Security Bulletins

Microsoft Security Bulletins   more  xml  hide  
last updated: Sat, 20 Jan 2018 18:48:34 GMT

 2017-10-19T17:00:00.0000000Z MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (October 19, 2017): Corrected a typo in the CVE description.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR).
 2017-09-12T17:00:00.0000000Z MS16-123 - Important: Security Update for Windows Kernel-Mode Drivers (3192892) - Version: 3.0
Severity Rating: Important
Revision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3376. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
 2017-09-12T17:00:00.0000000Z MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 4.0
Severity Rating: Critical
Revision Note: V4.0 (September 12, 2017): Revised the Microsoft Windows affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-0165. Consumers running Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
 2017-09-12T17:00:00.0000000Z MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 3.0
Severity Rating: Critical
Revision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems and Internet Explorer 11 installed on Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3326. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Internet Explorer on Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability. Customers who are running other versions of Windows 10 and who have installed the June cumulative updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 2017-09-12T17:00:00.0000000Z MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 2.0
Severity Rating: Critical
Revision Note: V2.0 (September 12, 2017): To address known issues with the 3170455 update for CVE-2016-3238, Microsoft has made available the following updates for currently-supported versions of Microsoft Windows: • Rereleased update 3170455 for Windows Server 2008 • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 and Windows Server 2012 R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016. Microsoft recommends that customers running Windows Server 2008 reinstall update 3170455. Microsoft recommends that customers running other supported versions of Windows install the appropriate update. See Microsoft Knowledge Base Article 3170005 (https://support.microsoft.com/en-us/help/3170005) for more information.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or sets up a rogue print server on a target network.

US-CERT: The United States Computer Emergency Readiness Team   more  xml  hide  
last updated: Sat, 20 Jan 2018 18:56:32 GMT

 Fri, 19 Jan 2018 06:20:06 +0000 Lenovo Releases Security Advisory
Original release date: January 19, 2018

Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System (ENOS) firmware. An attacker could exploit this vulnerability to obtain sensitive information.

NCCIC/US-CERT encourages users and administrators to review Lenovo's Security Advisory and the Canadian Cyber Incident Response Centre (CCIRC)'s Lenovo Security Advisory for more information and apply the necessary updates or mitigations.


This product is provided subject to this Notification and this Privacy & Use policy.


 Thu, 18 Jan 2018 18:57:50 +0000 NCSC Releases Security Advisory
Original release date: January 18, 2018

The United Kingdom's National Cyber Security Centre (NCSC) has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats.

NCCIC/US-CERT encourages users and administrators to review the NCSC advisory to access the report and for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


 Wed, 17 Jan 2018 18:52:16 +0000 Cisco Releases Security Updates
Original release date: January 17, 2018 | Last revised: January 18, 2018

Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 16 Jan 2018 23:58:39 +0000 ISC Releases Security Advisories for DHCP, BIND
Original release date: January 16, 2018

The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

NCCIC/US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01541 and AA-01542 and apply the necessary updates or workarounds.


This product is provided subject to this Notification and this Privacy & Use policy.


 Tue, 16 Jan 2018 22:31:37 +0000 Oracle Releases January 2018 Security Bulletin
Original release date: January 16, 2018

Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review the Oracle January 2018 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.



[logo] SecurityFocus Vulnerabilities   more  xml  hide  
last updated: Sat, 20 Jan 2018 18:48:34 GMT

 2018-01-19 Vuln: WordPress MediaElement Cross Site Scripting Vulnerability
WordPress MediaElement Cross Site Scripting Vulnerability
 2018-01-19 Vuln: Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
 2018-01-19 Vuln: Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
 2018-01-19 Vuln: Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
  Bugtraq: [SECURITY] [DSA 4092-1] awstats security update
[SECURITY] [DSA 4092-1] awstats security update

[logo] Yahoo News - Latest News & Headlines   more  xml  hide  
last updated: Sat, 20 Jan 2018 18:56:33 GMT

 Thu, 18 Jan 2018 14:00:38 -0500 The resistance is organized and ready in district where Trump is visiting

The resistance is organized and ready in district where Trump is visitingDemocrats, especially women, have been organizing ever since last year’s election. And they think they have a chance to take the seat in this heavily Republican district.


