Cisco patches Vulnerability-related.PatchVulnerability a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has released Vulnerability-related.PatchVulnerability patches for 34 vulnerabilities mostly affecting Vulnerability-related.DiscoverVulnerability its IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has released Vulnerability-related.PatchVulnerability a patch for is critical bug CVE-2018-0171 affecting Vulnerability-related.DiscoverVulnerability Smart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that found Vulnerability-related.DiscoverVulnerability the flaw , initially believed it could only be exploited Vulnerability-related.DiscoverVulnerability within an enterprise 's network . However , it found Vulnerability-related.DiscoverVulnerability millions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also published Vulnerability-related.DiscoverVulnerability proof-of-concept exploit code , so it probably will be urgent for admins to patch Vulnerability-related.PatchVulnerability . An attacker can exploit the bug by sending Attack.Phishing a crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discovered Vulnerability-related.DiscoverVulnerability the flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reported Vulnerability-related.DiscoverVulnerability it to Cisco in September . Cisco 's internal testing also turned up Vulnerability-related.DiscoverVulnerability a critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warns Vulnerability-related.DiscoverVulnerability that an attacker could use this account to remotely connect to a device running the software . Cisco engineers also found Vulnerability-related.DiscoverVulnerability CVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .

A privilege escalation flaw in McAfee 's True Key software remains open to exploitation despite multiple attempts to patch Vulnerability-related.PatchVulnerability it . This according to researchers with security shop Exodus Intel , who claim Vulnerability-related.DiscoverVulnerability that CVE-2018-6661 was not fully addressed Vulnerability-related.PatchVulnerability with either of the two patches McAfee released Vulnerability-related.PatchVulnerability for it . The flaw is an elevation of privilege issue in McAfee 's TrueKey password manager . An exploit can be carried out on a guest account by side-loading a specially-crafted DLL into True Key that would then allow for commands and code to be executed with system-level privileges . McAfee 's summary of the flaw , published Vulnerability-related.DiscoverVulnerability on March 30 , lists it as a 'high ' severity issue that was patched Vulnerability-related.PatchVulnerability in version 4.20.110 - which was released Vulnerability-related.PatchVulnerability in April . Exodus says that the April release did n't fully fix Vulnerability-related.PatchVulnerability the bug , however . The researchers explain that McAfee 's patch only addresses Vulnerability-related.PatchVulnerability one of the libraries ( SDKLibAdapter ) that would allow the attack to take place , with another DLL ( NLog logging library ) being left vulnerable Vulnerability-related.DiscoverVulnerability to the same side-loading tactic . `` The patch is incomplete because it overlooks this and hence the nlog.dll can be utilized to allow arbitrary code execution just as the McAfee.TrueKey.SDKLibAdapter.dll could be used in versions prior to the patch , '' Exodus researchers Omar El-Domeiri and Gaurav Baruah said . `` Furthermore , any other McAfee signed binary can be used to exploit the vulnerability as long as the binary depends on a DLL outside the list of known DLLs . '' Exodus said Vulnerability-related.DiscoverVulnerability that it notified Vulnerability-related.DiscoverVulnerability McAfee of the issue back in August , prompting Vulnerability-related.PatchVulnerability a second patch that , unfortunately , also failed to fully remedy Vulnerability-related.PatchVulnerability the issue . `` However , we tested the latest version available ( 5.1.173.1 as of September 7th , 2018 ) and found Vulnerability-related.DiscoverVulnerability that it remains vulnerable Vulnerability-related.DiscoverVulnerability requiring no changes to our exploit . '' To its credit , McAfee acknowledged Vulnerability-related.DiscoverVulnerability the issue and said it is still working to fully resolve Vulnerability-related.PatchVulnerability the flaw . `` McAfee has been working with the researchers to confirm Vulnerability-related.DiscoverVulnerability their findings , and has provided customers mitigation guidance to allow them to protect themselves until the company can address Vulnerability-related.PatchVulnerability the reported issues via automatic product updates , '' McAfee told The Register . In the meantime , McAfee says customers can use the True Key browser extension ( which is not subject to the DLL vulnerability ) rather than the Windows application .

