10-07

October 7, 2019

The Cyber WAR (Weekly Awareness Report) is an Open Source Intelligence AKA OSINT resource focusing on advancedpersistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime categorydirected at both business and political targets. Attack vectors include system compromise, social engineering, and eventraditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: Last Malware* Troj/Phish-GCQ* Troj/DocDrp-LJ* Troj/DocDl-UYC* Troj/Azorult-CM* Troj/NanoCo-PG* Troj/DNetInj-JD* Troj/MSIL-MXZ* Troj/DocDl-UXW* Troj/DNetInj-JC* Troj/Steale-D

Last PUAs* Cryptocoin miner* Genieo* DynamicWrapperX* Download Assistant* IStartSurfInstaller* SurfBuyer* Bundlore* Yet Another Cleaner* SuperInstaller* Strictor

Interesting News

* HQWar: the higher it flies, the harder it dropsNow one can say that only the lazy did not use Hqwar: Kaspersky's collection of viruses features over 200,000 Trojanspacked using Hqwar.

* * The Cyber Intelligence Report has a brand new look and the 2019 Quarter 4 issue will be released the begining October. There are some great walkthroughs inside you shouldn't miss. We have an active Facebook group that discusses topicsranging from computer forensics to ethical hacking and more. Join the Cyber Secrets Facebook group here. If you wouldlike to receive the CIR updates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Krebs on Security

* Dark Reading

* The Hacker News

* Security Week

* Infosecurity Magazine

* Naked Security

* Quick Heal - Security Simplified

* Threat Post

The Hacker Corner:

* Security Conferences

* Zone-H Latest Published Website Defacements

Tools & Techniques

* Packet Storm Security Latest Published Tools

* Kali Linux Tutorials

* GBHackers Analysis

Exploits and Proof of Concepts

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

Packet Storm Security

* 90 Former National Security Officials Praise Whistleblower* Whitehat Hacks Muhstik Ransomware Gang And Release Keys* Copycat Coders Create Vulnerable Apps* FBI Warns About Attacks That Bypass Multi Factor Authentication* VoIP Espionage Campaign Hits U.S. Utilities Supplier* Signal Fixes FaceTime-Like Eavesdropping Bug* PayPal First To Drop Out Of Facebook Currency* Microsoft Says Iranian Hackers Tried To Hack A US Presidential Campaign* Egyptian Government Caught Tracking Opponents And Activists* Russian Hacker Group Patches Chrome And Firefox To Fingerprint TLS Traffic* Attackers Exploit 0-Day Completely Taking Over Android Phones* AG Barr Asks Facebook To Not Use End To End Encryption* Religious Apps May Have Sinful Permission Requests* Turkey Fines Facebook $282,000 Over Data Breach* Royals Sue Daily Mail Over U.K. Data Protection Act Violation* Researchers Say They Uncovered Uzbekistan Hacking Operations Due To Spectacularly Bad OPSEC* Zendesk Clocks 10,000 Accounts Accessed By Miscreants Prior To November, 2016* vBulletin Zero Day KOs Comodo User Forums* Cisco Webex, Zoom Meetings Are Open To Snoopers, So Use Passwords* Cyberattack Causes $95 Million Loss For Demant* Snowden Will Make First Public Appearance Since Lawsuit* US Hospitals Turn Away Patients As Ransomware Strikes* All Your Cloud Are Belong To Us* Why Big ISPs Aren't Happy About Google's Plans For Encrypted DNS* German Police Storm Bulletproof Data Center In Former NATO Bunker

Krebs on Security

* Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany* German Cops Raid "Cyberbunker 2.0," Arrest 7 in Child Porn, Dark Web Market Sting* MyPayrollHR CEO Arrested, Admits to $70M Fraud* Interview With the Guy Who Tried to Frame Me for Heroin Possession* Before He Spammed You, this Sly Prince Stalked Your Mailbox* Man Who Hired Deadly Swatting Gets 15 Months* NY Payroll Company Vanishes With $35 Million* Patch Tuesday, September 2019 Edition* Secret Service Investigates Breach at U.S. Govt IT Contractor* 'Satori' IoT Botnet Operator Pleads Guilty