 Thu, 18 Jan 2018 14:30:06 -0500 Parents Charged With Torture And Abuse Of 13 Kids May Face Life In Prison

Parents Charged With Torture And Abuse Of 13 Kids May Face Life In PrisonA California couple accused of holding their 13 children captive in their home for years face up to life in prison.


 Thu, 18 Jan 2018 15:18:23 -0500 Russian Money Ties to NRA Under FBI Scrutiny

Russian Money Ties to NRA Under FBI ScrutinyGreg Gordon, investigative reporter for McClatchy DC, talks with Rachel Maddow about news that the FBI is looking into whether Russian money was funneled to the Trump campaign through the NRA.


 Thu, 18 Jan 2018 19:02:08 -0500 House Blocks Trump's Order To Deport Palestinian Man Living In U.S. For 39 Years

House Blocks Trump's Order To Deport Palestinian Man Living In U.S. For 39 YearsLast month, with a deportation order hanging over his head, Amer Othman Adi, 57, and his family were making preparations to leave their life in Youngstown, Ohio, willingly.


 Thu, 18 Jan 2018 18:52:09 -0500 Helicopter with Zimbabwe opposition leader crashes, kills 5

Helicopter with Zimbabwe opposition leader crashes, kills 5RATON, N.M. (AP) — A group of prominent friends, including a key Zimbabwean opposition leader and a Texas-based investor and philanthropist, was heading to a ranch in the U.S. state of New Mexico when their helicopter crashed and burned in a remote area, killing five people aboard.


 Fri, 19 Jan 2018 10:00:18 -0500 Adulthood now begins at 24, say scientists as young people delay work, marriage and families 

Adulthood now begins at 24, say scientists as young people delay work, marriage and families Adulthood does not begin until 24, scientists have concluded because young people are continuing their education for longer and delaying marriage and parenthood. The traditional definition for adolescence is currently between and the ages of 10 and 19, which marked the beginnings of puberty and the perceived end of biological growth. But, writing in the Lancet Child & Adolescent Health, scientists from the Royal Children’s Hospital in Melbourne argue the timings needs to be changed. They point to the fact that the brain continues to mature beyond the age of 20, and many people’s wisdom teeth do not come through until the age of 25. And people are also getting married and having children later, with the average man entering their first marriage aged 32.5 and women 30.6, an increase of eight years since the 1970s. Families have changed significantly since the 1970s Credit:  Fox Photos Lead author Prof Susan Sawyer, said delays in young people leaving education, settling down and becoming parents, showed adolescence was now longer and argued that policies that support youth should be extended beyond teenage years. Countries such as New Zealand already treat children who have been in care as vulnerable until they are 25, allowing them the same rights as youngsters “Age definitions are always arbitrary,” she said, but “our current definition of adolescence is overly restricted.” “The ages of 10-24 years are a better fit with the development of adolescents nowadays.” However other academics argued that just because young people were unmarried or still in education did not mean they were not fully functioning adults. But Dr Jan Macvarish, a parenting sociologist at the University of Kent, told the BBC: “There is nothing inevitably infantilising about spending your early 20s in higher education or experimenting in the world of work. “Society should maintain the highest possible expectations of the next generation.” Prof Sawyer also admits there could be downsides to he plan, particularly if youngsters were no longer seen as responsible or capable of full engagement in society until they were 24. "Such a view would risk disenfranchising adolescents and undermines their rights to fully participate in society," she added.


 Fri, 19 Jan 2018 11:05:57 -0500 Delta issues new rules on emotional support animals

Delta issues new rules on emotional support animalsAfter the airline said it saw a spike in animal incidents, passengers must now provide documentation for their pet to the airline within 48 hours of their flight.


