Security Bulletins

US-CERT: The United States Computer Emergency Readiness Team   more  xml  hide  
last updated: Sat, 20 Oct 2018 07:28:22 GMT

 Sat, 20 Oct 2018 00:13:52 +0000 NCSC Releases 2018 Annual Review
Original release date: October 19, 2018

The United Kingdom's (UK) National Cyber Security Centre (NCSC) has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC provides enhanced services to protect the UK against cybersecurity threats.

NCCIC encourages users and administrators to review NCSC’s 2018 Annual Review for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


 Fri, 19 Oct 2018 21:43:54 +0000 libssh Releases Security Updates
Original release date: October 19, 2018

libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the libssh Security Release for additional information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 Fri, 19 Oct 2018 21:09:53 +0000 Microsoft Releases Security Update for Yammer
Original release date: October 19, 2018

Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


 Thu, 18 Oct 2018 22:00:21 +0000 Drupal Releases Security Updates
Original release date: October 18, 2018

Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 17 Oct 2018 18:53:23 +0000 Cisco Releases Security Updates
Original release date: October 17, 2018

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



[logo] SecurityFocus Vulnerabilities   more  xml  hide  
last updated: Sat, 20 Oct 2018 07:13:07 GMT

 2018-10-19 Vuln: cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
 2018-10-19 Vuln: Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
 2018-10-19 Vuln: Apache Struts CVE-2016-1182 Security Bypass Vulnerability
Apache Struts CVE-2016-1182 Security Bypass Vulnerability
 2018-10-19 Vuln: OpenSSL CVE-2018-0732 Denial of Service Vulnerability
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
  Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

[logo] Yahoo News - Latest News & Headlines   more  xml  hide  
last updated: Sat, 20 Oct 2018 07:28:23 GMT

 Thu, 18 Oct 2018 17:13:44 -0400 Cory Booker says the U.S. needs to ‘reexamine’ its ‘entire relationship’ with Saudi Arabia

Cory Booker says the U.S. needs to ‘reexamine’ its ‘entire relationship’ with Saudi ArabiaThe Democratic New Jersey senator said the disappearance of Jamal Khashoggi is just one of many concerns he has about Saudi Arabia and America's close ties to the Gulf country.


 Fri, 19 Oct 2018 15:25:13 -0400 New York Man Arrested For Threatening To Kill Senators Over Kavanaugh Confirmation

New York Man Arrested For Threatening To Kill Senators Over Kavanaugh ConfirmationLong Island resident Ronald DeRisi, 74, was arrested Friday and charged with


 Fri, 19 Oct 2018 10:02:39 -0400 Nikki Haley Jokes She's Not An 'Indian Woman' In Swipe At Elizabeth Warren

Nikki Haley Jokes She's Not An 'Indian Woman' In Swipe At Elizabeth WarrenNikki Haley, the outgoing U.S. ambassador to the United Nations, drew laughter


 Fri, 19 Oct 2018 08:00:00 -0400 Best Bites: Roasted brussel sprouts with parmesan sauce

Best Bites: Roasted brussel sprouts with parmesan sauceWelcome to Best Bites, a twice-weekly video series that aims to satisfy your


 Thu, 18 Oct 2018 15:11:27 -0400 The Republican who shocked the world 4 years ago could lose because of redistricting

The Republican who shocked the world 4 years ago could lose because of redistrictingThe Virginia congressional district that Dave Brat took in 2014 is now less favorable to the GOP.


 Fri, 19 Oct 2018 16:10:10 -0400 The Briefing Room: Migrant caravan reaches Guatemala-Mexico border

The Briefing Room: Migrant caravan reaches Guatemala-Mexico borderPresident Trump ramps up his rhetoric as thousands of migrants reach the Mexico-Guatemala border, and he praises Rep. Greg Gianforte, who body-slammed a journalist.


