Weekly Awareness Report (WAR) - Information …...2019/07/15 · * Instagram Account Takeover...
13
07-15 Weekly Awareness Report (WAR)
Transcript of Weekly Awareness Report (WAR) - Information …...2019/07/15 · * Instagram Account Takeover...
07-15
Weekly Awareness Report (WAR)
July 15, 2019
The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.
Summary
Symantec ThreatCon Low: Basic network posture
This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.
Sophos: Last Malware* Troj/Stealer-WG* Troj/RTFDl-AAW* Troj/FRBook-D* Troj/Phish-FNR* Troj/VB-KIX* Troj/Inject-EJK* Troj/DocDl-UPS* Troj/Agent-BCBP* Troj/MSILIn-AJ* Troj/Fareit-IES
Last PUAs* Android MobiDash* Android ExploitSignatureBypass* Neoreklami* ConvertAd* Adposhel* IObit Uninstaller* Install Core* Vkontakte DJLoader* UBar Video and Audio Plugin* VKontakteDJ
Interesting News
* New FinSpy iOS and Android implants revealed ITWFinSpy is used to collect a variety of private user information on various platforms. Since 2011 Kaspersky has continuouslymonitored the development of this malware and the emergence of new versions in the wild. According to our telemetry,several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar inJune 2019.
* *
Index of Sections
Current News
* Packet Storm Security
* Dark Reading
* Krebs on Security
* The Hacker News
* Infosecurity Magazine
* Threat Post
* Naked Security
* Quick Heal - Security Simplified
Hacker Corner: Tools, Hacked Defacements, and Exploits
* Security Conferences
* Packet Storm Security Latest Published Tools
* Zone-H Latest Published Website Defacements
* Packet Storm Security Latest Published Exploits
* Exploit Database Releases
Advisories
* Secunia Chart of Vulnerabilities Identified
* US-Cert (Current Activity-Alerts-Bulletins)
* Symantec's Latest List
* Packet Storm Security's Latest List
Credits
News
Packet Storm Security
* Bitcoin Drops 10 Percent As Scrutiny Grows* Facebooks FTC Fine Will Be $5 Billion* Malicious Code Ousted From PureScript's npm Installer* WhatsApp, Telegram Let Hackers Change What You See* Google Workers Can Listen To What People Say To Its AI Home Devices* Eavesdropping Flaw Prompts Apple To Suspend Walkie Talkie App* Approaches To Implementing Bug Bounty Programs* Engineer Flees To China After Stealing Source Code Of US Train Firm* Anaesthetic Devices Vulnerable To Hackers* Agent Smith Malware Infects 25 Million Android Phones* This New Ransomware Is Targeting NAS Devices* Brazilians Report Lack Of Cybersecurity Skills* BianLian Banking Trojan Adds Screen Recorder* Cyber Spies Take A Step Out Of The Shadows With History Of Codebreaking* Marriott Faces $123 Million GDPR Fine In The UK For Last Year's Data Breach* Zoom Software Allows Video Snooping On Macs* Hacked Forensic Firm Pays Ransom After Malware Attack* British Airways Faces Record Fine For Data Breach* FBI, ICE Plunder DMV Driver Database For Facial Recognition Scans* Fieldwork Software Database Leak Exposed Credit Card Details* On The Run In Cuba, McAfee Pushes Cryptocurrency* Warning: Free Hotel Wifi Is A Hacker's Dream* Canonical GitHub Account Hacked, Ubuntu Source Code Safe* Google Chrome To Block Heavy Ads That Use Too Many Resources* CBP Reportedly Suspends Contractor Over Cyberattack
Dark Reading
* Flaws in Telegram & WhatsApp on Android Put Data at Risk* Meet DoppelPaymer, BitPaymer's Ransomware Lookalike* FTC Reportedly Ready to Sock Facebook with Record $5 Billion Fine* Software Developers Face Secure Coding Challenges* 18% of Enterprises Holding Back on Windows 10 Upgrade* Is Machine Learning the Future of Cloud-Native Security?* Where Businesses Waste Endpoint Security Budgets* German Schools Ban Office 365, Cite Privacy Concerns* Competing Priorities Mean Security Risks for Small Businesses* A Lawyer's Guide to Cyber Insurance: 4 Basic Tips* Black Hat USA Arsenal Serves Up A Smorgasbord of Cybersecurity Tools* Data Center Changes Push Cyber Risk to Network's Edge* APT Groups Make Quadruple What They Spend on Attack Tools* How to Catch a Phish: Where Employee Awareness Falls Short* Software Engineer Charged for Taking Stolen Trade Secrets to China* Most Organizations Lack Cyber Resilience* Monroe College Hit with Ransomware Attack* Summer: A Time for Vacations & Cyberattacks?