 Fri, 19 Jan 2018 00:54:09 -0500 2 Boys Arrested After Vandalism That Killed 500,000 Bees On Iowa Honey Farm

2 Boys Arrested After Vandalism That Killed 500,000 Bees On Iowa Honey FarmTwo boys are facing felony charges after vandalism at an Iowa honey farm killed 500,000 bees, according to police.


 Thu, 18 Jan 2018 15:54:16 -0500 Turkey seeks Russian approval for air campaign against Afrin

Turkey seeks Russian approval for air campaign against AfrinBy Gulsen Solaker and Tuvan Gumrukcu ANKARA (Reuters) - Turkey dispatched its military chief to Moscow on Thursday, seeking approval for an air campaign in Syria's Kurdish-controlled Afrin region, although Damascus warned it could shoot down any Turkish planes in its skies. Turkey's foreign minister said the Moscow trip by Chief of Staff Hulusi Akar was part of talks with both Russia and Iran, the two main backers of Syrian President Bashar al-Assad, to allow Turkish planes to take part in an Afrin campaign.


 Thu, 18 Jan 2018 19:25:00 -0500 Government shutdown: Trump tweets cause chaos for Republicans as they scramble to pass spending bill

Government shutdown: Trump tweets cause chaos for Republicans as they scramble to pass spending billA tweet from President Donald Trump has thrown Republican plans to avoid a government shutdown into chaos by contradicting his own administration. Congress has been scrambling to pass a short-term measure before a shutdown comes into effect on Saturday. House Majority Leader Kevin McCarthy said “we’re in very good shape” for passage of a spending bill that would keep the government running for another four weeks.


 Fri, 19 Jan 2018 21:42:17 -0500 Clergy Abuse Advocates Fear Pope Francis Is Making It Harder For Victims To Speak Up

Clergy Abuse Advocates Fear Pope Francis Is Making It Harder For Victims To Speak UpWhen Joelle Casteix heard Pope Francis accuse sex abuse victims in Chile of slander, the pontiff’s words hit close to home.


 Thu, 18 Jan 2018 14:46:11 -0500 Fusion GPS testimony shows potential crimes

Fusion GPS testimony shows potential crimesRachel Maddow reads some of the highlights of the newly released transcript of the House Intelligence Committee testimony of Glenn Simpson of Fusion GPS.


 Fri, 19 Jan 2018 10:56:02 -0500 Car plows into crowd along Brazil’s Copacabana beach, killing baby

Car plows into crowd along Brazil’s Copacabana beach, killing babyA car plowed into a crowd on Rio de Janeiro's tourist-packed Copacabana seaside promenade, killing a baby and injuring more than a dozen people.


 Fri, 19 Jan 2018 11:43:04 -0500 Mattis unveils new National Defense strategy

Mattis unveils new National Defense strategyDefense Secretary Jim Mattis released the National Defense Strategy today that focuses on China and Russia as the biggest challenges to the U.S.


 Fri, 19 Jan 2018 00:44:41 -0500 Chris Christie Reportedly Turned Away From Airport VIP Entrance

Chris Christie Reportedly Turned Away From Airport VIP EntranceChris Christie, no longer the governor of New Jersey, was reportedly denied access to a special VIP entrance at Newark Liberty International Airport on Thursday.


 Fri, 19 Jan 2018 10:04:25 -0500 Google CEO: ‘No Issues’ with freeing female employees from NDAs

Google CEO: ‘No Issues’ with freeing female employees from NDAsGoogle CEO Sundar Pichai and YouTube CEO Susan Wojcicki says they “want to provide a more open environment” for employees to be able to tell their stories.


 Sat, 20 Jan 2018 04:06:48 -0500 Donald Trump's 'Screaming' Face On A Newspaper Stack Gets The Funniest Reworking

Donald Trump's 'Screaming' Face On A Newspaper Stack Gets The Funniest ReworkingA photo-editing battle has erupted over this somewhat unsettling snap of President Donald Trump’s face on a stack of German newspapers: PsBattle: Trump screaming in a stack of newspapers from photoshopbattles The viral image was actually part of an advertising campaign for the Der Tagesspiegel newspaper back in 2016, reports AdWeek.