A week ago the Moodle developers released Vulnerability-related.PatchVulnerability updates for the still supported branches of the platform : 3.2.2 , 3.1.5 , 3.0.9 and 2.7.19 . The release notes mentioned that `` a number of security related issues were resolved Vulnerability-related.PatchVulnerability , '' but did n't provide any additional details about their nature or impact . The severity of the flaws became apparent Vulnerability-related.DiscoverVulnerability Monday , when security researcher Netanel Rubin , who found Vulnerability-related.DiscoverVulnerability the vulnerabilities , published Vulnerability-related.DiscoverVulnerability a detailed blog post about them . They do n't seem too critical on their own , but when combined , they allow attackers to create hidden administrative accounts and execute malicious PHP code on the underlying server . The exploit takes advantage of some false assumptions made by the developers , which Rubin described as a logic flaw , an Object Injection , a double SQL injection , and an overly permissive administrative dashboard . The logic issue stems from the reimplementation of a certain function without taking into account decisions made by the original function 's developers . According to the researcher , it is the result of `` having too much code , too many developers and lacking documentation . '' `` Keep in mind that logical vulnerabilities can and will occur in almost all systems featuring a large code base , '' Rubin said . `` Security issues in large code bases is , of course , not Moodle specific . '' Gaining administrative privileges on the Moodle platform is not only dangerous because attackers could install a PHP backdoor by uploading malicious plug-ins or templates , but also because Moodle installations store sensitive and private information about students taking online courses

A group known as the Shadow Brokers published Vulnerability-related.DiscoverVulnerability on Good Friday a set of confidential hacking tools used by the NSA to exploit Vulnerability-related.DiscoverVulnerability software vulnerabilities in Microsoft Windows software . According to Fortune , Microsoft announced Vulnerability-related.PatchVulnerability on the same day that it had patched Vulnerability-related.PatchVulnerability the vulnerabilities related to the NSA leak Attack.Databreach . It was especially important that the company moved quickly since juvenile hackers — also known as script kiddies — were expected to be active over the holiday weekend while defenders were away . The threat was the latest and , according to security experts , the most damaging set of stolen documents published Attack.Databreach by the Shadow Brokers , which is believed to be tied to the Russian government . Experts say Vulnerability-related.DiscoverVulnerability the leak , which was mostly lines of computer code , was made up of a variety of “ zero-day exploits ” that can infiltrate Windows machines and then be used for espionage , vandalism or document theft . The group also published Attack.Databreach another set of documents that show that the NSA penetrated the SWIFT banking network in the Middle East . “ There appears to be at least several dozen exploits , including zero-day vulnerabilities , in this release . Some of the exploits even offer a potential ‘ God mode ’ on select Windows systems . A few of the products targeted include Lotus Notes , Lotus Domino , IIS , SMB , Windows XP , Windows 8 , Windows Server 2003 and Windows Server 2012 , ” said Cris Thomas , a strategist at Tenable Network Security . The Shadow Brokers have been threatening the U.S. government for some time but until last Friday had not released anything critical . There is speculation that this document dump Attack.Databreach could be retaliation by Russia ( if the hackers are indeed tied to the country ) in response to recent U.S. military actions .

The technical details of security vulnerabilities impacting Vulnerability-related.DiscoverVulnerability the Nvidia Video and an Android driver have been revealed Vulnerability-related.DiscoverVulnerability by Zimperium , which acquired the flaws as part of an exploit acquisition program . On Tuesday , Zimperium zLabs researchers published Vulnerability-related.DiscoverVulnerability a blog post detailing the security flaws , two escalation of privilege bugs found Vulnerability-related.DiscoverVulnerability within the NVIDIA Video driver and MSM Thermal driver . The Nvidia bug , CVE-2016-2435 , impacts Vulnerability-related.DiscoverVulnerability Android 6.0 on the Nexus 9 handset . The problem arises Vulnerability-related.DiscoverVulnerability when attackers craft an application to tamper with read/write memory values and force privilege escalation . The second security flaw , CVE-2016-2411 , involves Vulnerability-related.DiscoverVulnerability a Qualcomm power management kernel driver , the MSM Thermal driver , in Android version 6 . If an attacker crafts a malicious application , they can give themselves root access through an internal bug in the driver , leading to privilege escalation . These bugs are well documented Vulnerability-related.DiscoverVulnerability , known Vulnerability-related.DiscoverVulnerability , and for the most part security updates have been issued Vulnerability-related.PatchVulnerability . However , Zimperium says Vulnerability-related.DiscoverVulnerability that making the technical details available of these so-called Vulnerability-related.DiscoverVulnerability `` N-day '' flaws is important and can act as a catalyst to boost the speed of patch production and to iron out problems arriving between a patch being created Vulnerability-related.PatchVulnerability and vendors distributing Vulnerability-related.PatchVulnerability the update in good time . In February , Zimperium launched Vulnerability-related.DiscoverVulnerability an N-day acquisition program which is only interested in known security problems , rather than unknown and unpatched zero-days . Over the next year , the exploit purchaser is budgeting a total of $ 1.5 million to pick up the details on these exploits . Once a bug has been discovered Vulnerability-related.DiscoverVulnerability and a fix is being worked on Vulnerability-related.PatchVulnerability , an N-day exploit indicates a time of one or more days in which user systems can be compromised until a security update is issued Vulnerability-related.PatchVulnerability . `` By focusing on N-days , or patched vulnerabilities , Zimperium is applying pressure on the mobile ecosystem to re-think how and when users receive Vulnerability-related.PatchVulnerability security updates , '' the company said at the time . `` [ The ] program will reward the hard work of researchers who would n't otherwise receive compensation for an N-day exploit . ''

