CIsco has issued Vulnerability-related.PatchVulnerability a critical patch of a patch for a Cisco Prime License Manager SQL fix . Cisco this week said it patched Vulnerability-related.PatchVulnerability a “ critical ” patch for its Prime License Manager ( PLM ) software that would let attackers execute random SQL queries . The Cisco Prime License Manager offers enterprise-wide management of user-based licensing , including license fulfillment . Released Vulnerability-related.PatchVulnerability in November , the first version of the Prime License Manager patch caused its own “ functional ” problems that Cisco was then forced to fix Vulnerability-related.PatchVulnerability . That patch , called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed Vulnerability-related.PatchVulnerability the SQL vulnerability but caused backup , upgrade and restore problems , and should no longer be used Cisco said . Cisco wrote that “ customers who have previously installed Vulnerability-related.PatchVulnerability the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch should upgrade Vulnerability-related.PatchVulnerability to the ciscocm.CSCvk30822_v2.0.k3.cop.sgn patch to remediate the functional issues . Installing Vulnerability-related.PatchVulnerability the v2.0 patch will first rollback the v1.0 patch and then install Vulnerability-related.PatchVulnerability the v2.0 patch. ” As for the vulnerability that started this process , Cisco says it “ is due to a lack of proper validation of user-supplied input in SQL queries . An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application . A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres [ SQL ] user. ” The vulnerability impacts Vulnerability-related.DiscoverVulnerability Cisco Prime License Manager Releases 11.0.1 and later .

A broad array of Android phones are vulnerable Vulnerability-related.DiscoverVulnerability to attacks that use booby-trapped Wi-Fi signals to achieve full device takeover , a researcher has demonstrated Vulnerability-related.DiscoverVulnerability . The vulnerability resides in Vulnerability-related.DiscoverVulnerability a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices . Apple patched Vulnerability-related.PatchVulnerability the vulnerability with Monday 's release Vulnerability-related.PatchVulnerability of iOS 10.3.1 . `` An attacker within range may be able to execute arbitrary code on the Wi-Fi chip , '' Apple 's accompanying advisory warned Vulnerability-related.DiscoverVulnerability . In a highly detailed blog post published Vulnerability-related.DiscoverVulnerability Tuesday , the Google Project Zero researcher who discovered Vulnerability-related.DiscoverVulnerability the flaw said Vulnerability-related.DiscoverVulnerability it allowed the execution of malicious code on a fully updated 6P `` by Wi-Fi proximity alone , requiring no user interaction . '' Google is in the process of releasing Vulnerability-related.PatchVulnerability an update in its April security bulletin . The fix is available Vulnerability-related.PatchVulnerability only to a select number of device models , and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible . Company representatives did n't respond to an e-mail seeking comment for this post . The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values . The values , in turn , cause the firmware running on Broadcom 's wireless system-on-chip to overflow its stack . By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks , Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode . Beniamini 's code does nothing more than write a benign value to a specific memory address . Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point . Besides the specific stack overflow bugs exploited Vulnerability-related.DiscoverVulnerability by the proof-of-concept attack , Beniamini said Vulnerability-related.DiscoverVulnerability a lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target . `` We ’ ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex , it still lags behind in terms of security , '' he wrote . `` Specifically , it lacks all basic exploit mitigations—including stack cookies , safe unlinking and access permission protection ( by means of [ a memory protection unit . ] ) '' The Broadcom chipset contains an MPU , but the researcher found that it 's implemented in a way that effectively makes all memory readable , writeable , and executable . `` We can conveniently execute our code directly from the heap . '' He said that Broadcom has informed him that newer versions of the chipset implement the MPU more effectively and also add unspecified additional security mechanisms . Given the severity of the vulnerability , people with affected Vulnerability-related.DiscoverVulnerability devices should install Vulnerability-related.PatchVulnerability a patch as soon as it 's available . For those with vulnerable iPhones , that 's easy enough . As is all too often the case for Android users , there 's no easy way to get Vulnerability-related.PatchVulnerability a fix immediately , if at all . That 's because Google continues to stagger the release Vulnerability-related.PatchVulnerability of its monthly patch bundle for the minority of devices that are eligible to receive it . At the moment , it 's not clear if there are effective workarounds available for vulnerable devices . Turning off Wi-Fi is one possibility , but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones , devices often relay Wi-Fi frames even when Wi-Fi is turned off

