Cisco has patched Vulnerability-related.PatchVulnerability a set of severe vulnerabilities which could lead to remote code execution in the Cisco Webex Network Recording Player for Advanced Recording Format ( ARF ) . The security flaws , CVE-2018-15414 , CVE-2018-15421 , and CVE-2018-15422 , have been issued Vulnerability-related.DiscoverVulnerability a base score of 7.8 . According to the Cisco Product Security Incident Response Team ( PSIRT ) , the flaws could lead to `` an unauthenticated , remote attacker to execute arbitrary code on a targeted system . '' The Cisco Webex Network Recording Player for Advanced Recording Format ( ARF ) , available for Windows , Mac , and Linux machines is a component for recording meetings taking place in the Cisco Webex Meetings Suite sites , Cisco Webex Meetings Online sites , and Cisco Webex Meetings Server . In a security advisory posted this week , Cisco says that the following software is affected : Cisco Webex Meetings Suite ( WBS32 ) : Webex Network Recording Player versions prior to WBS32.15.10 ; Cisco Webex Meetings Suite ( WBS33 ) : Webex Network Recording Player versions prior to WBS33.3 ; Cisco Webex Meetings Online : Webex Network Recording Player versions prior to 1.3.37 ; Cisco Webex Meetings Server : Webex Network Recording Player versions prior to 3.0MR2 . According to Cisco , each operating system is vulnerable Vulnerability-related.DiscoverVulnerability to at least one of the security flaws . The vulnerabilities are due to the improper invalidation of Webex recording files . If a victim opens a crafted , malicious file in the Cisco Webex Player -- potentially sent over Attack.Phishing email as part of a spear phishing campaign Attack.Phishing -- the bugs are triggered , leading to exploit . TechRepublic : Cisco switch flaw led to attacks on critical infrastructure in several countries There are no workarounds to address Vulnerability-related.PatchVulnerability these vulnerabilities . However , Cisco has developed Vulnerability-related.PatchVulnerability patches to automatically update Vulnerability-related.PatchVulnerability vulnerable software . It is recommended that users accept these updates as quickly as possible . The tech giant notes that some Cisco Webex Meetings builds might be at the end of their support cycles and wo n't receive these updates . In these cases , users should contact the company directly . CNET : Kansas City gets smarter thanks to Cisco and Sprint Alternatively , the ARF component is an add-on and can simply be uninstalled manually . A removal tool is has been made available . Cisco is not aware Vulnerability-related.DiscoverVulnerability of any reports of any active exploits in the wild . Steven Seeley from Source Incite and Ziad Badawi , working together with the Trend Micro Zero Day Initiative , have been credited with finding and reporting Vulnerability-related.DiscoverVulnerability the bugs . In related news this week , Trend Micro 's Zero Day Initiative disclosed Vulnerability-related.DiscoverVulnerability a Microsoft Jet zero-day vulnerability which was unpatched Vulnerability-related.PatchVulnerability at the point of public disclosure Vulnerability-related.DiscoverVulnerability . If exploited Vulnerability-related.DiscoverVulnerability , the vulnerability permits attackers to remotely execute code on infected machines .

A serious vulnerability in a widely used , and widely forked , jQuery file upload plugin may have been exploited Vulnerability-related.DiscoverVulnerability for years by hackers to seize control of websites – and is only now patched Vulnerability-related.PatchVulnerability . Larry Cashdollar , a bug-hunter at Akamai , explained Vulnerability-related.DiscoverVulnerability late last week how the security shortcoming , designated Vulnerability-related.DiscoverVulnerability CVE-2018-9206 , allows a miscreant to upload and execute arbitrary code as root on a website that uses the vulnerable code with the Apache web server . This would potentially allow an attacker to , among other things , upload and run a webshell to execute commands on the target machine to steal Attack.Databreach data , change files , distribute malware , and so on . Cashdollar – real name , he swears – was able to track Vulnerability-related.DiscoverVulnerability the flaw down to Sebastian Tschan 's open-source jQuery File Upload tool , and got the developer to fix Vulnerability-related.PatchVulnerability it in version 9.22.1 . The flaw stems from a change to the Apache web server , from version 2.3.9 and onwards , that disabled support for .htaccess security configuration files , which left projects like jQuery File Upload open to exploitation . Additionally , Cashdollar noted Vulnerability-related.DiscoverVulnerability , it is almost certain he was not the first person to come across Vulnerability-related.DiscoverVulnerability this simple vulnerability . Demonstration videos on YouTube suggest similar flaws are known Vulnerability-related.DiscoverVulnerability to miscreants , and have been targeted in some circles for years . `` The internet relies on many security controls every day in order to keep our systems , data , and transactions safe and secure , '' Cashdollar said . `` If one of these controls suddenly does n't exist it may put security at risk unknowingly to the users and software developers relying on them . '' So , it 's believed hackers have been quietly exploiting the bug for several years as the flaw itself is fairly trivial and also eight years old . Now that details of the vulnerability are public Vulnerability-related.DiscoverVulnerability , exploit code has been produced , for example , here , and may be handy if you wish to test whether or not your website is vulnerable Vulnerability-related.DiscoverVulnerability to CVE-2018-9206 . In any case , loads of people now know about it , so that means more miscreants menacing and hijacking vulnerable websites .