Users of open source webmail software SquirrelMail are open to remote code execution due to a bug ( CVE-2017-7692 ) discovered Vulnerability-related.DiscoverVulnerability independently by two researchers . “ If the target server uses Sendmail and SquirrelMail is configured to use it as a command-line program , it ’ s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command , ” the explanation provided by MITRE reads . “ For exploitation , the attacker must upload a sendmail.cf file as an email attachment , and inject the sendmail.cf filename with the -C option within the ‘ Options > Personal Informations > Email Address ’ setting. ” The bug was found Vulnerability-related.DiscoverVulnerability by researchers Filippo Cavallarin and Dawid Golunski , independently of one another , and affects SquirrelMail versions 1.4.22 and below . Golunski reported Vulnerability-related.DiscoverVulnerability it to SquirrelMail ( sole ) developer Paul Lesniewski , who asked for a delay of publication of the details until he could fix Vulnerability-related.PatchVulnerability the flaw . But as Cavallarin published Vulnerability-related.DiscoverVulnerability details about it last week ( after not receiving any reply by the SquirrelMail developer ) , Golunski did the same during the weekend . Both researchers provided Vulnerability-related.DiscoverVulnerability a proof-of-concept exploit for the flaw , and Cavallarin even offered Vulnerability-related.PatchVulnerability an unofficial patch for plugging Vulnerability-related.PatchVulnerability the hole . All this prompted Lesniewski to push out Vulnerability-related.PatchVulnerability a patch on Monday , and new , patched version snapshots of the software ( 1.4.23-svn and 1.5.2-svn ) . He also told The Register that exploitation of the bug is difficult to pull off . “ In order to exploit the bug , a malicious user would need to have already gained control over a mail account by other means , SquirrelMail would need to be configured to allow users to change their outgoing email address ( we recommend keeping this disabled ) , the user would need to determine the location of the attachments directory ( by gaining shell access or making guesses ) , the permissions on said directory and files would need to allow access by other processes ( by default this will usually be the case , but prudent admins will exert more stringent access controls ) and of course , SquirrelMail needs to be configured to send via Sendmail and not SMTP ( default is SMTP ) , ” he explained . Still , according to Golunski , the 1.4.23 version snapshot offered Vulnerability-related.PatchVulnerability on Monday was still vulnerable Vulnerability-related.DiscoverVulnerability . But another one was pushed out Vulnerability-related.PatchVulnerability today , so it ’ s possible that the issue was finally , definitely fixed Vulnerability-related.PatchVulnerability . Users can wait to update their installation until things become more clear , and in the meantime , they can protect themselves by configuring their systems not to use Sendmail .