 Fri, 19 Oct 2018 09:18:38 -0400 Migrant Caravan's Arduous Journey Through Central America Toward U.S. Captured In Photos

Migrant Caravan's Arduous Journey Through Central America Toward U.S. Captured In PhotosA caravan of thousands of migrants continues to slalom its way through Central


 Thu, 18 Oct 2018 14:51:33 -0400 Dear Elle Magazine, Media Companies: Don't Create Fake News To Get People To Vote

Dear Elle Magazine, Media Companies: Don't Create Fake News To Get People To VoteA viral headline about Kim Kardashian and Kanye West breaking up is the latest


 Thu, 18 Oct 2018 04:51:00 -0400 Girl baked grandfather's ashes into cookies and gave them to classmates, police say

Girl baked grandfather's ashes into cookies and gave them to classmates, police sayA high school student mixed her cremated grandfather's ashes into homemade biscuits and gave them to classmates, police in California have said. The youngster and a friend shared the cookies with nine other pupils at Da Vinci Charter Academy in the city of Davis. "She had mentioned her grandpa's ashes before," said Andy Knox.


 Thu, 18 Oct 2018 05:00:04 -0400 Republican candidates trying to have it both ways on Obamacare

Republican candidates trying to have it both ways on ObamacareSome GOP candidates running this cycle who have or are trying to gut Obamacare are still running on the importance of protecting people with pre-existing conditions.


 Fri, 19 Oct 2018 16:05:04 -0400 Crimea mourns Kerch school shooting victims

Crimea mourns Kerch school shooting victimsStudents wept over the coffins of classmates Friday at the funeral of 20 people killed in a school shooting in Crimea dubbed the “Russian Columbine,” the worst massacre of its kind in the region’s history.


 Thu, 18 Oct 2018 22:08:20 -0400 Putin Hails Sunset of U.S. Global Domination Due To Mounting 'Mistakes'

Putin Hails Sunset of U.S. Global Domination Due To Mounting 'Mistakes'Russian President Vladimir Putin gloated Thursday about what he sees as the


 Thu, 18 Oct 2018 23:48:13 -0400 Texas police hunt woman who left toddler at stranger's door

Texas police hunt woman who left toddler at stranger's doorA woman is suspected of child abandonment for hoisting a two-year-old boy by the arm to the house of a stranger in a northern Houston suburb, ringing the doorbell and running away, authorities said on Thursday. Neither woman nor child has been identified in the incident that unfolded in less than 30 seconds on surveillance video, the Montgomery County Sheriff’s Office said. "The child is uninjured and appears to be in good health," it said, adding that the boy was in the custody of Child Protective Services and was being asked who left him behind.


 Thu, 18 Oct 2018 08:41:21 -0400 President Avenatti? Lawyer for Stormy Daniels and Julie Swetnick wants the 2020 Democratic nomination, arguing that no one will swing harder at Trump

President Avenatti? Lawyer for Stormy Daniels and Julie Swetnick wants the 2020 Democratic nomination, arguing that no one will swing harder at TrumpMichael Avenatti would like to turn his newfound fame into political power, in order to take down the man who did precisely that two years ago.


 Fri, 19 Oct 2018 12:09:29 -0400 At least 50 dead in India train disaster: police

At least 50 dead in India train disaster: policeAt least 50 people were killed Friday after a train plowed into revellers gathered to watch a Hindu festival in India's northern Amritsar city, police said. The train hit a crowd standing on the railway line to watch a fireworks show during Dussehra celebrations, police and eyewitnesses said. The priority now is to take the injured to the hospital," Amritsar city police commissioner S. S. Srivastava told reporters.


 Thu, 18 Oct 2018 17:25:40 -0400 Dear Abby, Here's What It’s Really Like To Have A 'Foreign' Name In America

Dear Abby, Here's What It’s Really Like To Have A 'Foreign' Name In AmericaIt's tradition for Sikh parents to turn to the Guru Granth Sahib, our holy


 Thu, 18 Oct 2018 06:56:05 -0400 New Banksy Video Suggests Shredded Painting Stunt Didn't Go Entirely To Plan

New Banksy Video Suggests Shredded Painting Stunt Didn't Go Entirely To PlanBanksy stunned the art world this month with the partial shredding of his


 Fri, 19 Oct 2018 10:47:36 -0400 Jimmy Carter: Brett Kavanaugh 'unfit' to serve on US supreme court, former US president says

Jimmy Carter: Brett Kavanaugh 'unfit' to serve on US supreme court, former US president saysJimmy Carter has branded newly-confirmed judge Brett Kavanaugh “unfit” to serve on the US supreme court. The former president told an audience at Emory University in Atlanta on Wednesday that Mr Kavanaugh’s confirmation by congress earlier this month was a “very serious mistake”. “I thought that whether or not he attempted to rape that woman, whether or not, I thought he was temperamentally unfit to serve on the Supreme Court because of his outburst during the hearing,” Mr Carter was recorded by an audience member as saying.