A security bug in Systemd can be exploited Vulnerability-related.DiscoverVulnerability over the network to , at best , potentially crash a vulnerable Linux machine , or , at worst , execute malicious code on the box . The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking : maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems , leading to potential code execution . This code could install malware , spyware , and other nasties , if successful . The vulnerability – which was made public Vulnerability-related.DiscoverVulnerability this week – sits within the written-from-scratch DHCPv6 client of the open-source Systemd management suite , which is built into various flavors of Linux . This client is activated automatically if IPv6 support is enabled , and relevant packets arrive for processing . Thus , a rogue DHCPv6 server on a network , or in an ISP , could emit specially crafted router advertisement messages that wake up these clients , exploit the bug , and possibly hijack or crash vulnerable Systemd-powered Linux machines . Here 's the Red Hat Linux summary : systemd-networkd is vulnerable Vulnerability-related.DiscoverVulnerability to an out-of-bounds heap write in the DHCPv6 client when handling options sent by network adjacent DHCP servers . A attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines , resulting in a denial of service or potential code execution . Felix Wilhelm , of the Google Security team , was credited with discovering Vulnerability-related.DiscoverVulnerability the flaw , designated CVE-2018-15688 . Wilhelm found that a specially crafted DHCPv6 network packet could trigger `` a very powerful and largely controlled out-of-bounds heap write , '' which could be used by a remote hacker to inject and execute code . `` The overflow can be triggered relatively easy by advertising a DHCPv6 server with a server-id > = 493 characters long , '' Wilhelm noted . In addition to Ubuntu and Red Hat Enterprise Linux , Systemd has been adopted as a service manager for Debian , Fedora , CoreOS , Mint , and SUSE Linux Enterprise Server . We 're told RHEL 7 , at least , does not use the vulnerable component by default . Systemd creator Lennart Poettering has already published Vulnerability-related.PatchVulnerability a security fix for the vulnerable component – this should be weaving its way into distros as we type . If you run a Systemd-based Linux system , and rely on systemd-networkd , update Vulnerability-related.PatchVulnerability your operating system as soon as you can to pick up the fix when available Vulnerability-related.PatchVulnerability and as necessary . The bug will come as another argument against Systemd as the Linux management tool continues to fight for the hearts and minds of admins and developers alike . Though a number of major admins have in recent years adopted and championed it as the replacement for the old Init era , others within the Linux world seem to still be less than impressed with Systemd and Poettering 's occasionally controversial management of the tool .

A severe vulnerability has been disclosed Vulnerability-related.DiscoverVulnerability in libpurple , the library used in the development of a number of popular instant messaging clients , including Pidgin and Adium for the macOS platform . Adium 1.5.10.2 is vulnerable Vulnerability-related.DiscoverVulnerability and can be exploited Vulnerability-related.DiscoverVulnerability to run arbitrary code remotely . A researcher who goes by the handle Erythronium submitted a post Vulnerability-related.DiscoverVulnerability on March 15 to the Adium developers mailing list about the issue . While there ’ s been some discussion of a fix for CVE-2017-2640 , no Adium advisory or patches have been released Vulnerability-related.PatchVulnerability . In the meantime , Erythronium told Threatpost that libpurple and Adium should no longer be used . “ Unless the [ Adium ] dev team comes out Vulnerability-related.PatchVulnerability with an advisory about this issue , a serious apology , a completely solid story about how they plan to handle future vulnerabilities in their codebase and its dependencies , and a way for people to reproduce their builds without depending on a creepy binary blob of libpurple , people should simply stop using it , ” the researcher said . “ It ’ s also very arguable that people should stop using libpurple completely , since it also lacks strong security practices in its development ” . A request for comment from two members of the Adium team was not returned in time for publication . “ Adium ’ s build process documentation does not seem to include steps for upgrading or rebuilding libpurple , and the copy of libpurple checked into Adium ’ s open-source repository as a binary blob of unknown provenance , ” Erythronium wrote in a post to the Full Disclosure mailing list . Adium is a freely available IM client for the Apple platform , and users may connect a number of other IM networks to it , including AIM , Google Talk , Yahoo Messenger and others . It ’ s written using the Cocoa API in macOS , and also supports Off the Record ( OTR ) encryption over XMPP . Libpurple is used in a number of IM programs , including Pidgin on Windows Linux and UNIX builds and Finch , a text-based IM program for Linux and UNIX . The vulnerability is an out-of-bounds write flaw that happens when invalid XML is sent by an attacker , Pidgin said in an advisory . “ Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition , execute arbitrary code or perform unauthorized actions , ” said Vulnerability-related.DiscoverVulnerability a SecurityFocus advisory . The use of messaging apps that support encryption have been encouraged since the Snowden disclosures and other challenges to secure communication such as Apple vs. FBI . Adium specifically was included in a Privacy Pack recommended by the Electronic Frontier Foundation in the months following the Snowden leaks . The pack was a collection of tools for privacy conscious users , and included the Tor browser , encryption extensions for browsers , HTTPS Everywhere , and Pidgin and Adium for encrypted chats . Enterprise applications from Oracle and others could be becoming juicier targets for attackers . Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure . Between $ 150 million and $ 300 million in digital currency called ether remains inaccessible today after a user said he “ accidentally ” triggered a vulnerability that froze the funds in the popular Parity wallet

