Cisco has released Vulnerability-related.PatchVulnerability fixes for 34 flaws in its software , including 24 that affect Vulnerability-related.DiscoverVulnerability its FXOS software for Firepower firewalls and NX-OS software for Nexus switches . Cisco 's June updates include fixes for five critical arbitrary code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability FXOS and NX-OS and 19 high-rated flaws affecting Vulnerability-related.DiscoverVulnerability the software . Four of the critical flaws affect Vulnerability-related.DiscoverVulnerability FXOS and NX-OS Cisco Fabric Services , while the fifth one affects Vulnerability-related.DiscoverVulnerability the NX-API feature of NX-OS . All have a CVSS v3 score of 9.8 out of a maximum of 10 . Cisco Fabric Services facilitate distribution and synchronization of configuration data between Cisco devices on the same network . Some of the flaws allow an unauthenticated , remote attack to execute arbitrary code and one allows an attacker to do so as root . Multiple switches are vulnerable Vulnerability-related.DiscoverVulnerability if they 've been configured to use Cisco Fabric Services , including its Nexus 2000 series through to Nexus 9000 series switches , as well as Cisco 's Firepower 4100 Series Next-Gen Firewalls and other hardware . The insufficient input validation may occur when FXOS and NX-OS process Cisco Fabric Services packets received during distribution and synchronization . There are various ways to exploit each of the flaws , depending on what Cisco Fabric Services distribution types have been configured . For example , if Fibre Channel ports are configured as a distribution type for a device , the attack could occur via Fibre Channel over Ethernet ( FCoE ) or Fibre Channel over IP ( FCIP ) . Cisco has already rolled out Vulnerability-related.PatchVulnerability fixes in some releases of FXOS and NX-OS . Cisco posted a blog this week explaining why it often fixes Vulnerability-related.PatchVulnerability bugs in IOS and NX-OS releases before disclosing Vulnerability-related.DiscoverVulnerability them in an advisory . It 's a practice that appears to cause confusion for customers wondering why it has n't told them fixed code has been available Vulnerability-related.PatchVulnerability for several months before it discloses Vulnerability-related.DiscoverVulnerability them . Cisco 's answer is that some flaws affect Vulnerability-related.DiscoverVulnerability more than 50 versions of its software . `` There have been some questions as to why creating Vulnerability-related.PatchVulnerability fixes and releasing Vulnerability-related.PatchVulnerability updates can take several weeks , or sometimes even months , before an advisory is published , '' Cisco 's Customer Assurance Security Programs team wrote . `` In some cases , there is a large number of supported software versions to be updated . The number of affected versions that will be updated Vulnerability-related.PatchVulnerability can range from single digits to nearly 50 or more . We are committed to issuing Vulnerability-related.PatchVulnerability fixes for every one of those supported versions . '' `` If we disclosed Vulnerability-related.DiscoverVulnerability the vulnerability after only fixing Vulnerability-related.PatchVulnerability one release , we would unnecessarily expose all customers running Vulnerability-related.PatchVulnerability other releases to potential exploitation once details about the attack itself became public . '' There are also 10 medium-severity flaws , including one that affects Vulnerability-related.DiscoverVulnerability some WebEx endpoints due to an already disclosed flaw in Nvidia 's Tegra TX1 chips .

Security biz Qualys has revealed Vulnerability-related.DiscoverVulnerability three vulnerabilities in a component of systemd , a system and service manager used in most major Linux distributions . Patches for the three flaws – CVE-2018-16864 , CVE-2018-16865 , and CVE-2018-16866 – should appear in Vulnerability-related.PatchVulnerability distro repos soon as a result of coordinated disclosure . However , Linux distributions such as Debian remain vulnerable Vulnerability-related.DiscoverVulnerability at the moment , depending on the version you have installed . `` They 're aware Vulnerability-related.DiscoverVulnerability of the issues and they 're releasing Vulnerability-related.PatchVulnerability patches , '' said Jimmy Graham , director of product management at Qualys , in a phone interview with The Register . `` I do n't believe Red Hat has released Vulnerability-related.PatchVulnerability one but it should be coming shortly . '' The bugs were found Vulnerability-related.DiscoverVulnerability in systemd-journald , a part of systemd that handles the collection and storage of log data . The first two CVEs refer to memory corruption flaws while the third involves an out of bounds error that can leak data . CVE-2018-16864 can be exploited Vulnerability-related.DiscoverVulnerability by malware running on a Linux box , or a malicious logged-in user , to