The vulnerability was discovered Vulnerability-related.DiscoverVulnerability by researchers from the hacking collective the Exploiteers ( formerly GTVHacker ) , who have found Vulnerability-related.DiscoverVulnerability vulnerabilities in the Samsung SmartCam devices in the past . The flaw allows for command injection through a web script , even though the vendor has disabled the local web-based management interface in these devices . The Samsung SmartCam is a series of cloud-enabled network security cameras that were originally developed by Samsung Techwin . Samsung sold this division to South Korean business conglomerate Hanwha Group in 2015 and the company was renamed Hanwha Techwin . In response to vulnerabilities reported in Vulnerability-related.DiscoverVulnerability the web-based management interface of various SmartCam models over the past few years , Hanwha Techwin decided to completely disable the local administration panel and only allow users to access the cameras through the accompanying smartphone app and its My SmartCam cloud service . The Exploiteers researchers recently analyzed the Samsung SmartCam SNH-1011 and noticed that while accessing the web interface over the local network was no longer possible , the web server was still running on the device and hosted some PHP scripts related to a video monitoring system called iWatch . One of these scripts allows users to update the iWatch software by uploading a file , but has a vulnerability that stems from improper sanitization of the file name . The flaw can be exploited Vulnerability-related.DiscoverVulnerability by unauthenticated attackers to inject shell commands that will then be executed by the web server running with root privileges . `` The iWatch Install.php vulnerability can be exploited Vulnerability-related.DiscoverVulnerability by crafting a special filename which is then stored within a tar command passed to a php system ( ) call , '' the researchers explained Vulnerability-related.DiscoverVulnerability in a blog post Saturday . `` Because the web-server runs as root , the filename is user supplied , and the input is used without sanitization , we are able to inject our own commands within to achieve root remote command execution . '' While the flaw was found Vulnerability-related.DiscoverVulnerability in the SNH-1011 model , the researchers believe that it affects the entire Samsung SmartCam series . Ironically the vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to turn on the disabled web management interface , whose removal was criticized by some users . The Exploiteers published Vulnerability-related.DiscoverVulnerability a proof-of-concept exploit that does just that .

Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Vulnerability-related.DiscoverVulnerability Monday after private disclosures Vulnerability-related.DiscoverVulnerability made to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security found Vulnerability-related.DiscoverVulnerability accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro said Vulnerability-related.DiscoverVulnerability he disclosed Vulnerability-related.DiscoverVulnerability the vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro published Vulnerability-related.DiscoverVulnerability a proof of concept exploit yesterday as well . Ribeiro told Vulnerability-related.DiscoverVulnerability Threatpost he ’ s unsure whether TrueOnline introduced Vulnerability-related.DiscoverVulnerability the vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developed Vulnerability-related.PatchVulnerability . A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities found Vulnerability-related.DiscoverVulnerability by Ribeiro , in particular several ASP files , he said Vulnerability-related.DiscoverVulnerability , are vulnerable Vulnerability-related.DiscoverVulnerability to command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affected Vulnerability-related.DiscoverVulnerability by the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are available Vulnerability-related.DiscoverVulnerability for three of the vulnerabilities . Most of the vulnerabilities can be exploited Vulnerability-related.DiscoverVulnerability remotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerable Vulnerability-related.DiscoverVulnerability to an unauthenticated command injection attack that can be exploited remotely . Ribeiro said Vulnerability-related.DiscoverVulnerability he found Vulnerability-related.DiscoverVulnerability the vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router contains Vulnerability-related.DiscoverVulnerability the same vulnerability , but can not be exploited Vulnerability-related.DiscoverVulnerability without authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attacks ; the vulnerability was found Vulnerability-related.DiscoverVulnerability in its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patched Vulnerability-related.PatchVulnerability a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patching Vulnerability-related.PatchVulnerability for Microsoft .

IP cameras manufactured by Chinese vendor Fosscam are riddled Vulnerability-related.DiscoverVulnerability with security flaws that allow an attacker to take over the device and penetrate your network . The issues came to light yesterday when Finnish cyber-security firm F-Secure published Vulnerability-related.DiscoverVulnerability its findings after Fosscam failed to answer bug reports Vulnerability-related.DiscoverVulnerability and patch Vulnerability-related.PatchVulnerability its firmware . Below is a list of 18 vulnerabilities researchers discovered Vulnerability-related.DiscoverVulnerability in Fosscam IP cameras : The variety of issues F-Secure researchers discovered Vulnerability-related.DiscoverVulnerability means there are multiple ways an attacker can hack one of these devices and use it for various operations . `` For example , an attacker can view the video feed , control the camera operation , and upload and download files from the built-in FTP server , '' F-Secure says. `` They can stop or freeze the video feed , and use the compromised device for further actions such as DDoS or other malicious activity . '' `` If the device is in a corporate local area network , and the attacker gains access to the network , they can compromise the device and infect it with a persistent remote access malware . The malware would then allow the attacker unfettered access to the corporate network and the associated resources , '' researchers added . F-Secure researchers say Vulnerability-related.DiscoverVulnerability all these vulnerabilities have been confirmed Vulnerability-related.DiscoverVulnerability in Fosscam C2 models , but also in Opticam i5 , an IP camera sold by another vendor , but based on a white-label Fosscam device . In fact , researchers suspect that Fosscam has sold the vulnerable IP camera model as a white-label product , which other companies bought , plastered their logo on top , and resold as their own devices . F-Secure says it identified 14 other vendors that sell Fosscam made cameras , but they have not tested their products as of yet . F-Secure recommends that network administrators remove any Fosscam made IP camera from their network until the Chinese company patches Vulnerability-related.PatchVulnerability its firmware .