Microsoft Internet Information Services ( IIS ) 6.0 is vulnerable Vulnerability-related.DiscoverVulnerability to a zero-day Buffer Overflow vulnerability ( CVE-2017-7269 ) due to an improper validation of an ‘ IF ’ header in a PROPFIND request . A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND method . Successful exploitation could result in denial of service condition or arbitrary code execution in the context of the user running the application . According to the researchers who found Vulnerability-related.DiscoverVulnerability this flaw , this vulnerability was exploited Vulnerability-related.DiscoverVulnerability in the wild in July or August 2016 . Other threat actors are now in the stages of creating malicious code based on the original proof-of-concept ( PoC ) code . Web Distributed Authoring and Versioning ( WebDAV ) is an extension of the HTTP protocol that allows clients to perform remote Web content authoring operations . WebDAV extends the set of standard HTTP methods and headers allowed for the HTTP request . Few example of WebDAV methods are COPY , LOCK , MKCOL , PROPFIND , UNLOCK etc . This vulnerability is exploited Vulnerability-related.DiscoverVulnerability using the PROPFIND method and IF header . The PROPFIND method retrieves properties defined on the resource identified by the Request-URI . All the WebDAV-Compliant resources must support the PROPFIND method . The IF header handles the state token as well as the ETags . It makes the request conditional by supplying a series of state lists with conditions that match tokens and ETags to specific resource . If all states present in the IF header fail , the request fails with 412 ( Precondition Failed ) status

A popular version of the open source Magento ecommerce platform is vulnerable Vulnerability-related.DiscoverVulnerability to a zero-day remote code execution vulnerability , putting as many as 200,000 online retailers at risk . The warning comes from security firm DefenseCode , which found Vulnerability-related.DiscoverVulnerability and originally reported Vulnerability-related.DiscoverVulnerability the vulnerability to Magento in November . “ During the security audit of Magento Community Edition , a high risk vulnerability was discovered Vulnerability-related.DiscoverVulnerability that could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information , ” DefenseCode wrote in a technical description of its discovery ( PDF ) posted Wednesday . According Bosko Stankovic , information security engineer at DefenseCode , despite repeated efforts to notify Vulnerability-related.DiscoverVulnerability Magento , which began in November 2016 , the vulnerability remains unpatched Vulnerability-related.PatchVulnerability despite four version updates since the disclosure Vulnerability-related.DiscoverVulnerability . DefenseCode did not examine Magento Enterprise , the commercial version of the platform , but warns both share the same underlying vulnerable code . “ We ’ re unsure if this vulnerability is actively being exploited Vulnerability-related.DiscoverVulnerability in the wild , but since the vulnerability has been unpatched Vulnerability-related.PatchVulnerability for so long it provides a window of opportunity for potential hackers , ” Stankovic said . Magento confirmed the existence Vulnerability-related.DiscoverVulnerability of the flaw in a brief statement to Threatpost and said it was investigating . “ We have been actively investigating Vulnerability-related.DiscoverVulnerability the root cause of the reported issue and are not aware of any attacks in the wild . We will be addressing Vulnerability-related.PatchVulnerability the issue in our next patch release and continue to consistently work to improve our assurance processes , ” Magento said in a statement . Yesterday , Threatpost reported Vulnerability-related.DiscoverVulnerability a story about a remote code execution vulnerability with Magento 2 Enterprise and Community software . Magento is committed to delivering superior security to clients and has been actively investigating Vulnerability-related.DiscoverVulnerability the root cause of the reported issue . We are not aware of any attacks in the wild . Admin access is required to execute the exploit , so as always , we encourage you to follow best practices to keep your Admin secure . In addition , this vulnerability will be addressed Vulnerability-related.PatchVulnerability in our next release Vulnerability-related.PatchVulnerability targeted for early May . Until then , we recommend enforcing the use of “ Add Secret Key to URLs ” to mitigate potential attacks .