crash and potentially hijack the systemd-journald system service , elevating access from user to root . CVE-2018-16865 and CVE-2018-16866 can be exploited Vulnerability-related.DiscoverVulnerability together by a local attacker to crash or hijack the root-privileged journal service . While systemd is n't universally beloved in the Linux community , Graham sees nothing unusual about the presence of the three flaws in the software . `` The noteworthiness to me is that it is very commonly found in most major distributions , '' he said . Qualys contends all systemd-based Linux distros are vulnerable Vulnerability-related.DiscoverVulnerability , though the vulnerabilities can not be exploited Vulnerability-related.DiscoverVulnerability in SUSE Linux Enterprise 15 , openSUSE Leap 15.0 , and Fedora 28 and 29 because their user-land code is compiled with GCC 's -fstack-clash-protection option . The security biz calls it a simplified stack clash – where the size of the stack gets changed to overlap with other memory areas – because it only requires the last two steps in a four step process : Clashing the stack with another memory region , moving the stack-pointer to the stack start , jumping over the stack guard-page into another memory region , and smashing the stack or memory space . The third bug , CVE-2018-16866 , appeared in Vulnerability-related.DiscoverVulnerability June 2015 ( systemd v221 ) and , Qualys says , was fixed Vulnerability-related.PatchVulnerability inadvertently in August 2018 . In code where the flaw still exists Vulnerability-related.DiscoverVulnerability , it could allow an attacker to read out of bounds information , resulting in information leakage . `` The risk [ of these issues ] is a local privilege escalation to root , '' said Graham . `` It 's something that should still be a concern because usually attackers do n't just use one vulnerability to comprise a system . They often chain vulnerabilities together . ''

When it comes to fixing Vulnerability-related.PatchVulnerability security vulnerabilities , it should be clear by now that words only count when they ’ re swiftly followed by actions . Ask peripherals maker Logitech , which last week became the latest company to find itself on the receiving end of an embarrassing public flaw disclosure Vulnerability-related.DiscoverVulnerability by Google ’ s Project Zero team . In September , Project Zero researcher Tavis Ormandy installed Logitech ’ s Options application for Windows ( available separately for Mac ) , used to customise buttons on the company ’ s keyboards , mice , and touchpads . Pretty quickly , he noticed Vulnerability-related.DiscoverVulnerability some problems with the application ’ s design , starting with the fact that it… opens a websocket server on port 10134 that any website can connect to , and has no origin checking at all . Websockets simplify the communication between a client and a server and , unlike HTTP , make it possible for servers to send data to clients without first being asked to , which creates additional security risks . The only “ authentication ” is that you have to provide a pid [ process ID ] of a process owned by your user , but you get unlimited guesses so you can bruteforce it in microseconds . Ormandy claimed Vulnerability-related.DiscoverVulnerability this might offer attackers a way of executing keystroke injection to take control of a Windows PC running the software . Within days of contacting Logitech , Ormandy says he had a meeting to discuss Vulnerability-related.DiscoverVulnerability the vulnerability with its engineers on 18 September , who assured him they understood the problem . A new version of Options appeared Vulnerability-related.PatchVulnerability on 1 October without a fix , although in fairness to Logitech that was probably too soon for any patch for Ormandy ’ s vulnerability to be included Vulnerability-related.PatchVulnerability . As anyone who ’ s followed Google ’ s Project Zero will know , it operates a strict 90-day deadline for a company to fix Vulnerability-related.PatchVulnerability vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability to it , after which they are made public Vulnerability-related.DiscoverVulnerability . I would recommend disabling Logitech Options until an update is available Vulnerability-related.PatchVulnerability . Clearly , the disclosure got things moving – on 13 December , Logitech suddenly updated Vulnerability-related.PatchVulnerability Options to version 7.00.564 ( 7.00.554 for Mac ) . The company also tweeted that the flaws had been fixed Vulnerability-related.PatchVulnerability , confirmed by Ormandy on the same day . Logitech aren ’ t the first to feel Project Zero ’ s guillotine on their neck . Earlier in 2018 , Microsoft ran into a similar issue over a vulnerability found Vulnerability-related.DiscoverVulnerability by Project Zero in the Edge browser . Times have changed – vendors have to move from learning about a bug to releasing Vulnerability-related.PatchVulnerability a fix much more rapidly than they used to .