 Fri, 19 Jan 2018 07:28:00 -0500 China Wants Missile Defenses To Stop India (And Kill Satellites)

China Wants Missile Defenses To Stop India (And Kill Satellites)India conducted a successful test of its most advanced intercontinental ballistic missile (ICBM), a nuclear-capable Agni-5, on Thursday, underscoring a potential threat to China as well as Pakistan. China is also within range of nuclear-armed North Korean missiles and Japan is mulling whether it should develop similar capabilities.


 Thu, 18 Jan 2018 21:42:57 -0500 The Latest: Schumer says very short-term funding would be OK

The Latest: Schumer says very short-term funding would be OKWASHINGTON (AP) — The Latest on the debate over immigration and the budget (all times local):


 Thu, 18 Jan 2018 21:52:09 -0500 Why It's So Hard For Victims Of Extreme Abuse To Leave

Why It's So Hard For Victims Of Extreme Abuse To LeaveWhen police entered the home of David and Louise Turpin in Perris, California, they encountered 12 siblings who were being held in filthy, dark conditions ― some chained to furniture.


 Fri, 19 Jan 2018 14:42:06 -0500 The Electrification Era Moves Closer for Cars

The Electrification Era Moves Closer for CarsAutomakers are seeing the future, and increasingly it’s more high voltage than high octane. At this year’s North American International Auto Show in Detroit, just under the sheet metal and hoods ...


 Fri, 19 Jan 2018 11:03:27 -0500 Classmate speaks out about California ‘House of Horrors’ victim

Classmate speaks out about California ‘House of Horrors’ victimA classmate of one of the victims who attended community college says the Turpin son was very thin and always in the same clothing.


 Thu, 18 Jan 2018 17:48:59 -0500 Artist Gives Vintage Ads A Feminist Makeover By Swapping Gender Roles

Artist Gives Vintage Ads A Feminist Makeover By Swapping Gender RolesEli Rezkallah, a 31-year-old artist and photographer from Beirut, Lebanon, recently created a photo series called “In a Parallel Universe.”


 Fri, 19 Jan 2018 12:16:10 -0500 WH blame possible shutdown on Schumer and Democrats

WH blame possible shutdown on Schumer and DemocratsThe White House tries to lay blame for possible government shutdown on Senator Schumer and Senate Democrats.


 Fri, 19 Jan 2018 06:15:03 -0500 Deported Man's Wife Will Be State Of The Union Guest

Deported Man's Wife Will Be State Of The Union GuestRep. Debbie Dingell (D-Mich.) was so moved by the story of Jorge Garcia, a 39-year-old man deported to Mexico this week after living most of his life in the U.S., that she plans to bring his wife Cindy Garcia as her plus-one guest to the 2018 State of the Union address.


 Thu, 18 Jan 2018 17:34:02 -0500 Phoenix Serial Killer Suspect Identified After DNA Allegedly Connects Him to 9 Killings

Phoenix Serial Killer Suspect Identified After DNA Allegedly Connects Him to 9 KillingsSeven men and two women were shot between Nov. 27 and Dec. 17


 Fri, 19 Jan 2018 00:34:03 -0500 Taiwan blocks China flights after route row

Taiwan blocks China flights after route rowTaiwan has blocked nearly 200 flights by Chinese airlines over the strait that separates the two rivals due to the carriers' use of controversial new travel routes introduced by China. Taipei has repeatedly called for four new flight paths to be cancelled since China launched them earlier in January, but their complaints have fallen on deaf ears on the mainland. China Eastern Airlines and Xiamen Air have since requested to operate 176 additional flights between Taiwan and China during the Lunar New Year period in mid-February.