If you ’ re using one of the many QNAP NAS devices and you haven ’ t yet upgraded the QTS firmware to version 4.2.4 , you should do so immediately if you don ’ t want it to fall prey to attackers . Among the vulnerabilities fixed Vulnerability-related.PatchVulnerability by QNAP in this latest firmware version , released Vulnerability-related.PatchVulnerability on March 21 , are three command injection flaws in the web user interface that can be exploited Vulnerability-related.DiscoverVulnerability to gain remote command execution on a vulnerable device as administrative user ( root ) . And among these three , one can be exploited Vulnerability-related.DiscoverVulnerability by an unauthenticated attacker , via a specially crafted HTTP request . A thusly compromised NAS device can be used for further attacks , but what should worry users even more , is that an attacker can read , modify or remove content from it at will . The flaws were discovered Vulnerability-related.DiscoverVulnerability by Harry Sintonen of F-Secure , and responsibly disclosed Vulnerability-related.DiscoverVulnerability to QNAP . But , given that Sintonen has now released more information about each vulnerability , it ’ s not inconceivable that attackers might craft working exploits soon , and try to use them . The vulnerabilities are confirmed to affect Vulnerability-related.DiscoverVulnerability QTS versions 4.2.2 and 4.2.3 . Users are advised to install Vulnerability-related.PatchVulnerability the firmware update version 4.2.4 build 20170313 , or restrict access to the web user interface ( ports 8080 and 443 )

Researchers from Positive Technologies have unearthed Vulnerability-related.DiscoverVulnerability a critical vulnerability ( CVE-2017-6968 ) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions . Checker ATM Security is a specialized security solution aimed at keeping ATMs safe from logical attacks . It does so by enforcing application whitelisting , full hard disk encryption , providing ACL-based control of process execution and resource access , enforcing security policies , restricting attempts to connect peripheral devices , and so on . The found flaw can be exploited Vulnerability-related.DiscoverVulnerability to remotely run code on a targeted ATM , increase the attacker ’ s privileges in the system , and compromise the machine completely . “ To exploit the vulnerability , a criminal would need to pose as Attack.Phishing the control server , which is possible via ARP spoofing Attack.Phishing , or by simply connecting the ATM to a criminal-controlled network connection , ” researcher Georgy Zaytsev explained . “ During the process of generating the public key for traffic encryption , the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution . This can give an attacker full control over the ATM and allow a variety of manipulations , including unauthorized money withdrawal ” . ” When informed Vulnerability-related.DiscoverVulnerability of the vulnerability and provided with test exploits , GMV confirmed Vulnerability-related.DiscoverVulnerability its existence and that it affects Vulnerability-related.DiscoverVulnerability versions 4.x and 5.x of the software , and ultimately pushed Vulnerability-related.PatchVulnerability out a patch , which users are urged to install Vulnerability-related.PatchVulnerability as soon as possible . Exploitation not detected in the wild A company spokesperson has made sure to point out that there is no indication that the vulnerability has been exploited Vulnerability-related.DiscoverVulnerability in attacks in the wild . Also , that exploitation is not that easy , as the attacker must first gain access to the ATM network and log into the target system . “ Secondly , the attack is difficult to be systematically exploited in an ATM network . In order to exploit it , the attacker needs some memory address that are strongly dependent on Windows kernel version , while in Windows XP systems could be theoretically possible to take advantage of the vulnerability , in Windows 7 is almost impossible because those memory address are different in every windows installation , ” the spokesperson told The Register . Like any software , security software is not immune to vulnerabilities and can open systems to exploitation . While antivirus and other security solutions for personal computers are often scrutinized and tested for flaws by third-party researchers , specialized security software has not , so far , received that amount of attention . So , it ’ s good to hear that some researchers have decided to focus on them , and that vendors are positively responding to vulnerability disclosures Vulnerability-related.DiscoverVulnerability .