Dark Reading

* 10 Steps to Assess SOC Maturity in SMBs* Iran Caught Targeting US Presidential Campaign Accounts* FBI Investigates Mobile Voting Intrusion* Rethinking Cybersecurity Hiring: Dumping Resumes & Other 'Garbage' * Android 0-Day Seen Exploited in the Wild* Complex Environments Cause Schools to Struggle for Passing Security Grade* Cybercrime: AI's Growing Threat * 8 Ways Businesses Unknowingly Help Hackers* Time to Put This 'Toon to Bed* Facebook Patches Critical WhatsApp Security Flaw* Researchers Link Magecart Group 4 to Cobalt Group* American Express Insider Breaches Cardholder Information* Common Pitfalls of Security Monitoring* 20M Russians' Personal Tax Records Exposed in Data Leak* How FISMA Requirements Relate to Firmware Security * Cartoon Contest: Second Wind* How the City of Angels Is Tackling Cyber Devilry* Stalkerware on the Rise Globally* Millions More Embedded Devices Contain Vulnerable IPnet Software* New Silent Starling Attack Group Puts Spin on BEC

The Hacker News

* Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction* New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild* Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp* A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments* How SMBs Can Mitigate the Growing Risk of File-based Attacks* Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content* Researchers Find New Hack to Read Content Of Password Protected PDF Files* Comodo Forums Hack Exposes 245,000 Users' Data - Recent vBulletin 0-day Used* Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users* Pay What You Wish - 9 Hacking Certification Training Courses in 1 Bundle* New Critical Exim Flaw Exposes Email Servers to Remote Attacks - Patch Released* Exclusive - Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data* More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed* Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X* Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers

Security Week

* Patches for Internet Explorer Zero-Day Causing Problems for Many Users* NIST's Zero Trust Taxonomy Introduces Components, Threats and Migration Routes* New Campaign Targets Drupalgeddon2 Flaw to Install Malware* CISO Mindshare Is Influencing Tomorrow's Platforms* Signal Rushes to Patch Serious Eavesdropping Vulnerability* U.S. to Help Secure Baltic Energy Grid Against Cyber Attacks* Iranian Hackers Said to Target Presidential Campaign* APTs Exploiting Enterprise VPN Vulnerabilities, UK Govt Warns* Zero-Day Used in the Wild Impacts Pixel 2, Other Android Phones* Moe's, McAlister's, Schlotzsky's Restaurants Hit by Payment Card Breach* WhatsApp Flaw Allows Remote Code Execution via Malicious GIF File* Turkey Fines Facebook for Breach of Data Protection Laws* Officials Push Facebook for Way to Peek at Encrypted Messages* How to Choose an Authenticator. Or Two. Or Three. * Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure* Adwind Malware Used in Attacks Against U.S. Petroleum Firms* Alabama Hospital System Halts Admissions Amid Malware Attack* Zendesk Discloses Old Data Breach Affecting 10,000 Accounts* U.S. to Collect DNA of All Undocumented Migrants* MasterMana Campaign Combines Stealth, Free Services and Old Malware

Infosecurity Magazine

* Class-Action Lawsuit Filed Against CafePress Following Data Breach* US and UK Sign Crime Data Sharing Agreement* 'The Cyberthreat Handbook' Released, Documents 'Who's Who' of Attackers* Over Three-Quarters of UK Workers Lack Basic Cyber-Training* Hundreds of New Cybersecurity Jobs Created in Ireland * Amex Employee Suspected of Wrongfully Accessing Customer Data to Commit Fraud* EA Games Leaks Personal Data of 1600 FIFA 20 Competitors * #VB2019: Time For an Ethical Debate on Cyber Moral Decisions* #VB2019: Cyber Threat Alliance Cites Vendor Collaboration Benefits* #VB2019: Endpoints Remain Vulnerable to WannaCry Two Years On* Attacks on UK Businesses Soar 243% * UK Councils Faced 800 Cyber-Attacks Per Hour in 2019