 Fri, 19 Jan 2018 11:57:00 -0500 Two things can tell you if Trump will be impeached in 2018: the midterms and Mueller

Two things can tell you if Trump will be impeached in 2018: the midterms and MuellerImpeachment is a word that the White House had to deal with very early in the Donald Trump presidency – and it has never gone away. Other than the President’s controversial words, it is the investigation into Russia’s presidential election meddling – and the possible collusion between the Trump campaign and the Kremlin – that has piqued the most interest. According to an analysis of Google searches by the Brookings Institute think tank these peaks came in May and November, the former being when Mr Trump fired his firmer FBI director James Comey and the latter being when a number of Trump campaign officials were facing indictment or potential indictment.


 Fri, 19 Jan 2018 08:13:58 -0500 Mom Of Racist-Ranting Alabama Student Says She Didn't Raise Her That Way

Mom Of Racist-Ranting Alabama Student Says She Didn't Raise Her That WayThe mother of a University of Alabama student who received national scorn for her racist rants on video said she agreed with the school’s decision to expel her daughter.


 Thu, 18 Jan 2018 19:21:18 -0500 Phoenix police: Serial killing suspect tied to 9 attacks

Phoenix police: Serial killing suspect tied to 9 attacksPHOENIX (AP) — A serial killing suspect shot and killed nine people, including his own mother, and used a victim's gun in some of the slayings that unfolded in a three-week span late last year, authorities said Thursday.


 Fri, 19 Jan 2018 13:48:50 -0500 'Leaning Out': Aerial photography by Jeffrey Milstein

'Leaning Out': Aerial photography by Jeffrey MilsteinJeffrey Milstein’s overhead images of ports, train yards, airports, parking lots, and cityscapes, reveal harmonious symmetries invisible during daily life yet still somehow familiar.


 Thu, 18 Jan 2018 16:52:16 -0500 Olympian McKayla Maroney On Larry Nassar: 'He Abused My Trust. He Abused My Body.'

Olympian McKayla Maroney On Larry Nassar: 'He Abused My Trust. He Abused My Body.'Olympic gymnast McKayla Maroney made a powerful statement Thursday morning during the sentence hearing of former USA Gymnastics and Michigan State University team doctor Larry Nassar.


 Thu, 18 Jan 2018 15:09:02 -0500 U.S. lawmakers may soon be liable for sexual harassment payouts

U.S. lawmakers may soon be liable for sexual harassment payoutsMembers of the U.S. House of Representatives could no longer use public funds for awards or settlements in sexual harassment cases under bipartisan legislation unveiled on Thursday that updates a 20-year law governing the rights of congressional employees. Leaders from both parties, including Speaker Paul Ryan, the most powerful lawmaker in the chamber, support the bill, indicating it should pass quickly and easily in a Congress frequently frozen by partisan standoffs. A growing wave of women reporting abuse or misconduct has brought down powerful men recently, from movie producer Harvey Weinstein to popular television personality Matt Lauer, as well as one of the longest-serving Democrats in Congress, former Representative John Conyers.


 Thu, 18 Jan 2018 18:44:08 -0500 Supreme Court Tells North Carolina To Hold Off On Redrawing Congressional Map

Supreme Court Tells North Carolina To Hold Off On Redrawing Congressional MapThe U.S. Supreme Court on Thursday evening granted a request from Republican lawmakers in North Carolina to temporarily put on hold a lower court order that the state redraw its congressional map by next week.


 Fri, 19 Jan 2018 17:08:27 -0500 New photographs of Las Vegas shooter's room show more of Stephen Paddock's deadly arsenal