 Fri, 19 Oct 2018 20:35:46 -0400 PAC won't end ad saying black men will face rape accusations

PAC won't end ad saying black men will face rape accusationsLITTLE ROCK, Ark. (AP) — A political action committee said Friday that it won't pull radio ads in hotly contested races in Arkansas and Missouri that suggest African American men will face rape accusations if Democrats win midterm elections.


 Fri, 19 Oct 2018 06:57:06 -0400 Heidi Cruz Torched Over 'Tone-Deaf' Lament About Ted Cruz's 6-Figure Senate Salary

Heidi Cruz Torched Over 'Tone-Deaf' Lament About Ted Cruz's 6-Figure Senate SalaryHeidi Cruz was mocked on Twitter for appearing to suggest that she and husband


 Thu, 18 Oct 2018 16:27:43 -0400 Facebook `Delighted’ by War Room Response to Brazil Election

Facebook `Delighted’ by War Room Response to Brazil ElectionAs they monitored trends on the company’s sites -- like articles that were going viral and spikes in political-ad spending -- they noticed a suspicious surge in user reports of hate speech. The data scientists in the room told the policy experts that the malicious posts were targeting people in a certain area of Brazil, the poorer Northeast -- the only region carried by the leftist presidential candidate. The policy folks determined that what the posts were saying was against Facebook’s rules on inciting violence.


 Thu, 18 Oct 2018 11:38:39 -0400 Georgia Teacher Accused of 'Inappropriate' Relationship With Student Kills Himself

Georgia Teacher Accused of 'Inappropriate' Relationship With Student Kills HimselfZachary Meadors had a warrant out for his arrest at the time of his death.


 Thu, 18 Oct 2018 10:48:33 -0400 Israel steps up armored deployment on Gaza border

Israel steps up armored deployment on Gaza borderIsrael ramped up its armored forces along the Gaza border on Thursday in a daylight show of force, a day after a Palestinian rocket destroyed a home in southern Israel. With the deployment clearly visible from main Israeli roads near the Gaza Strip, senior Egyptian security officials met leaders of the enclave's ruling Hamas to try to calm tensions. Hamas and the smaller Islamic Jihad militant group quickly denied firing the rockets.


 Fri, 19 Oct 2018 14:18:17 -0400 President Trump Praises Melania for Staying 'So Cool' During Plane Mishap

President Trump Praises Melania for Staying 'So Cool' During Plane MishapFirst lady Melania Trump was not scared as the flight was forced to return to Andrews Air Force Base, the president said.


 Thu, 18 Oct 2018 11:49:21 -0400 Treasury Secretary Steven Mnuchin Says He Won't Attend Saudi Arabia Summit

Treasury Secretary Steven Mnuchin Says He Won't Attend Saudi Arabia SummitTreasury Secretary Steven Mnuchin said Thursday that he would no longer attend


 Fri, 19 Oct 2018 11:36:01 -0400 9-Year-Old Falsely Accused Of Groping White Woman Says He 'Felt Humiliated'

9-Year-Old Falsely Accused Of Groping White Woman Says He 'Felt Humiliated'Jeremiah Harvey, the 9-year-old boy accused of groping a woman at a Brooklyn


 Thu, 18 Oct 2018 14:28:00 -0400 'Active shooter' in Virginia puts major defence company building on lockdown

'Active shooter' in Virginia puts major defence company building on lockdownPolice are investigating reports of reports of an "active shooter" at a defence company General Dynamics in Portsmouth, Virginia. The call was received earlier in the day fro a security guard on site and Portsmouth police have called for people to stay clear of the area. Police are investigating a report of an active shooter at 2 Harper Ave. Dispatch received the 911 call at 1146am.