News
Krebs on Security
* Is 'REvil' the New GandCrab Ransomware?* FEC: Campaigns Can Use Discounted Cybersecurity Services* Patch Tuesday Lowdown, July 2019 Edition* Who's Behind the GandCrab Ransomware?* Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers* Breach at Cloud Solution Provider PCM Inc.* Tracing the Supply Chain Attack on Android* Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy* Microsoft Patch Tuesday, June 2019 Edition* LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach
The Hacker News
* iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts* This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes* Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw* Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation* Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits* New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices* Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets* A New Ransomware Is Targeting Network Attached Storage (NAS) Devices* Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar* Hackers' Operating System Kali Linux Released for Raspberry Pi 4
Security Week
* Failures in Cybersecurity Fundamentals Still Primary Cause of Compromise: Report* Tesla Awards Researcher $10,000 After Finding XSS Vulnerability* Forked Version of BitPaymer Ransomware Emerges* Clemson and Other Universities Work to Improve Cybersecurity* Indiana County Pays $130,000 in Response to Ransomware Attack: Reports* Instagram Account Takeover Vulnerability Earns Hacker $30,000* Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram* As Ransomware Rages, Debate Heats Up on Response* New Election Systems Use Vulnerable Software* Huawei Planning Major Job Cuts in US: WSJ* $5 Billion US Fine Set for Facebook on Privacy Probe: Report* Magecart Hackers Infect 17,000 Domains via Insecure S3 Buckets* Adoption of AI-enhanced Cybersecurity is Growing Rapidly: Report* Bipartisan Legislation to Require DHS Alerts on Election Hacking* Mac Zoom Web Server Allows for Remote Code Execution* FIRST Announces CVSS Version 3.1* U.S. Mayors Pledge Not to Give in to Ransomware Demands* Incident Response is Changing, Here's Why and How* Japan Firm Says $32 Million Missing in Cryptocurrency Hack* Flaw in Walkie-Talkie App on Apple Watch Allows Spying
News
Infosecurity Magazine
* Oracle to Release Critical Patch Update * Monroe College Campuses Downed by Ransomware* Nearly 20% of Organizations Still Run Windows 7* Chinese Software Engineer Accused of US IP Theft* Japanese Exchange Bitpoint Hit By $32m Cyber-Attack* Facebook Set For Record $5bn FTC Fine * Attacks in Turkey Used Excel Formula Injection * Hacked Hair Straightener Could Set a Fire * Healthcare Organizations Too Confident in Cybersecurity* ZTE Aims to Win Over EU Lawmakers With New Lab
Threat Post
* Privacy Experts: Facebook's $5B Fine Unlikely to Do Much* Turla APT Returns with New Malware, Anti-Censorship Angle* Researcher Bypasses Instagram 2FA to Hack Any Account* Why Cities Are a Low-Hanging Fruit For Ransomware* Threatlist: 68% of Overwhelmed IT Managers Can't Keep Up with Cyberattacks* Exploring the Top 15 Most Common Vulnerabilities with HackerOne and GitHub* Heather Mills Gets An Apology and 'Substantial' Settlement in Spyware Case* Unusual Linux Ransomware Targets NAS Servers* Hacked Hair Straighteners Can Threaten Homes* Google Home Silently Captures Recordings of Domestic Violence and More
Naked Security
* Instagram bug could have allowed anyone to take over your account* Bust the password for an air-gapped machine - with its keyboard LEDs* Apple quietly removes Zoom's hidden web server from Macs* FCC underwhelmed by carriers' sluggish robocall efforts* Ransomware attackers, US mayors say you should go jump in a lake* Monday review - the hot 22 stories of the week* In memoriam - Corby Corbató, MIT computer science pioneer, dies at 93* IT pros: we're understaffed, under-resourced and under pressure* Hey, Google, why are your contractors listening to me?* Windows 7 users upset by unwanted Patch Tuesday telemetry
Quick Heal - Security Simplified
* Ransomware As A Tool - LockerGoga* Beware! Email attachments can make you victim of spear phishing attacks* The website I visited behaves weirdly. I wonder if I'm hacked?* Beware! The padlock icon and HTTPS are no more indicators of safe website* What makes Quick Heal's Next Generation Suite of Features a SMART choice to protect your privacy?* APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise* CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel* Quick Heal supports the Windows 10 May 2019 Update* What is Emotet?