New photographs of Las Vegas shooter's room show more of Stephen Paddock's deadly arsenalThe Las Vegas gunman meticulously planned how to carry out the worst mass shooting in modern US history, researching Swat tactics, renting other hotel rooms overlooking outdoor concerts and investigating potential targets in at least four cities, authorities said on Friday. But months after Stephen Paddock killed 58 people and wounded more than 800 others with a barrage of bullets from the Mandalay Bay casino-hotel, investigators still have not answered the key question: Why did he do it? On Friday, Clark County Sheriff Joe Lombardo released a preliminary report on the October 1 attack and said he did not expect criminal charges to be filed against Paddock's girlfriend, Marilou Danley, who had been previously called a person of interest in the case. The interior of the Mandalay Bay hotel room 32-134 towards bathroom is part of the evidence images included in the report Credit: Las Vegas Metropolitan Police Department via AP During an interview with investigators, Ms Danley said Paddock had become "distant" in the year before the shooting and their relationship was no longer intimate. When they stayed at the Mandalay Bay together in September 2017, Paddock acted strangely, she told investigators. She remembered him constantly looking out the windows overlooking an area where the concert would be held the next month, moving from window to window to see the site from different angles, the report said. A photograph of Stephen Paddock's vantage point from his Mandalay Bay's room released by Las Vegas Police Credit: Las Vegas Metropolitan Police Department via AP Mr Paddock's online searches before the shooting included research into Swat tactics and consideration of other potential public targets, including in Chicago, Boston and Santa Monica, California, the sheriff said. His research included the number of attendees at other concerts in Las Vegas and the size of the crowds at Santa Monica's beach. A small sledge hammer, broken glass and bullet casings inside the interior of Stephen Paddock's floor room  Credit: Las Vegas Metropolitan Police Department via AP Paddock, a 64-year-old retired accountant and multimillionaire real estate investor, killed himself with a gunshot to the mouth before police reached him. Authorities have said they found no link to international terrorism. They believe Paddock meticulously prepared his plan to fire assault-style weapons from the 32nd floor of the Mandalay Bay hotel into a crowd of 22,000 people attending the Route 91 Harvest Festival music below. Las Vegas gunman Stephen Paddock Credit: AP Paddock fired more than 1,100 bullets, mostly from two windows, Sheriff Lombardo has said. That includes about 200 shots fired through his hotel room door into a hallway where an unarmed hotel security guard was wounded in the leg and a maintenance engineer took cover. Several bullets hit fuel storage tanks at nearby McCarran International Airport that did not explode. Authorities reported finding about 4,000 unused bullets in Paddock's two-room suite, including incendiary rounds that Sheriff Lombardo said were not used. The kitchenette in the hotel room of Stephen Paddock's 32nd floor room Credit: Las Vegas Metropolitan Police Department via AP Investigators found 23 guns in the rooms, including 12 rifles that a federal Bureau of Alcohol, Tobacco and Firearms official said were fitted with "bump stock" devices that allowed rapid-fire shooting similar to fully automatic weapons. Ms Danley was in the Philippines at the time of the attack. The broken down door to room 32-135 Credit: Las Vegas Metropolitan Police Department via AP Sheriff Lombardo and Aaron Rouse, FBI agent in charge in Las Vegas, had described Ms Danley as a person of interest in the investigation but not a suspect. She was questioned by the FBI when she arrived in Los Angeles from overseas, and was described as cooperating with investigators. Las Vegas shooting | Timeline of attack However, a document filed October 6 and recently unsealed by a federal judge in Las Vegas said the FBI considered Ms Danley "the most likely person who aided or abetted Stephen Paddock." Questions have been raised about Ms Danley's receipt in the Philippines of a $10,000 wire transfer from Paddock just days before the shooting. FBI warrant documents also showed that Ms Danley told investigators that they would find her fingerprints on bullets used during the attack because she would sometimes help Paddock load high-volume ammunition magazines.


 Fri, 19 Jan 2018 13:39:00 -0500 Why the H3N2 ‘Aussie Flu’ Strain is Such a Brutal Virus

Why the H3N2 ‘Aussie Flu’ Strain is Such a Brutal VirusSkeptical? Just ask the Australians.


 Thu, 18 Jan 2018 13:59:07 -0500 Here's What Happens In A Government Shutdown

Here's What Happens In A Government ShutdownThe federal government is once again entering a shutdown as Congress failed to pass short-term funding legislation by midnight Friday. Republicans and Democratic lawmakers remained at odds with each other and with President Donald Trump over a budget proposal, blocking attempts to avert the shutdown with a short-term spending bill. You might be wondering what a “government shutdown” entails and how it could affect you.