Hundreds of thousands of internet gateway devices around the world , primarily residential cable modems , are vulnerable Vulnerability-related.DiscoverVulnerability to hacking because of a serious weakness in their Simple Network Management Protocol implementation . SNMP is used for automated network device identification , monitoring and remote configuration . It is supported and enabled by default in many devices , including servers , printers , networking hubs , switches and routers . Independent researchers Ezequiel Fernandez and Bertin Bervis recently found Vulnerability-related.DiscoverVulnerability a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers . Their internet scans revealed Vulnerability-related.DiscoverVulnerability hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found Vulnerability-related.DiscoverVulnerability and dubbed StringBleed . The leaking Attack.Databreach of sensitive configuration data through the default `` public '' SNMP community string is a known problem that has affected Vulnerability-related.DiscoverVulnerability many devices over the years . The two researchers first located Vulnerability-related.DiscoverVulnerability a small number of vulnerable devices , including the Cisco DPC3928SL cable modem that 's now part of Technicolor 's product portfolio following the company 's acquisition of Cisco 's Connected Devices division in 2015 . The researchers claim Vulnerability-related.DiscoverVulnerability that when they reported Vulnerability-related.DiscoverVulnerability the issue to Technicolor , the company told them that it was the result of an access misconfiguration by a single ISP in Mexico rather than a problem with the device itself . This prompted the researchers to perform a wider internet scan that resulted in the discovery Vulnerability-related.DiscoverVulnerability of 78 vulnerable cable modem models from 19 manufacturers , including Cisco , Technicolor , Motorola , D-Link and Thomson . Regardless of the cause , the problem is serious , as attackers could exploit this flaw to extract administrative and Wi-Fi passwords or to hijack devices by modifying their configurations . There 's not much that users can do if their ISP supplied them with a vulnerable device , other than ask for a different model or install their own modem . Unfortunately , not many ISPs allow their residential customers to use their own gateway devices , because they want uniformity and remote management capabilities on their networks . Determining if a particular device is vulnerable Vulnerability-related.DiscoverVulnerability to this issue is possible , but requires a bit of work . An online port scanner like ShieldsUp can be used to determine if the device responds to SNMP requests over its public IP address . If SNMP is open , a different online tool can be used to check if the device 's SNMP server returns valid responses when the `` public '' or random community strings are used . At the very least this would indicate an information leak problem .

Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Vulnerability-related.DiscoverVulnerability Monday after private disclosures Vulnerability-related.DiscoverVulnerability made to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security found Vulnerability-related.DiscoverVulnerability accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro said Vulnerability-related.DiscoverVulnerability he disclosed Vulnerability-related.DiscoverVulnerability the vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro published Vulnerability-related.DiscoverVulnerability a proof of concept exploit yesterday as well . Ribeiro told Vulnerability-related.DiscoverVulnerability Threatpost he ’ s unsure whether TrueOnline introduced Vulnerability-related.DiscoverVulnerability the vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developed Vulnerability-related.PatchVulnerability . A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities found Vulnerability-related.DiscoverVulnerability by Ribeiro , in particular several ASP files , he said Vulnerability-related.DiscoverVulnerability , are vulnerable Vulnerability-related.DiscoverVulnerability to command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affected Vulnerability-related.DiscoverVulnerability by the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are available Vulnerability-related.DiscoverVulnerability for three of the vulnerabilities . Most of the vulnerabilities can be exploited Vulnerability-related.DiscoverVulnerability remotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerable Vulnerability-related.DiscoverVulnerability to an unauthenticated command injection attack that can be exploited remotely . Ribeiro said Vulnerability-related.DiscoverVulnerability he found Vulnerability-related.DiscoverVulnerability the vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router contains Vulnerability-related.DiscoverVulnerability the same vulnerability , but can not be exploited Vulnerability-related.DiscoverVulnerability without authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attacks ; the vulnerability was found Vulnerability-related.DiscoverVulnerability in its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patched Vulnerability-related.PatchVulnerability a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patching Vulnerability-related.PatchVulnerability for Microsoft .