Facebook is dismissing Vulnerability-related.DiscoverVulnerability claims Vulnerability-related.DiscoverVulnerability by a researcher who says Vulnerability-related.DiscoverVulnerability multimedia content such as audio-based messages sent via its Facebook Messenger service can be intercepted by a third-party under certain conditions . On Tuesday , Mohamed Baset , a security analyst at ecommerce firm Linio México , published Vulnerability-related.DiscoverVulnerability a proof-of-concept video demonstrating what he calls Vulnerability-related.DiscoverVulnerability a Facebook flaw that allows an attacker to access audio or video files from Facebook servers and play them back . Facebook is dismissing Vulnerability-related.DiscoverVulnerability Baset ’ s claims Vulnerability-related.DiscoverVulnerability , telling Threatpost , “ We appreciate researcher reports , but this is not a flaw and does not impact the normal functioning of voice clips on Messenger ” . Baset concedes that the alleged threat he illustrates represents a “ narrow attack surface ” and is “ not really that dangerous for most users ” .

A security flaw affecting Vulnerability-related.DiscoverVulnerability LibreOffice and Apache OpenOffice has been fixed Vulnerability-related.PatchVulnerability in one of the two open-source office suites . The other still appears to be vulnerable Vulnerability-related.DiscoverVulnerability . Before attempting to guess which app has yet to be patched Vulnerability-related.PatchVulnerability , consider that Apache OpenOffice for years has struggled attract more contributors . And though the number of people adding code to the project has grown since last we checked , the project missed its recent January report to the Apache Foundation . The upshot is : security holes are n't being patched Vulnerability-related.PatchVulnerability , it seems . The issue , identified Vulnerability-related.DiscoverVulnerability by security researcher Alex Inführ , is that there 's a way to achieve remote code execution by triggering an event embedded in an ODT ( OpenDocument Text ) file . In a blog post on Friday , Inführ explains Vulnerability-related.DiscoverVulnerability how he found Vulnerability-related.DiscoverVulnerability a way to abuse the OpenDocument scripting framework by adding an onmouseover event to a link in an ODT file . The event , which fires when a user 's mouse pointer moves over the link , can traverse local directories and execute a local Python script . After trying various approaches to exploit the vulnerability , Inführ found Vulnerability-related.DiscoverVulnerability that he could rig the event to call a specific function within a Python file included with the Python interpreter that ships with LibreOffice . `` For the solution I looked into the Python parsing code a little more in depth and discovered that it is not only possible to specify the function you want to call inside a python script , but it is possible to pass parameters as well , '' he said . The exploit was tested on Windows , and should work on Linux , too . Inführ says Vulnerability-related.DiscoverVulnerability he reported Vulnerability-related.DiscoverVulnerability the bug on October 18 and it was fixed Vulnerability-related.PatchVulnerability in LibreOffice by the end of the month . RedHat assigned Vulnerability-related.DiscoverVulnerability it CVE-2018-16858 in mid-November and gave Inführ a disclosure Vulnerability-related.DiscoverVulnerability date of January 31 , 2019 . When he published Vulnerability-related.DiscoverVulnerability on February 1 , in conjunction with the LibreOffice fix notification , OpenOffice still had not been patched Vulnerability-related.PatchVulnerability . Inführ says Vulnerability-related.DiscoverVulnerability he reconfirmed Vulnerability-related.DiscoverVulnerability that he could go ahead with disclosure Vulnerability-related.DiscoverVulnerability even though OpenOffice 4.16 has yet to be fixed Vulnerability-related.PatchVulnerability . His proof-of-concept exploit does n't work with OpenOffice out-of-the-box because the software does n't allow parameters to be passed in the same way as the unpatched version of LibreOffice did . However , he says Vulnerability-related.DiscoverVulnerability that the path traversal issue can still be abused to execute a local Python file and cause further mischief and damage . We 're imagining specifically targeted netizens being tricked Attack.Phishing into opening a ZIP file , unpacking an ODT and Python script , and then the ODT document attempting to execute the Python script when the victim rolls their mouse over a link , for instance . The Register tried to reach two OpenOffice contributors to find out what 's going on . We 've not heard back . According to Inführ , OpenOffice users can mitigate the risk by removing or renaming the pythonscript.py file in the installation folder .