 Fri, 19 Jan 2018 09:00:11 -0500 The Funniest Tweets From Parents This Week

The Funniest Tweets From Parents This WeekKids may say the darndest things, but parents tweet about them in the funniest ways.


 Thu, 18 Jan 2018 21:24:25 -0500 Abuse in house of torture was 'severe, pervasive, prolonged'

Abuse in house of torture was 'severe, pervasive, prolonged'RIVERSIDE, Calif. (AP) — A California couple tortured a dozen of their children for years, starving them to the point that their growth was stunted, chaining them to their beds for up to months, preventing them from using the toilet at times and forbidding them from showering more than once a year, a prosecutor said Thursday.


 Thu, 18 Jan 2018 14:09:58 -0500 Couple’s sexless marriage is ‘weird, weird, weird’ says Yahoo Newsroom

Couple’s sexless marriage is ‘weird, weird, weird’ says Yahoo Newsroom“People can do what they want. But the marriage is a joke.” “Huh? Am I missing something here?” Two friends of Tiffany Trump’s are in the spotlight after exchanging “unconditional, unconventional” vows for a sexless marriage. The story jumped to the “top-trending” category on Yahoo Newsroom, sparking thousands of skeptical comments. New York socialites Quentin Esme Brown and Peter Cary Peterson tied the knot in Las Vegas (where first daughter Tiffany served as flower girl). On social media, the best friends turned husband and wife made clear that theirs will be a sexless, open marriage. Brown explained on Instagram, “Peter and I are not romantically involved — in fact we are still dating others and will continue to seek love in all forms — we are just each other’s hearts and wish to begin our journey towards evolution.” Their nontraditional relationship status raised one question over and over in the Yahoo comments: Why bother? One especially suspicious reader guessed that it’s a “business partnership and fraud.” What do you think of a sexless marriage? Join the conversation in Yahoo Newsroom.


 Fri, 19 Jan 2018 13:37:44 -0500 Aly Raisman Tells Nassar 'You Are Pathetic' After He Complains About Sentencing Hearing

Aly Raisman Tells Nassar 'You Are Pathetic' After He Complains About Sentencing HearingOlympian Aly Raisman addressed serial sexual abuser Larry Nassar in court Friday with a powerful statement, calling the former USA Gymnastics team doctor “pathetic” for complaining about the length of his sentencing hearing and “a monster” for abusing the trust of his young patients.


 Fri, 19 Jan 2018 01:33:23 -0500 Watch the World's First Ever Drone Surf Rescue

Watch the World's First Ever Drone Surf RescueA drone deployed an emergency flotation device to save two struggling swimmers in Australia


 Fri, 19 Jan 2018 12:35:06 -0500 Kremlin 'regrets' Ukrainian law recognising Russian occupation

Kremlin 'regrets' Ukrainian law recognising Russian occupationOf course, Russia will remain committed to the word and spirit of the Minsk accords with other guarantor countries France and Germany, but we regret that such steps only distract us from the desired goal," the Kremlin's spokesman Dmitry Peskov told journalists. The EU-brokered Minsk peace agreement, backed by Moscow and Kiev, was first reached in late 2014 and then re-worked in early 2015 with the help of Germany and France, but is violated almost daily.


 Fri, 19 Jan 2018 13:45:00 -0500 Takata Airbag Recall - Everything You Need to Know

Takata Airbag Recall - Everything You Need to KnowVehicles made by 19 different automakers have been recalled to replace frontal airbags on the driver’s side or passenger’s side, or both in what NHTSA has called "the largest and most complex saf...


 Fri, 19 Jan 2018 06:03:23 -0500 Trump Appointee Carl Higbie Resigns Following Offensive Comments

Trump Appointee Carl Higbie Resigns Following Offensive CommentsCarl Higbie, the chief of external affairs for the Corporation for National and Community Service, resigned Thursday after CNN unearthed a litany of offensive and discriminatory remarks he’d made on various radio segments.