Naked Security

* Android devices hit by zero-day exploit Google thought it had patched* Facebook urged by governments to halt end-to-end encryption plans* Social media platforms can be forced to delete illegal content worldwide* Wi-Fi signals let researchers ID people through walls from their gait* Monday review - the hot 22 stories of the week* S2 Ep11: Fleeceware, Chrome bug and the sextortion scam that won't die - Naked Security Podcast* Buying a new laptop? Here's how to secure it* WhatsApp vulnerability could compromise Android smartphones* £3 billion Safari iPhone privacy lawsuit given go-ahead* Hacker's parents sentenced for selling his cryptocurrency

Quick Heal - Security Simplified

* Quick Heal reports 29 malicious apps with 10 million+ downloads on Google Play Store* Trivia! 5 things you never imagined could be hacked by cyber criminals* The Free Mobile Anti-virus you are using can be a Fake!* Teacher's Day Special - Things that teachers must know about their students to make them cyber safe* PowerShell: Living off the land!* Cybersquatting and Typosquatting victimizing innocent customers and brands* Phishers using custom 404 Not Found error page to steal Microsoft credentials* Alert! 27 apps found on Google Play Store that prompt you to install Fake Google Play Store* Alert! Income tax refund SMS - Newest way of conducting bank fraud by cyber criminals* Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners

Threat Post

* Alabama Hospitals Pay Up in Ransomware Attack* Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says* Google Warns of Android Zero-Day Bug Under Active Attack* Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier* AG Barr, Officials to Facebook: Don't Encrypt Messaging* Virus Bulletin 2019: Magecart Infestations Saturate the Web* New Reductor Malware Hijacks HTTPS Traffic* Foxit PDF Reader Vulnerable to 8 High-Severity Flaws* WhatsApp Flaw Opens Android Devices to Remote Code Execution* Zendesk Exposes 10,000 Accounts to Unknown Third Party

The Hacker Corner

Conferences

* Advertising Landing Page Copy/Form* Apply: FREE 6 Month InfoSec Speaking Plan* Apply: FREE 6 Month InfoSec Speaking Plan* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada* Upcoming Cybersecurity Conferences in Europe* 29 Amazing TED Cybersecurity Talks (2008 - 2020)* 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy* An Interview with Jack Daniel: Co-Founder of BSides!

Latest Website Defacements

* http://sipp.pa-kediri.go.id/pow.txt* https://www.kejati-gorontalo.go.id/readme.html* https://www.gov.bb/lungset.htm* https://www.ditp.go.th* https://tenders.gov.ms* http://dmca.gov.ms* http://ird.gov.ms* http://odg.gov.ms* https://statistics.gov.ms* http://labour.gov.ms* http://finance.gov.ms* http://audit.gov.ms* http://moh.gov.ms* http://agc.gov.ms/index.php* http://www.sisaketspecial.go.th/index.php* http://kec-kutoarjo.purworejokab.go.id* http://kejari-bandarlampung.go.id/Y.txt* http://korwil.pta-semarang.go.id/uwu.txt* http://simkara.pta-semarang.go.id/uwu.txt* http://chiasagroup.pa-tulungagung.go.id/uwu.txt

Tools & Techniques

Packet Storm Security Tools Links

* Zeek 3.0.0 (Formerly Known As Bro)* WhatWeb Scanner 0.5.0* Clam AntiVirus Toolkit 0.102.0* PDFGrab 0.4.4* Haveged 1.9.8* SQLMAP - Automatic SQL Injection Tool 1.3.10* tcpdump 4.9.3* Falco 0.17.1* Suricata IDPE 4.1.5* XSSer Penetration Testing Tool 1.8-1

Kali Linux Tutorials

* Manati : A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts* ThreadBoat : Program Uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32Application* SQLMap : Automatic SQL Injection & Database Takeover Tool* GiveMeSecrets : Use Regular Expressions To Get Sensitive Information* Lockdoor Framework : A Penetration Testing Framework with Cyber Security Resources* Sub.sh : Online Subdomain Detect Script* Cryptondie : A Ransomware Developed For Study Purposes* Re-composer : Randomly Changes Win32/64 PE Files For 'Safer' Uploading To Malware & Sandbox Sites* DumpsterFire : Toolset - Security Incidents In A Box!* Terraform AWS Secure Baseline : To Set Up Your AWS Account

GBHackers Analysis

* New Android Zero-day Vulnerability Let Hackers Take Full Control the Samsung, Pixel, Huawei, Xiaomi, MotoMobiles* 18 Vulnerabilities that Affected Cisco Software's Let Hackers Perform DOS, RCE to Gain UnauthorizedSystem Access* Cisco IOS XE Software Vulnerabilities Let Hackers Gain Root Access in Cisco Devices* Students, Beware of Hacking! How to Prevent Yourself in Online From Cyber Attack* Exim Email Server Vulnerability Let Hackers Execute Remote Code on Vulnerable Servers - Update Now!!