 Fri, 19 Oct 2018 13:41:03 -0400 Afghanistan elections delayed in Kandahar as nation braces for  polling day violence

Afghanistan elections delayed in Kandahar as nation braces for  polling day violenceVoting for parliamentary elections in Afghanistan's second city has been postponed after a key security official was assassinated and the country braced for widespread insurgent violence on polling day. Taliban commanders on Friday tried to further disrupt the election by issuing a nationwide demand for people to remain at home rather than head to the polls. The vote is seen as a test of president Ashraf Ghani's grip on the country after a grim year of soaring casualties among his forces and civilians and further encroachment by a buoyant Taliban. Dr Ghani's weary international backers, particularly Donald Trump, are desperate for signs of stability and progress after 17-years of pouring troops and money into the country. Yet preparations were dealt a severe blow on Thursday when Kandahar's powerful police chief, Gen Abdul Raziq, was shot dead in an insider attack claimed by the Taliban. Election workers prepare for the country's third parliamentary poll since the Taliban were ousted Credit: Reuters Gen Raziq had been a bastion against Taliban encroachment in the region with a ruthless campaign against the insurgents which had largely stabilised Kandahar and made him the most powerful government figure in southern Afghanistan. The attack at a meeting with US commander, Gen Scott Miller, killed the local intelligence chief and critically wounded the provincial governor, wiping out the local leadership at a stroke. Kandahar, once considered the stronghold of the Taliban movement, was on edge the day after the attack, as funerals were held and officials decided to postpone voting for a week. The Taliban have vowed to disrupt an election they declare a sham and its military council issued a statement warning voters that “participation in this process is aiding the invaders”. It ordered Afghans to “remain indoors and desist from bringing out any means of transport”. A bloody or badly flawed election is predicted to strengthen the Taliban's hand in fledgling talks to find a political settlement to the conflict. More than nine million Afghans are registered to vote in what is only the third parliamentary poll since the Taliban were ousted after the 9/11 attacks. Around 2,500 candidates are standing for 249 seats in a parliament which has in the past decade gained a reputation for graft and greed. This year's polls have already been delayed since 2015 because of rifts within Dr Ghani's government and rows how to clean up the voting system. The vote sees a new generation of election hopefuls, many younger and better educated than previous candidates, take on an old guard frequently tainted with accusations of corruption or involvement in the bloodshed of the 1990s civil war. But the new generation also contains a raft of candidates whose fathers were formerly some of the country's most prominent Mujahideen warlords of the 1990s, and who have been towering figures of Afghan life for decades. This year's voting lists include children of notorious leaders including Gulbuddin Hekmatyar, the Uzbek strongman Gen Abdul Rashid Dostum, and the Herat powerbroker Ismail Khan. Jamaluddin Hekmatyar, whose father is remembered for indiscriminately bombarding Kabul as he squabbled with his former comrades in the 1990s, is standing as a member of his father's Hezb-e Islami party. The 42-year-old told the Telegraph he had not gained his candidacy through nepotism and wanted to “represent the people and fight for their rights”. “I have learned from my father to fight for our values, each nation has the right to be independent and we must fight for a good future, no matter how long that fight would be but we should resist.” He said it was not for him to answer for the deeds of the Mujahideen commanders. “I think it’s not a good analysis if we say only Mujahideen leaders committed mistakes here, we should note foreigners role in Afghanistan too.” The possible rise of children whose fathers presided over the destruction of the 1990s is eyed warily by many Afghans. “There will be no deference between the Mujahideen leaders and their children,” said one Herat resident who lost two uncles during the barbarity of the 1990s, “they are just a shadow of their dads”. “Mujahideen leaders want to rule their policies through their children. They are all educated in the West by the money that their dads received by selling the blood of innocent Afghans.”


