 00:53:56 -0500 Stacey Abrams Says She’ll Run Again After Losing Fierce Battle For Georgia Governor

Stacey Abrams Says She’ll Run Again After Losing Fierce Battle For Georgia GovernorStacey Abrams is not done yet.


 Wed, 12 Dec 2018 17:15:48 -0500 UK PM wins confidence vote but rebels lay down marker

UK PM wins confidence vote but rebels lay down markerPrime Minister Theresa May survived a vote of confidence in her leadership on Wednesday but more than a third of lawmakers voted against her, underscoring the challenge she faces in getting her Brexit divorce deal through parliament. Here is some reaction to her survival: Pro-Brexit Conservative lawmaker Jacob Rees-Mogg: "It is a terrible result for the prime minister. "The prime minister must realize that under all constitutional norms she ought to go and see the Queen urgently and resign.


 Tue, 11 Dec 2018 18:18:54 -0500 Alaska moose poacher fined $100,000, sentenced to jail

Alaska moose poacher fined $100,000, sentenced to jailANCHORAGE, Alaska (AP) — An Alaska man who poached three moose and left most of the meat to rot has been sentenced to nine months in jail and fined more than $100,000.


 Wed, 12 Dec 2018 05:59:28 -0500 'Pegan' diets and foil pack dinners to trend in 2019: Pinterest

'Pegan' diets and foil pack dinners to trend in 2019: PinterestIn 2019, families will be baking their own bread and smearing it with batches of homemade jam. Searches for "homemade jam" rose +829 percent: A search for "homemade jam" on Pinterest yields row after row of mason jars filled with berry, stone fruit jams and jellies. Foil pack dinner +759 percent: Who needs plates anymore when you can cook an entire meal in envelopes of aluminum foil?


 Thu, 13 Dec 2018 14:32:35 -0500 Alaska Airlines to give priority boarding to people in ugly sweaters

Alaska Airlines to give priority boarding to people in ugly sweatersAlaska Airlines will let passengers wearing ugly sweaters board early on Friday, Dec. 21 in honor of National Ugly Holiday Sweater Day.


 Thu, 13 Dec 2018 16:54:27 -0500 AD and LIFEWTR Celebrate the Opening of The Haas Brothers: Ferngully at The Bass Museum of Art in Miami

AD and LIFEWTR Celebrate the Opening of The Haas Brothers: Ferngully at The Bass Museum of Art in Miami


 Thu, 13 Dec 2018 13:51:03 -0500 Michael Cohen Committed Crimes For Trump. A Woman Illegally Voted. Guess Who Got More Time.

Michael Cohen Committed Crimes For Trump. A Woman Illegally Voted. Guess Who Got More Time.One of these criminal sentences is not like the other.


 Wed, 12 Dec 2018 04:26:15 -0500 Huawei executive gets bail in case rattling China ties

Huawei executive gets bail in case rattling China tiesA Canadian court has granted bail to a top Chinese telecom company executive wanted in the United States, as diplomatic tensions turned to the detention of a former Canadian diplomat in Beijing. Meng Wanzhou, the chief financial officer of Huawei, was released on Can$10 million (US$7.5 million) bail on Tuesday in a case that has rattled relations between China, the United States and Canada. Meng, who faces a US extradition bid on charges related to alleged violations of Iran sanctions, was also ordered to surrender her passport and will be subjected to electronic monitoring.


 Wed, 12 Dec 2018 10:47:03 -0500 AP source: Biden to meet with family as he ponders 2020

AP source: Biden to meet with family as he ponders 2020Former Vice President Joe Biden is wrapping up a busy stretch of events this week before stepping out of the public eye to hold family deliberations over the holidays on whether to launch another campaign for president, according to multiple people familiar with his thinking.


 Tue, 11 Dec 2018 22:34:26 -0500 Modi's Terrible 24 Hours Boosts India Opponents Before 2019 Vote

Modi's Terrible 24 Hours Boosts India Opponents Before 2019 VoteFirst came the abrupt resignation on Monday night of Reserve Bank of India Governor Urjit Patel, which sent stock, bond and currency markets tumbling when they reopened on Tuesday. Then Modi’s Bharatiya Janata Party faced defeat in three key states that he carried in his 2014 national victory, in what amounts to his biggest political setback since taking office. “The results reveal the declining political stock of Narendra Modi going into the national elections,” said Katharine Adeney, director of University of Nottingham’s Asia Research Institute.


 Wed, 12 Dec 2018 19:58:50 -0500 Defying Trump, U.S. Senate advances measure to end support for Saudis in Yemen

Defying Trump, U.S. Senate advances measure to end support for Saudis in YemenEleven of Trump's fellow Republicans joined Democrats to provide the 60 votes needed to advance the war powers resolution in the Republican-led chamber. The nearly unprecedented break the 11 Republicans made from Trump was largely symbolic because the House of Representatives is not expected to take the matter up this year. Trump has threatened a veto.



Cisco Security Advisory   more  xml  hide  
last updated: Thu, 13 Dec 2018 22:58:40 GMT

 Thu, 13 Dec 2018 20:58:56 CST Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability
On November 1st, 2018, Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2018-16986.

The vulnerability is due to a memory corruption condition that may occur when processing malformed BLE frames. An attacker in close proximity to an affected device that is actively scanning could exploit the issue by broadcasting malformed BLE frames. A successful exploit may result in the attacker gaining the ability to execute arbitrary code or cause a denial of service condition on an affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap


Security Impact Rating: High
CVE: CVE-2018-16986
 Mon, 10 Dec 2018 18:27:03 CST Cisco Prime License Manager SQL Injection Vulnerability

Update (2018-December-10): Installing the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch may cause functional issues. Workarounds are available for some of these issues. Rolling back this patch as described in the Fixed Releases section will correct these functional issues, but the device will be affected by this vulnerability again when the patch is not in place. See the Fixed Releases section for details.


A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.

The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject


Security Impact Rating: Critical
CVE: CVE-2018-15441
 Wed, 05 Dec 2018 16:34:38 CST Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018

On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution of arbitrary code or modifications of files on the system. The issue is caused by a previously reported vulnerability of the Apache Commons FileUpload library, assigned to CVE-2016-1000031.

The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by submitting crafted data to an affected system. A successful exploit could allow the attacker to execute arbitrary code or manipulate files on the targeted system.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload


Security Impact Rating: Critical
CVE: CVE-2016-1000031
 Tue, 04 Dec 2018 16:00:00 CST Cisco Energy Management Suite Default PostgreSQL Password Vulnerability

A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data.

The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database.

The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory.

There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181204-ems-sql-passwrd


Security Impact Rating: Medium
CVE: CVE-2018-0468
 Tue, 27 Nov 2018 16:01:05 CST Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.

The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges.

While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

After an additional attack method was reported to Cisco, the previous fix for this vulnerability was determined to be insufficient. A new fix was developed, and the advisory was updated on November 27, 2018, to reflect which software releases include the complete fix.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection


Security Impact Rating: High
CVE: CVE-2018-15442

powered by zFeeder

Reload this page to check for the most recent news updates.

Please read our legal disclaimer for the use of this information.

Stay Secure
Axiom understands how vital the security of your data is to your organization. Please don't hesitate to contact us if you would like a professional assessment of your network infrastructure.
Home Axiom Advisor Security Bulletins