 Thu, 18 Jan 2018 15:59:00 -0500 Trump plays his cards close to his chest in 'poker game' over North Korea's nuclear programme

Trump plays his cards close to his chest in 'poker game' over North Korea's nuclear programmeNorth Korea is one of the issues that has defined the first year of Donald Trump’s presidency, combining a number of elements the global community has come to expect from the White House incumbent: vague statements, bravado and a flurry of Twitter messages. In an interview this week Mr Trump said that the US was playing “a very, very hard game of poker and you don’t want to reveal your hand” but what is certain is that the stakes over the North’s nuclear weapons programme certainly increased throughout last year thanks to a mixture of the increase in missile tests by Pyongyang and a similar lift in the intensity of the rhetoric coming out of Washington. This year started with talks between North and South Korea, where the pair have agreed to march under a unified Korean flag as the North send a team to February’s Winter Olympics held by its neighbour in Pyeongchan.


 Fri, 19 Jan 2018 07:03:23 -0500 Anderson Cooper Tells Conan Haiti Is 'Among The Richest Countries I've Ever Been To'

Anderson Cooper Tells Conan Haiti Is 'Among The Richest Countries I've Ever Been To'CNN’s Anderson Cooper on Thursday gave Conan O’Brien a glowing review of Haiti before the talk show host’s trip there.


 Thu, 18 Jan 2018 17:34:31 -0500 California parents starved 13 children, taunted them with pie: prosecutor

California parents starved 13 children, taunted them with pie: prosecutorThe father, David Turpin, 57, is also accused of sexually abusing one of his young daughters, Riverside County District Attorney Mike Hestrin told reporters in announcing the charges before the couple's first court appearance later on Thursday. Turpin and his wife, Louise, 49, each faces 94 years to life in prison if convicted on the more than two dozen charges that include torture, child abuse and false imprisonment. The couple pleaded not guilty to all charges during a brief hearing before Judge Michael Donner, who ordered each defendant to remain held on $12 million bail and set the next hearing in the case for Feb. 23.


 Fri, 19 Jan 2018 13:58:28 -0500 Coco Chanel's Cocktail Table and Other Things We're Coveting Now

Coco Chanel's Cocktail Table and Other Things We're Coveting Now


 Fri, 19 Jan 2018 19:29:14 -0500 Prosecutors to seek death penalty in Chinese scholar case

Prosecutors to seek death penalty in Chinese scholar caseCHICAGO (AP) — U.S. prosecutors will seek the death penalty for a former physics student charged with the kidnapping and killing of a University of Illinois scholar from China, they told a judge in a Friday filing that also made a new allegation that the 28-year-old suspect once choked and sexually assaulted someone else years ago.



Cisco Security Advisory   more  xml  hide  
last updated: Sat, 20 Jan 2018 19:08:01 GMT

 Fri, 19 Jan 2018 21:29:40 CST Cisco NX-OS System Software Management Interface Denial of Service Vulnerability
A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition.

The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos
Security Impact Rating: Medium
CVE: CVE-2018-0090
 Fri, 19 Jan 2018 21:04:12 CST CPU Side-Channel Information Disclosure Vulnerabilities
On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.

The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre. The third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way that speculative execution is exploited.

To exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.

A Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.

Although Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the “Affected Products” section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.

Cisco will release software updates that address these vulnerabilities.
 
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Security Impact Rating: Medium
CVE: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754
 Wed, 17 Jan 2018 16:00:00 CST Cisco Small Business 300 and 500 Series Managed Switches Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system.
   
The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1
Security Impact Rating: Medium
CVE: CVE-2017-12307
 Wed, 17 Jan 2018 16:00:00 CST Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wsa1
Security Impact Rating: Medium
CVE: CVE-2018-0093
 Wed, 17 Jan 2018 16:00:00 CST Cisco WebEx Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks.

The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3
Security Impact Rating: Medium
CVE: CVE-2018-0111

powered by zFeeder

Reload this page to check for the most recent news updates.

Please read our legal disclaimer for the use of this information.

Stay Secure
Axiom understands how vital the security of your data is to your organization. Please don't hesitate to contact us if you would like a professional assessment of your network infrastructure.
Home Axiom Advisor Security Bulletins