Proof of Concept (PoC) & Exploits

Packet Storm Security

* Tellion HN-2204AP Router Remote Configuration Disclosure* freeFTP 1.0.8 Remote Buffer Overflow* Zabbix 4.4 Authentication Bypass* Zabbix 4.2 Authentication Bypass* IcedTeaWeb Validation Bypass / Directory Traversal / Code Execution* IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution* Subrion 4.2.1 Cross Site Scripting* Logrotate 3.15.1 Privilege Escalation* Joomla 3.4.6 Remote Code Execution* CheckPoint Endpoint Security Client / ZoneAlarm Privilege Escalation* ASX To MP3 Converter 3.1.3.7 Local Stack Overflow* Thailand Union Library Management 6.2 SQL Injection / XSS* GitLab Omnibus 12.2.1 Logrotate Privilege Escalation* Signal Forced Call Acceptance* Microsoft Windows Silent Process Exit Persistence* File Sharing Wizard 1.5.0 DELETE SEH Buffer Overflow* Devinim Library Software 19.0504000 Open Redirection* ParantezTeknoloji Library Software 16.0519000 Open Redirection* Android Binder Driver Use-After-Free* LabCollector 5.423 SQL Injection* PHP 7.3 disable_functions Bypass* Hisilicon Hi3518 HD Camera Remote Configuration Disclosure* Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure* Anchor CMS 0.12.3a Information Disclosure* mintinstall 7.9.9 Code Execution

Proof of Concept (PoC) & Exploits

Exploit Database

* [remote] freeFTP 1.0.8 - Remote Buffer Overflow* [local] CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation* [webapps] IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload* [webapps] Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting* [local] ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)* [webapps] Zabbix 4.2 - Authentication Bypass* [local] logrotten 3.15.1 - Privilege Escalation* [webapps] Joomla 3.4.6 - 'configuration.php' Remote Code Execution* [local] Android - Binder Driver Use-After-Free* [webapps] PHP 7.0 * [webapps] LabCollector 5.423 - SQL Injection* [webapps] AnchorCMS * [webapps] mintinstall 7.9.9 - Code Execution* [remote] DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)* [webapps] Detrix EDMS 1.2.3.1505 - SQL Injection* [local] Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)* [dos] WebKit - Universal XSS Using Cached Pages* [dos] WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment* [dos] WebKit - Universal XSS in WebCore::command* [dos] WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads* [webapps] DotNetNuke * [webapps] vBulletin 5.0 * [webapps] PHP 7.1 * [dos] kic 2.4a - Denial of Service* [local] DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* AA19-024A: DNS Infrastructure Hijacking Campaign* Vulnerability Summary for the Week of September 23, 2019* Vulnerability Summary for the Week of September 16, 2019* Vulnerability Summary for the Week of September 9, 2019