Security Conferences* Apply Now For Your Free 6 Month Speaking Plan* Free 6 Month Speaking Plan* Free 6 Month Speaking Plan Questionnaire* How To Speak At DEF CON* Join Our LinkedIn Group
Tools & Techniques* GNU Privacy Guard 2.2.17* Scapy Packet Manipulation Tool 2.4.3rc3* Samhain File Integrity Checker 4.3.3* pArAnoIA Browser 0.1* I2P 0.9.41* GRR 3.3.0.4* Scapy Packet Manipulation Tool 2.4.3rc2* SQLMAP - Automatic SQL Injection Tool 1.3.7* GRR 3.3.0.3* GNUnet P2P Framework 0.11.5* Ghostfuscator : The Python Password-Protected Obfuscator* Objection : Runtime Mobile Exploration* CommandoVM : Complete Mandiant Offensive VM (Commando VM), The First Full Windows-BasedPenetration Testing Virtual Machine Distribution* Findomain : A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains* Echidna : Ethereum Fuzz Testing Framework* Cloud Security Audit : A Command Line Security Audit Tool For Amazon Web Services* Regipy : An OS Independent Python Library For Parsing Offline Registry Hives* WinObjEx64 : Windows Object Explorer 64-bit* Rifiuti2 : Windows Recycle Bin Analyser* Linux Smart Enumeration : Tool For Pentesting & CTFs With Verbosity Levels
Latest Zone-H Website Defacements* http://perpus.pa-wonosobo.go.id/repository/dx.txt* http://perpus.pn-rengat.go.id/repository/dx.txt* http://innovation.ghrp.ubc.ca/SPAMTRIXV6.php* https://simpenda.devel.cirebonkota.go.id* https://www.tourismauthority.go.ke/l.html* https://dlh.belitungkab.go.id/ind3x.php* https://arpus.belitungkab.go.id/ind3x.php* https://www.bahawalpur.gov.pk/r00t.txt* https://www.kirdi.go.ke/k.html* http://desajerukagung.magelangkab.go.id/id.htm* http://alcaldiadepanchimalco.gob.sv/rx.html* http://www.icgaglionecapodrise.gov.it/Legito.html* http://belizetourism.gov.bz/Legito.html* http://www.camarajaguariuna.sp.gov.br* http://www.dft.go.th/Relaz.html* https://www.wyomingmi.gov/Relaz.html* http://www.ride.ri.gov/Relaz.html* http://www.nconemap.gov/Relaz.html
Proof of Concept (PoC) & Exploits
Packet Storm Security
* AppXSvc Hard Link Privilege Escalation* PHP Laravel Framework Token Unserialize Remote Command Execution* Microsoft Windows HTTP To SMB NTLM Reflection Privilege Escalation* Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution* Streamripper 2.6 Buffer Overflow* Netgear WiFi Router JWNR2010v5 / R6080 Authentication Bypass* Android VideoPlayer ihevcd_parse_pps Out-Of-Bounds Write* Microsoft Windows RDP BlueKeep Denial Of Service* FlightPath Local File Inclusion* PCMan FTP Server 2 ALLO Buffer Overflow* Cisco Small Business Switch Information Leakage / Open Redirect* Xymon useradm Command Execution* Sitecore 9.0 Rev 171002 Cross Site Scripting* SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow* Jenkins Dependency Graph View 0.13 Cross Site Scripting* Microsoft Font Subsetting DLL ComputeFormat4CmapData Heap Corruption* Microsoft DirectWrite / AFDKO OpenType Stack Corruption* Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read / Write* Microsoft DirectWrite / AFDKO OpenType Out-Of-Bounds Read* Microsoft DirectWrite / AFDKO OpenType Post Table Bugs* Microsoft DirectWrite / AFDKO OpenType NULL Pointer Dereference
Exploit Database
* [webapps] FlightPath * [dos] Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)* [dos] Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write* [webapps] CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities* [webapps] NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass* [local] Streamripper 2.6 - 'Song Pattern' Buffer Overflow* [local] Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation* [remote] Xymon 4.3.25 - useradm Command Execution (Metasploit)* [dos] Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData* [webapps] Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution* [webapps] Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting* [webapps] Sahi Pro 8.0.0 - Remote Command Execution* [webapps] MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting* [webapps] Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting* [webapps] Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting* [local] SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow* [dos] Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font HandlingDue to Empty ROS Strings
AdvisoriesUS-Cert Alerts & bulletins
* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* Vulnerability Summary for the Week of July 8, 2019* Vulnerability Summary for the Week of July 1, 2019