Cyber security researchers on Monday pointed to code in a "ransomware" attack Attack.Ransom that could indicate a link to North Korea . Symantec and Kaspersky Lab each cited code that was previously used by a hacker collective known as the Lazarus Group , which was behind the high-profile 2014 hack of Sony that was also blamed on North Korea . But the security firms cautioned that it is too early to make any definitive conclusions , in part because the code could have been merely copied by someone else for use in the current event . The effects of the ransomware attack Attack.Ransom appeared to ease Monday , although thousands more computers , mostly in Asia , were hit Attack.Ransom as people signed in at work for the first time since the infections spread to 150 countries late last week . Health officials in Britain , where surgeries and doctors ' appointments in its national health care system had been severely impacted Friday , were still having problems Monday . But health minister Jeremy Hunt said it was `` encouraging '' that a second wave of attacks had not materialized . He said `` the level of criminal activity is at the lower end of the range that we had anticipated . '' In the United States , Tom Bossert , a homeland security adviser to President Donald Trump , told the ABC television network the global cybersecurity attack is something that `` for right now , we 've got under control . '' He told reporters at the White House that `` less than $ 70,000 '' has been paid as ransom Attack.Ransom to those carrying out the attacks . He urged all computer users to make sure they install Vulnerability-related.PatchVulnerability software patches to protect themselves against further cyberattacks . In the television interview , Bossert described the malware that paralyzed 200,000 computers running factories , banks , government agencies , hospitals and transportation systems across the globe as an `` extremely serious threat . '' Cybersecurity experts say the hackers behind the `` WannaCry '' ransomware , who demanded Attack.Ransom $ 300 payments Attack.Ransom to decrypt files locked by the malware , used a vulnerability that came from U.S. government documents leaked online . The attacks exploited Vulnerability-related.DiscoverVulnerability known vulnerabilities in older Microsoft computer operating systems . During the weekend , Microsoft president Brad Smith said the clandestine U.S. National Security Agency had developed the code used in the attack . Bossert said `` criminals , '' not the U.S. government , are responsible for the attacks . Like Bossert , experts believe Microsoft 's security patch released Vulnerability-related.PatchVulnerability in March should protect networks if companies and individual users install it . Russian President Vladimir Putin said his country had nothing to do with the attack and cited the Microsoft statement blaming the NSA for causing the worldwide cyberattack . `` A genie let out of a bottle of this kind , especially created by secret services , can then cause damage to its authors and creators , '' Putin said while attending an international summit in Beijing . He said that while there was `` no significant damage '' to Russian institutions from the cyberattack , the incident was `` worrisome . '' `` There is nothing good in this and calls for concern , '' he said . Even though there appeared to be a diminished number of attacks Monday , computer outages still affected segments of life across the globe , especially in Asia , where Friday 's attacks occurred after business hours . China China said 29,000 institutions had been affected , along with hundreds of thousands of devices . Japan 's computer emergency response team said 2,000 computers at 600 locations were affected there . Universities and other educational institutions appeared to be the hardest hit in China . China 's Xinhua News Agency said railway stations , mail delivery , gas stations , hospitals , office buildings , shopping malls and government services also were affected . Elsewhere , Britain said seven of the 47 trusts that run its national health care system were still affected , with some surgeries and outpatient appointments canceled as a result . In France , auto manufacturer Renault said one of its plants that employs 3,500 workers stayed shut Monday as technicians dealt with the aftermath of the Friday attacks . Security patches Computer security experts have assured individual computer users who have kept their operating systems updated that they are relatively safe , but urged companies and governments to make sure they apply Vulnerability-related.PatchVulnerability security patches or upgrade Vulnerability-related.PatchVulnerability to newer systems . They advised those whose networks have been effectively shut down by the ransomware attack Attack.Ransom not to make the payment demanded Attack.Ransom , the equivalent of $ 300 , paid Attack.Ransom in the digital currency bitcoin . However , the authors of the "WannaCry" ransomware attack Attack.Ransom told their victims the amount they must pay Attack.Ransom will double if they do not comply within three days of the original infection , by Monday in most cases . The hackers warned that they will delete all files on infected systems if no payment Attack.Ransom is received within seven days .