Commonly used office printers and multi-function devices can be exploited Vulnerability-related.DiscoverVulnerability to leak information and execute code , presenting multiple attack vectors that are often overlooked , a security researcher has found Vulnerability-related.DiscoverVulnerability . Jens Müller from the Ruhr-Universität Bochum in Germany published Vulnerability-related.DiscoverVulnerability multiple advisories on vulnerabilities that he had discovered Vulnerability-related.DiscoverVulnerability as part of his Master 's degree thesis on the security of printers . The vulnerabilites stem from vendors not separating page description languages such as PostScript and PJL/PCL used to generate the output from printer control . `` Potentially harmful commands can be executed by anyone who has the right to print , '' Müller said . Müller outlined multiple attacks on his Hacking Printers wiki , ranging from accessing print jobs to credentials disclosure and bypassing device security , and included proofs of concept . HP LaserJet 1200 , 4200N and 4250N as well as Dell 3130cn and Samsung Multipress 6345N have a vulnerable Vulnerability-related.DiscoverVulnerability line printer daemon ( LPD ) service that can not handle usernames with 150 or more characters . Sending a long username to the LPD service on the above devices crashes the printer , requiring manual restart to bring it back up . Müller said Vulnerability-related.DiscoverVulnerability with correct shellcode and return address , the vulnerability could be used for remote code execution . More printers than the above are likely to be vulnerable , he said . It is even possible to launch denial of service attacks against printers that support PJL , and permanently damage the non-volatile random access memory ( NVRAM ) that is used to persistently store settings for the devices , Müller found . He tested the NVRAM destruction attack on printers from Brother , Konica Minolta , Lexmark , Dell and HP , and verified that they are vulnerable Vulnerability-related.DiscoverVulnerability . Printers can be attacked via networks or USB interfaces .

The Internet Systems Consortium patched Vulnerability-related.PatchVulnerability the BIND domain name system this week , addressing Vulnerability-related.PatchVulnerability a remotely exploitable vulnerability it considers high severity and said could lead to a crash . The issue affects Vulnerability-related.DiscoverVulnerability servers that use both the DNS64 and RPZ function simultaneously . DNS64 is a mechanism for synthesizing AAAA records from A records . It ’ s traditionally used to allow IPv6-only clients to receive IPv6 addresses proxied to IPv4 addresses . The RPZ mechanism is used by Domain Name System recursive resolvers to allow for the customized handling of the resolution of collections of domain name information . Versions 9.8.8 , 9.9.3-S1 , 9.9.3 , 9.9.10b1 , 9.10.0 , and 9.10.5b1 , 9.11.0 are all considered vulnerable Vulnerability-related.DiscoverVulnerability , according to the ISC . When servers use both mechanisms simultaneously , a vulnerability ( CVE-2017-3135 ) that stems from query processing could result in an inconsistent state , triggering either an INSIST assertion failure or an attempt to read through a NULL pointer , according to a security advisory published Vulnerability-related.DiscoverVulnerability Wednesday . The INSIST assertion failure could lead to a subsequent abort , ISC said , while the NULL pointer in some instances can lead to a segmentation fault , which causes the process to be terminated . Ramesh Damodaran and Aliaksandr Shubnik , engineers at Infoblox , a Silicon Valley firm that does DNS , DHCP and IP management , uncovered Vulnerability-related.DiscoverVulnerability the vulnerability and reported Vulnerability-related.DiscoverVulnerability it to the ISC . Damodaran previously helped identified Vulnerability-related.DiscoverVulnerability an unspecified packet processing remote denial of service vulnerability in BIND 9 . The Internet Systems Consortium patched Vulnerability-related.PatchVulnerability the BIND domain name system this week , addressing Vulnerability-related.PatchVulnerability what it calls a critical error condition in the software . Researchers find industrial control system malware similar to BlackEnergy , Havex , and Stuxnet going undetected on Google VirusTotal for years . The Internet Systems Consortium ( ISC ) announced it is planning to patch Vulnerability-related.PatchVulnerability versions of its DHCP to mitigate Vulnerability-related.PatchVulnerability a denial of service vulnerability .