Symantec - Latest List
* Microsoft Edge Chakra Scripting Engine CVE-2019-1107 Remote Memory Corruption Vulnerability* Microsoft Windows WLAN Service CVE-2019-1085 Local Privilege Escalation Vulnerability* Microsoft Windows CVE-2019-1082 Local Privilege Escalation Vulnerability* Microsoft Windows CVE-2019-1074 Local Privilege Escalation Vulnerability* Microsoft Windows Error Reporting CVE-2019-1037 Local Privilege Escalation Vulnerability* Microsoft Windows Win32k CVE-2019-1132 Local Privilege Escalation Vulnerability* Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability* Microsoft Windows DirectX CVE-2019-0999 Local Privilege Escalation Vulnerability* Microsoft Windows Active Directory Federation Services CVE-2019-1126 Security Bypass Vulnerability* Microsoft Windows ADFS CVE-2019-0975 Security Bypass Vulnerability* Microsoft Windows Hyper-V CVE-2019-0966 Denial of Service Vulnerability* Microsoft Windows Remote Desktop Protocol Client CVE-2019-1108 Information Disclosure Vulnerability* Microsoft Windows Remote Desktop Services CVE-2019-0887 Remote Code Execution Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1106 Remote Memory Corruption Vulnerability* Microsoft Windows Win32k CVE-2019-1096 Local Information Disclosure Vulnerability* Microsoft Windows Kernel CVE-2019-1073 Local Information Disclosure Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1103 Remote Memory Corruption Vulnerability* Microsoft Windows Kernel CVE-2019-1071 Local Information Disclosure Vulnerability* Microsoft Azure Automation CVE-2019-0962 Local Privilege Escalation Vulnerability* Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1092 Remote Memory Corruption Vulnerability* Microsoft Visual Studio CVE-2019-1079 XML External Entity Information Disclosure Vulnerability* Microsoft Visual Studio CVE-2019-1077 Local Privilege Escalation Vulnerability* Microsoft Edge Chakra Scripting Engine CVE-2019-1062 Remote Memory Corruption Vulnerability* Microsoft Exchange Server CVE-2019-1137 Spoofing Vulnerability* Microsoft Team Foundation Server CVE-2019-1076 Cross Site Scripting Vulnerability
Packet Storm Security - Latest List
Slackware Security Advisory - bzip2 UpdatesSlackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -currentto fix security issues. Ubuntu Security Notice USN-4056-1Ubuntu Security Notice 4056-1 - It was discovered that Exiv2 incorrectly handled certain PSD files. An attackercould possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handledcertain PNG files. An attacker could possibly use this issue to cause a denial of service. It was discovered thatExiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial ofservice. Various other issues were also addressed.Debian Security Advisory 4482-1Debian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which couldpotentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denialof service or cross-site request forgery.Red Hat Security Advisory 2019-1777-01Red Hat Security Advisory 2019-1777-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting anduse-after-free vulnerabilities.Ubuntu Security Notice USN-4055-1Ubuntu Security Notice 4055-1 - Mike Salvatore discovered that FlightCrew improperly handled certainmalformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. MikeSalvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use thisvulnerability to write arbitrary files to the filesystem. Mike Salvatore discovered that the version of Zipiosincluded in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to causea denial of service or consume system resources. Various other issues were also addressed.Red Hat Security Advisory 2019-1774-01Red Hat Security Advisory 2019-1774-01 - Vim is an updated and improved version of the vi editor. An arbitrarycommand execution vulnerability has been addressed.Red Hat Security Advisory 2019-1775-01Red Hat Security Advisory 2019-1775-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Thisupdate upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting anduse-after-free vulnerabilities.Red Hat Security Advisory 2019-1771-01Red Hat Security Advisory 2019-1771-01 - The cyrus-imapd packages contain a high-performance mail serverwith IMAP, POP3, NNTP, and SIEVE support. Issues addressed include a buffer overflow vulnerability.ExpressVPN Unquoted Service Path Privilege