Security Technology

A vulnerability exists in Siemens SIPROTEC. This is due to the way SIPROTEC handles certain malformed protocol requests. A successful attack can lead to a denial of service. from Check Point Update Services Advisories http://ift.tt/2sOYIhP

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!   New Trojan Android, Xavier, Is an Information-Stealing Ad Library We have recently discovered a Trojan Android ad library called Xavier (Detected by Trend Micro as ANDROIDOS_XAVIER.AXM) that steals and leaks a user’s information silently. Xavier’s impact has been widespread. Erebus Linux Ransomware Strikes Again On June 12, South Korea-based web hosting company NAYANA became one of the latest high-profile victim of ransomware after 153 of its Linux servers were found infected with an Erebus ransomware variant. The ransomware attack affected the websites, database and multimedia files of around 3,400 businesses employing NAYANA’...

“What can you sit on, sleep on, and brush your teeth with?” This was the question posed to Steve Martin’s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand’s 1897 verse play Cyrano de Bergerac, the movie centers around C.D.’s attempt to win the love of a woman while navigating life with his unusually large nose. When C.D. wonders what the point of the question is, his god sister responds, “The point is that sometimes the answer is so obvious, you don’t even realize it. It’s as plain as the nose on your face.” By the way, the answer to the question is so obvious: a chair, a bed, and a toothbrush. At the Gartner Security and Risk Summit in Washington, D.C., held earlier this week, I heard a recurring theme across the various sessions I attended. The theme was around the fact that the discipline of patching isn’t where it needs to be. As we witnessed with the recent WannaCry ransomware attack, which utilized vulnerabilities that were disclosed by The Sha...

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. from ZDI: Published Advisories http://ift.tt/2ttd04o

Original release date: June 15, 2017 Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2rml720

Original release date: June 15, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.2 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2sF7HSu

“There are no threats for Linux servers. Aren’t they built to be secure?” “Linux servers are secure and hardened, why do we need additional security controls on those?” “I do understand there are threats out there but I am not aware of any major attacks on Linux servers” If you find yourself nodding as you read these statements, you’re not alone. There is a common belief that Linux servers are more secure and less vulnerable than Windows servers. Although there is some truth in the belief, the reality is that Linux servers (and the applications they host) also have vulnerabilities and by ignoring this, you are putting your business at unnecessary risk. Widespread and increasing use There was a time not too long ago when Linux was a ‘geek’ OS, the domain of command line management and limited enterprise use. Those days are definitely gone, clearly illustrated by things like Gartner pegging the global OS growth for Linux at 13.5% [1] , as well as the prevalence of Linux in the pu...

A remote code execution Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. from Check Point Update Services Advisories http://ift.tt/2sf4Lte

A remote code execution Vulnerability exists in Microsoft Edge and Internet Explorer 11. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. from Check Point Update Services Advisories http://ift.tt/2rvhATm

Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system. from Check Point Update Services Advisories http://ift.tt/2rA0FKf

A security feature bypass vulnerability exists in Microsoft Windows Device Guard. The vulnerability is due to the way Device Guard improperly validates certain elements of a signed PowerShell script. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file. from Check Point Update Services Advisories http://ift.tt/2s4Y7ax

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Novell ZENworks Reporting Appliance. Authentication is not required to exploit this vulnerability. from ZDI: Published Advisories http://ift.tt/2s2fp89

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. from ZDI: Published Advisories http://ift.tt/2rYMrX2

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. from ZDI: Published Advisories http://ift.tt/2rYHQnC

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. from ZDI: Published Advisories http://ift.tt/2rYTyP5

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. from ZDI: Published Advisories http://ift.tt/2rYLVrQ

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. from ZDI: Published Advisories http://ift.tt/2rYrLym

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. from ZDI: Published Advisories http://ift.tt/2rYygRE

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. from ZDI: Published Advisories http://ift.tt/2rYHQ76

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. from ZDI: Published Advisories http://ift.tt/2rYuFmp