Symantec - Latest List

* Cisco Adaptive Security Appliance Software CVE-2019-12693 Denial of Service Vulnerability* GitLab Omnibus CVE-2019-15741 Privilege Escalation Vulnerability* Cisco Firepower Management Center CVE-2019-12691 Directory Traversal Vulnerability_* Google Android Binder CVE-2019-2215 Local Privilege Escalation Vulnerability* Apache MINA CVE-2019-0231 Information Disclosure Vulnerability* Multiple Cisco Products CVE-2019-12695 Cross Site Scripting Vulnerability* Cisco Firepower Threat Defense Software CVE-2019-12694 Local Command Injection Vulnerability* Cisco Firepower Management Center Software CVE-2019-12701 Security Bypass Vulnerability* Apache Hadoop CVE-2018-11768 Memory Corruption Vulnerability* Android-gif-drawable CVE-2019-11932 Double Free Remote Code Execution Vulnerability* Cisco Email Security Appliance CVE-2019-12706 Remote Security Bypass Vulnerability* Cisco IC3000 Industrial Compute Gateway CVE-2019-12714 Denial of Service Vulnerability* Cisco Unified Communications Manager CVE-2019-12710 SQL Injection Vulnerability* Cisco Identity Services Engine CVE-2019-12631 Cross Site Scripting Vulnerability* Cisco Unified Communications Manager CVE-2019-15272 Security Bypass Vulnerability* Cisco Security Manager CVE-2019-12630 Java Deserialization Command Execution Vulnerability* Linux Kernel Multiple Local Privilege Escalation Vulnerabilities* Cisco Unified Communications Manager CVE-2019-12716 Cross Site Scripting Vulnerability* Multiple Cisco Products CVE-2019-12678 Denial of Service Vulnerability* Cisco Unified Communications Manager CVE-2019-12715 Cross Site Scripting Vulnerability* Multiple Cisco Products CVE-2019-15256 Denial of Service Vulnerability* Cisco Unified Contact Center Express CVE-2019-15259 HTTP Response Splitting Vulnerability* Multiple Cisco Products CVE-2019-12673 Denial of Service Vulnerability* Cisco Adaptive Security Appliance Software CVE-2019-12677 Denial of Service Vulnerability* Multiple Cisco Products CVE-2019-12676 Denial of Service Vulnerability* Moxa EDR 810 Series ICSA-19-274-03 Multiple Security Vulnerabilities

AdvisoriesPacket Storm Security - Latest List

Debian Security Advisory 4542-1Debian Linux Security Advisory 4542-1 - It was discovered that jackson-databind, a Java library used to parseJSON and other data formats, did not properly validate user input before attempting deserialization. Thisallowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on theserver.Debian Security Advisory 4541-1Debian Linux Security Advisory 4541-1 - Max Kellermann reported a NULL pointer dereference flaw inlibapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against anapplication using the library (application crash) if an invalid nested "multipart" body is processed.Ubuntu Security Notice USN-4147-1Ubuntu Security Notice 4147-1 - It was discovered that the Intel Wi-Fi device driver in the Linux kernel did notproperly validate certain Tunneled Direct Link Setup. A physically proximate attacker could use this to cause adenial of service. It was discovered that the Bluetooth UART implementation in the Linux kernel did not properlycheck for missing tty operations. A local attacker could use this to cause a denial of service. Various otherissues were also addressed.CA Network Flow Analysis 9.x / 10.0.x Remote Command ExecutionCA Technologies, a Broadcom Company, is alerting customers to a potential risk with CA Network FlowAnalysis. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published asolution to address the vulnerabilities and recommends that all affected customers implement this solution. Thevulnerability occurs due to default credentials and a configuration weakness. A malicious actor may use thedefault credentials and exploit a weakness in the configuration to execute arbitrary commands on the CANetwork Flow Analysis server. Versions 9.x and 10.0.x are affected.Red Hat Security Advisory 2019-2966-01Red Hat Security Advisory 2019-2966-01 - Updated Quay packages that fix several bugs and add variousenhancements are now available. Issues addressed include a denial of service vulnerability.Ubuntu Security Notice USN-4146-2Ubuntu Security Notice 4146-2 - USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAVincorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV tocrash, resulting in a denial of service. Various other issues were also addressed.Red Hat Security Advisory 2019-2964-01Red Hat Security Advisory 2019-2964-01 - The patch program applies diff files to originals. The diff commandis used to compare an original to a changed file. Diff lists the changes made to the file. A person who has theoriginal file can then use the patch command with the diff file to add the changes to their original file. Issuesaddressed include a code execution vulnerability.Debian Security Advisory 4509-2Debian Linux Security Advisory 4509-2 - The security fixes for the HTTP/2 code in Apache 2 shipped in DSA