 Thu, 18 Oct 2018 18:56:52 -0400 Mark Peterson awarded 2018 W. Eugene Smith Memorial Fund Grant in Humanistic Photography

Mark Peterson awarded 2018 W. Eugene Smith Memorial Fund Grant in Humanistic PhotographyThe W. Eugene Smith Memorial Fund awarded Mark Peterson this year’s $35,000 Grant in Humanistic Photography for his project, "The Past Is Never Dead."


 Fri, 19 Oct 2018 10:19:05 -0400 Cardi B swarmed as she hands out free winter coats in Brooklyn

Cardi B swarmed as she hands out free winter coats in BrooklynMetal barricades could barely contain the hundreds of fans lined up in Brooklyn on Thursday as superstar Cardi B handed out free winter coats to the assembled masses.


 Thu, 18 Oct 2018 08:25:01 -0400 Women Heckle Ted Cruz In Airport Over Kavanaugh Vote

Women Heckle Ted Cruz In Airport Over Kavanaugh VoteA video posted to Twitter shows women tailing Sen. Ted Cruz (R-Texas) at an


 Fri, 19 Oct 2018 13:49:58 -0400 The contrasts of Mexico's southern and northern borders

The contrasts of Mexico's southern and northern bordersMEXICO CITY (AP) — Some 3,000 Central American migrants prepared to cross into Mexico from Guatemala on Friday with hopes of eventually arriving to the United States. Busloads of Mexican federal police were gathering in Ciudad Hidalgo and a Mexican military helicopter flew along the river in anticipation.


 Fri, 19 Oct 2018 14:27:47 -0400 Trump adviser Bolton to meet Russian leaders

Trump adviser Bolton to meet Russian leadersWhite House National Security Adviser John Bolton will meet with Russia's Foreign Minister Sergei Lavrov and Security Council Secretary Nikolai Patrushev on Saturday, he said Friday. Bolton announced the visit to Moscow in a tweet, saying he would "continue discussions that began in Helsinki," referring to a summit between presidents Donald Trump and Vladimir Putin in July. Relations between the United States and Russia are under deep strain from accusations that Moscow meddled in the 2016 presidential election, as well as tension over Russian support for the government in Syria's civil war and the conflict in Ukraine.


 Fri, 19 Oct 2018 23:06:25 -0400 'Compelling Evidence' Points To Saudi Prince In Khashoggi Death, Says Ex MI6 Chief

'Compelling Evidence' Points To Saudi Prince In Khashoggi Death, Says Ex MI6 ChiefThe former head of Britain's foreign intelligence service MI6 believes "very


 Thu, 18 Oct 2018 18:18:52 -0400 Justice Department probes Catholic Church sex abuse in Pennsylvania

Justice Department probes Catholic Church sex abuse in PennsylvaniaThe investigation is the first statewide probe by federal authorities of allegations of sex abuse and cover-up by the Catholic Church in the United States.


 Thu, 18 Oct 2018 16:23:15 -0400 Jason Chaffetz Mocks Elizabeth Warren With Native American Statue Photo, Twitter Flips

Jason Chaffetz Mocks Elizabeth Warren With Native American Statue Photo, Twitter FlipsFormer Rep. Jason Chaffetz (R-Utah) might have set himself up for selfie-


 Fri, 19 Oct 2018 12:46:01 -0400 'At least 50' dead as train ploughs through festival crowd in India