EscalationExpressVPN suffers from an unquoted service path privilege escalation vulnerability.Debian Security Advisory 4481-1Debian Linux Security Advisory 4481-1 - Harsh Jaiswal discovered a remote shell execution vulnerability inruby-mini-magick, a Ruby library providing a wrapper around ImageMagick or GraphicsMagick, exploitablewhen using MiniMagick::Image.open with specially crafted URLs coming from unsanitized user input.Ubuntu Security Notice USN-4054-1Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in toinstalling a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple securityissues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attackercould potentially exploit these to cause a denial of service, obtain sensitive information, bypass same originrestrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof originattributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Variousother issues were also addressed.
Debian Security Advisory 4480-1Debian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLogimplementation of Redis, a persistent key-value database, which could result in denial of service or potentiallythe execution of arbitrary code.Debian Security Advisory 4479-1Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing,information disclosure, denial of service or cross-site request forgery.Red Hat Security Advisory 2019-1763-01Red Hat Security Advisory 2019-1763-01 - Mozilla Firefox is an open-source web browser, designed forstandards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR.Issues addressed include cross site scripting and use-after-free vulnerabilities.Asterisk Project Security Advisory - AST-2019-003Asterisk Project Security Advisory - When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to anendpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including botha T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer oruser a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38is also in the SDP answer.Asterisk Project Security Advisory - AST-2019-002Asterisk Project Security Advisory - A specially crafted SIP in-dialog MESSAGE message can cause Asterisk tocrash.Red Hat Security Advisory 2019-1762-01Red Hat Security Advisory 2019-1762-01 - The Advanced Virtualization module provides the user-spacecomponent for running virtual machines that use KVM in environments managed by Red Hat products. Anarbitrary file read/execution vulnerability was addressed.Red Hat Security Advisory 2019-1734-01Red Hat Security Advisory 2019-1734-01 - ironic-inspector is an auxiliary service for discovering hardwareproperties for a node managed by Ironic. Hardware introspection or hardware properties discovery is a processof getting hardware parameters required for scheduling from a bare metal node, given its power managementcredentials. Issues addressed include a remote SQL injection vulnerability.Red Hat Security Advisory 2019-1743-01Red Hat Security Advisory 2019-1743-01 - KVM is a full virtualization solution for Linux on a variety ofarchitectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machinesthat use KVM in environments managed by Red Hat products. Issues addressed include a buffer overflowvulnerability.Red Hat Security Advisory 2019-1742-01Red Hat Security Advisory 2019-1742-01 - openstack-tripleo-common contains the python library for codecommon to the Red Hat OpenStack Platform director CLI and GUI.Debian Security Advisory 4478-1Debian Linux Security Advisory 4478-1 - Two vulnerabilities were discovered in the DOSBox emulator, whichcould result in the execution of arbitrary code on the host running DOSBox when running a maliciousexecutable in the emulator.Microsoft DirectWrite / AFDKO dnaGrow Insufficient Integer Overflow CheckMicrosoft DirectWrite / AFDKO suffers from having an insufficient integer overflow check in dnaGrow.Red Hat Security Advisory 2019-1764-01Red Hat Security Advisory 2019-1764-01 - Mozilla Firefox is an open-source web browser, designed forstandards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR.Issues addressed include cross site scripting and use-after-free vulnerabilities.Red Hat Security Advisory 2019-1765-01
Red Hat Security Advisory 2019-1765-01 - Mozilla Firefox is an open-source web browser, designed forstandards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR.Issues addressed include cross site scripting and use-after-free vulnerabilities.