4509 unveiled a bug in Subversion which caused a regression in mod_dav_svn when used with HTTP/2.Red Hat Security Advisory 2019-2955-01Red Hat Security Advisory 2019-2955-01 - Node.js is a software development platform for building fast andscalable network applications in the JavaScript programming language. Issues addressed include a denial ofservice vulnerability.Ubuntu Security Notice USN-4146-1Ubuntu Security Notice 4146-1 - It was discovered that ClamAV incorrectly handled unpacking ZIP files. Aremote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It wasdiscovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue tocause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.Slackware Security Advisory - tcpdump UpdatesSlackware Security Advisory - New libpcap and tcpdump packages are available for Slackware 14.0, 14.1,14.2, and -current to fix security issues. Debian Security Advisory 4539-1Debian Linux Security Advisory 4539-1 - ECDSA, a padding oracle in PKCS7_dataDecode() andCMS_decrypt_set1_pkey() and it was discovered that a feature of the random number generator (RNG)intended to protect against shared RNG state between parent and child processes in the event of a fork()syscall was not used by default.Debian Security Advisory 4540-1Debian Linux Security Advisory 4540-1 - ECDSA and a padding oracle in PKCS7_dataDecode() andCMS_decrypt_set1_pkey().Xpdf 4.02 NULL Pointer DereferenceXpdf version 4.02 suffers from a null pointer dereference vulnerability.Red Hat Security Advisory 2019-2947-01Red Hat Security Advisory 2019-2947-01 - In accordance with the Red Hat Enterprise Linux Errata SupportPolicy, Advanced Mission Critical for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2020, andactive support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages,including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.9 AMCafter March 31, 2020. Red Hat Security Advisory 2019-2949-01Red Hat Security Advisory 2019-2949-01 - The httpd packages provide the Apache HTTP Server, a powerful,efficient, and extensible web server. Issues addressed include a denial of service vulnerability.Red Hat Security Advisory 2019-2950-01Red Hat Security Advisory 2019-2950-01 - This release adds the new Apache HTTP Server 2.4.29 ServicePack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement forRed Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2, and includes security and bug fixes. Issuesaddressed include a denial of service vulnerability.Red Hat Security Advisory 2019-2946-01Red Hat Security Advisory 2019-2946-01 - Red Hat JBoss Core Services is a set of supplementary software forRed Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multipleJBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for fasterdistribution of updates, and for a more consistent update experience. This release of Red Hat JBoss CoreServices Apache HTTP Server 2.4.29 Service Pack 3 serves as an update to Red Hat JBoss Core ServicesApache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked in the References section.Issues addressed include a denial of service vulnerability.Red Hat Security Advisory 2019-2945-01Red Hat Security Advisory 2019-2945-01 - This is a kernel live patch module which is automatically loaded bythe RPM post-install script to modify the code of a running kernel. Security fix: If the Wake-up on Wireless LANfunctionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a

malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results()function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used incombination with another brcmfmac driver flaw, can be used remotely. This can result in a remote denial ofservice. Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. Issues addressedinclude buffer overflow and denial of service vulnerabilities.Ubuntu Security Notice USN-4145-1Ubuntu Security Notice 4145-1 - It was discovered that a race condition existed in the GFS2 file system in theLinux kernel. A local attacker could possibly use this to cause a denial of service. It was discovered that theIPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A localattacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issueswere also addressed.Ubuntu Security Notice USN-4144-1Ubuntu Security Notice 4144-1 - It was discovered that the XFS file system in the Linux kernel did not properlyhandle mount failures in some situations. A local attacker could possibly use this to cause a denial of service orexecute arbitrary code. Benjamin Moody discovered that the XFS file system in the Linux kernel did notproperly handle an error condition when out of disk quota. A local attacker could possibly use this to cause adenial of service. Various other issues were also addressed.Red Hat Security Advisory 2019-2939-01Red Hat Security Advisory 2019-2939-01 - Node.js is a software development platform for building fast andscalable network applications in the JavaScript programming language. Issues addressed include a denial ofservice vulnerability.Red Hat Security Advisory 2019-2937-01Red Hat Security Advisory 2019-2937-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.4serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes andenhancements. Issues addressed include code execution and deserialization vulnerabilities.Ubuntu Security Notice USN-4142-1Ubuntu Security Notice 4142-1 - It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. Anattacker could possibly use this issue to execute arbitrary code.

https://www.informationwarfarecenter.com