'At least 50' dead as train ploughs through festival crowd in IndiaAt least 50 people were killed on Friday after a train ploughed into revellers celebrating a Hindu festival in northern India, police said, the latest major accident on the country's crumbling rail network. A crowd had gathered on railway tracks in the city of Amritsar in Punjab state to watch a fireworks show marking the Dussehra festival when the train barrelled down the line at speed. "There are more than 50 dead. The priority now is to take the injured to the hospital," Amritsar city police commissioner SS Srivastava told reporters. More than 60 people who were injured were being given emergency treatment at various hospitals across the city, he added. An AFP photographer at the scene said some victims had lost limbs in the accident while others suffered head wounds. A crowd gathers at the site of the train accident Credit: Prabhjot Gill/AP "There was a lot of noise as firecrackers were being let off and it appears they (victims) were unable to hear the approaching train," a police official told AFP on condition of anonymity. An eyewitness told a local TV channel there was "utter commotion" when the crowds noticed the train "coming very fast" towards them. "Everyone was running helter-skelter and suddenly the train crashed into the crowds of people," he said. Indian relatives and revellers gather around the bodies of the victims of a train accident during the Hindu festival of Dussehra in Amritsar  Credit: NARINDER NANU/AFP Punjab Chief Minister Amarinder Singh ordered an investigation into the deadly accident and announced a monetary compensation of 500,000 rupees ($6800) each to the family of the victims. "We have reports that some 50-60 people have died. We have asked all hospitals to remain open through the night so that the injured can be treated," Singh told reporters. Prime Minister Narendra Modi said he was extremely saddened by the "heart-wrenching tragedy" and asked officials to provide immediate assistance to the injured. Some relatives of the deceased blamed the authorities for allowing a "big function" to be held next to the railway track. An eyewitness said people were taking pictures on their mobile phones and "they were not given any warning that they should not stand on the tracks." India's railway network is the world's fourth largest and remains the main form of travel in the vast country, but it is poorly funded and deadly accidents often occur. The country is home to hundreds of railway crossings that are unmanned and particularly accident prone, with people often ignoring oncoming train warnings.


 Thu, 18 Oct 2018 08:02:00 -0400 Iran's Navy-Killer Missiles Now Have Double the Range

Iran's Navy-Killer Missiles Now Have Double the RangeIranian Revolutionary Guard aerospace division chief Amirali Hajizadeh declared Tuesday that Iran had boosted the range of its land-to-sea ballistic missiles up to 700 km, or 435 miles, Reuters reports, capable of hitting “any vessel or ship” at that range.


 Thu, 18 Oct 2018 10:51:45 -0400 'We built it for the big one': How this Mexico Beach house survived Hurricane Michael

'We built it for the big one': How this Mexico Beach house survived Hurricane MichaelMexico Beach, Florida, was almost completely flattened by Hurricane Michael. However, one home stood high on stilts above the wreckage, appearing largely untouched from the storm.


 Thu, 18 Oct 2018 16:56:37 -0400 Falling Ford Pickup Tailgates Draw Federal Safety Probe

Falling Ford Pickup Tailgates Draw Federal Safety ProbeGovernment regulators opened an investigation this week into why some Ford heavy-duty pickup truck power tailgates are falling open. The National Highway Traffic Safety Administration (NHTSA) is ...


 Thu, 18 Oct 2018 13:36:58 -0400 What Defines Normal? Millions Search Google Every Day For Answers

What Defines Normal? Millions Search Google Every Day For AnswersDays before India's Supreme Court overturned a colonial-era law that made gay


 Thu, 18 Oct 2018 19:24:26 -0400 House committees to interview Rosenstein behind closed doors

House committees to interview Rosenstein behind closed doorsWASHINGTON (AP) — The top lawmakers on two House committees will interview Deputy Attorney General Rod Rosenstein next week about reports that he had discussed secretly recording President Donald Trump.


 Fri, 19 Oct 2018 09:48:56 -0400 Illegal immigrants overwhelming US Border Patrol

Illegal immigrants overwhelming US Border PatrolFamilies being released due to court decisions and a lack of shelter space; William La Jeunesse reports.


 Fri, 19 Oct 2018 08:33:29 -0400 Afghanistan delays vote in strategic Kandahar after killing of commander

Afghanistan delays vote in strategic Kandahar after killing of commanderSaturday's parliamentary election in Kandahar will be delayed by a week after the assassination of one of the country's most powerful security chiefs.


 Thu, 18 Oct 2018 04:55:30 -0400 Twitter's Plea To 'Be Sweet When You Tweet' Quickly Flies Off The Rails

Twitter's Plea To 'Be Sweet When You Tweet' Quickly Flies Off The RailsTwitter made a simple request on Wednesday, but many users of the social


 Fri, 19 Oct 2018 13:48:59 -0400 Stunning shots show crystal-clear waters in Norway's lakes and fjords

Stunning shots show crystal-clear waters in Norway's lakes and fjordsTomasz Furmanek works in an office most of the time, but when he’s free he often kayaks through the waters of Norway, capturing breathtaking images.


 Fri, 19 Oct 2018 05:45:26 -0400 We Asked Men To Own Up To Misogyny And Sexual Misconduct. Here's What They Said.

We Asked Men To Own Up To Misogyny And Sexual Misconduct. Here's What They Said.When Christine Blasey Ford came forward last month to accuse Judge Brett


 Thu, 18 Oct 2018 09:11:37 -0400 Saudi Arabia's ruling dynasty

Saudi Arabia's ruling dynastyThe Al-Saud dynasty, which has ruled Saudi Arabia since the early 20th century, has found itself embroiled in one of its worst international crises since the disappearance of Jamal Khashoggi. Turkish officials have accused Saudi Arabia of a state-sponsored killing, but Riyadh denies the allegations. The Al-Saud trace their origins back to the 1700s, when Saud bin Mohammed reigned as a local sheikh in the central Arabian peninsula, which would two centuries later be the birthplace of Saudi Arabia -- named after the family.


 Thu, 18 Oct 2018 12:31:00 -0400 Midterm elections: How do they work, when are they and what do they mean for America's political future?

Midterm elections: How do they work, when are they and what do they mean for America's political future?The US 2018 midterm elections are approaching, and both Republicans and Democrats are vying for control of Congress. While midterm elections generally garner lower numbers of voter turnout and participation than general elections do, a study has revealed that voter turnout has increased in primary elections across the country this year. According to the Pew Research Centre, half of the registered voters have reported to be more enthusiastic about voting in 2018 than in previous years – and turnout at the polls had surged in primary elections held across 31 states.


 Fri, 19 Oct 2018 17:53:11 -0400 The Latest: Man gets life for Walmart shooting that killed 3

The Latest: Man gets life for Walmart shooting that killed 3BRIGHTON, Colo. (AP) — The Latest on the sentencing of a man who shot and killed three people in a suburban Denver Walmart (all times local):



Cisco Security Advisory   more  xml  hide  
last updated: Sat, 20 Oct 2018 07:24:10 GMT

 Fri, 19 Oct 2018 17:52:10 CDT Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018

On August 14, 2018, the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center (CERT/CC) disclosed a vulnerability in the IP stack that is used by the Linux Kernel. This vulnerability is publicly known as FragmentSmack.

The vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attack could be executed by an attacker who can submit a stream of fragmented IPv4 or IPv6 packets that are designed to trigger the issue on an affected device.

The vulnerability is due to inefficient IPv4 and IPv6 fragment reassembly algorithms in the IP stack that is used by the affected kernel. Linux Kernel Versions 3.9 and later are known to be affected by this vulnerability.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment


Security Impact Rating: High
CVE: CVE-2018-5391
 Fri, 19 Oct 2018 16:00:00 CDT libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018

A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.

The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh


Security Impact Rating: Critical
CVE: CVE-2018-10933
 Wed, 17 Oct 2018 16:00:00 CDT Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI.

The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc


Security Impact Rating: High
CVE: CVE-2018-0417
 Wed, 17 Oct 2018 16:00:00 CDT Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service Vulnerability

A vulnerability in the Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to a deadlock condition that may occur when an affected AP attempts to dequeue aggregated traffic that is destined to an attacker-controlled wireless client. An attacker who can successfully transition between multiple Service Set Identifiers (SSIDs) hosted on the same AP while replicating the required traffic patterns could trigger the deadlock condition. A watchdog timer that detects the condition will trigger a reload of the device, resulting in a DoS condition while the device restarts.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-aironet-dos


Security Impact Rating: Medium
CVE: CVE-2018-0381
 Wed, 17 Oct 2018 16:00:00 CDT Cisco Wireless LAN Controller Software Directory Traversal Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information.

The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal


Security Impact Rating: Medium
CVE: CVE-2018-0420

powered by zFeeder

Reload this page to check for the most recent news updates.

Please read our legal disclaimer for the use of this information.

Stay Secure
Axiom understands how vital the security of your data is to your organization. Please don't hesitate to contact us if you would like a professional assessment of your network infrastructure.
Home Axiom Advisor Security Bulletins