A broad array of Android phones are vulnerable Vulnerability-related.DiscoverVulnerability to attacks that use booby-trapped Wi-Fi signals to achieve full device takeover , a researcher has demonstrated Vulnerability-related.DiscoverVulnerability . The vulnerability resides in Vulnerability-related.DiscoverVulnerability a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices . Apple patched Vulnerability-related.PatchVulnerability the vulnerability with Monday 's release Vulnerability-related.PatchVulnerability of iOS 10.3.1 . `` An attacker within range may be able to execute arbitrary code on the Wi-Fi chip , '' Apple 's accompanying advisory warned Vulnerability-related.DiscoverVulnerability . In a highly detailed blog post published Vulnerability-related.DiscoverVulnerability Tuesday , the Google Project Zero researcher who discovered Vulnerability-related.DiscoverVulnerability the flaw said Vulnerability-related.DiscoverVulnerability it allowed the execution of malicious code on a fully updated 6P `` by Wi-Fi proximity alone , requiring no user interaction . '' Google is in the process of releasing Vulnerability-related.PatchVulnerability an update in its April security bulletin . The fix is available Vulnerability-related.PatchVulnerability only to a select number of device models , and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible . Company representatives did n't respond to an e-mail seeking comment for this post . The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values . The values , in turn , cause the firmware running on Broadcom 's wireless system-on-chip to overflow its stack . By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks , Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode . Beniamini 's code does nothing more than write a benign value to a specific memory address . Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point . Besides the specific stack overflow bugs exploited Vulnerability-related.DiscoverVulnerability by the proof-of-concept attack , Beniamini said Vulnerability-related.DiscoverVulnerability a lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target . `` We ’ ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex , it still lags behind in terms of security , '' he wrote . `` Specifically , it lacks all basic exploit mitigations—including stack cookies , safe unlinking and access permission protection ( by means of [ a memory protection unit . ] ) '' The Broadcom chipset contains an MPU , but the researcher found that it 's implemented in a way that effectively makes all memory readable , writeable , and executable . `` We can conveniently execute our code directly from the heap . '' He said that Broadcom has informed him that newer versions of the chipset implement the MPU more effectively and also add unspecified additional security mechanisms . Given the severity of the vulnerability , people with affected Vulnerability-related.DiscoverVulnerability devices should install Vulnerability-related.PatchVulnerability a patch as soon as it 's available . For those with vulnerable iPhones , that 's easy enough . As is all too often the case for Android users , there 's no easy way to get Vulnerability-related.PatchVulnerability a fix immediately , if at all . That 's because Google continues to stagger the release Vulnerability-related.PatchVulnerability of its monthly patch bundle for the minority of devices that are eligible to receive it . At the moment , it 's not clear if there are effective workarounds available for vulnerable devices . Turning off Wi-Fi is one possibility , but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones , devices often relay Wi-Fi frames even when Wi-Fi is turned off

Businesses that failed to update Windows-based computer systems that were hit by a massive cyber attack over the weekend could be sued over their lax cyber security , but Microsoft itself enjoys strong protection from lawsuits , legal experts said . The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday , disrupting Attack.Ransom car factories , global shipper FedEx Corp and Britain 's National Health Service , among others . The hacking tool spreads silently between computers , shutting them down by encrypting data and then demanding a ransom Attack.Ransom of US $ 300 to unlock them . According to Microsoft , computers affected by the ransomware did not have security patches for various Windows versions installed or were running Windows XP , which the company no longer supports . `` Using outdated versions of Windows that are no longer supported raises a lot of questions , '' said Christopher Dore , a lawyer specializing in digital privacy law at Edelson PC . `` It would arguably be knowingly negligent to let those systems stay in place. ” Businesses could face legal claims if they failed to deliver services because of the attack , said Edward McAndrew , a data privacy lawyer at Ballard Spahr . `` There is this stream of liability that flows from the ransomware attack Attack.Ransom , '' he said `` That 's liability to individuals , consumers and patients , '' WannaCry exploits Vulnerability-related.DiscoverVulnerability a vulnerability in older versions of Windows , including Windows 7 and Windows XP . Microsoft issued Vulnerability-related.PatchVulnerability a security update in March that stops WannaCry and other malware in Windows 7 . Over the weekend the company took the unusual step of releasing Vulnerability-related.PatchVulnerability a similar patch for Windows XP , which the company announced in 2014 it would no longer support . Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security . His law firm sued LinkedIn after a 2012 data breach Attack.Databreach , alleging individuals paid for premium accounts because the company falsely stated it had top-quality cyber security measures . LinkedIn settled for US $ 1.25 million in 2014 . But Scott Vernick , a data security lawyer at Fox Rothschild that represents companies , said he was sceptical that WannaCry would produce a flood of consumer lawsuits . He noted there was no indication the cyber attack had resulted in widespread disclosure of personal data . `` It isn ’ t clear that there has been a harm to consumers , '' he said . Vernick said businesses that failed to update their software could face scrutiny from the US Federal Trade Commission , which has previously sued companies for misrepresenting their data privacy measures . Microsoft itself is unlikely to face legal trouble over the flaw in Windows being exploited Vulnerability-related.DiscoverVulnerability by WannaCry , according to legal experts . When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches , said Michael Scott , a professor at Southwestern Law School . Courts have consistently upheld those agreements , he said . Alex Abdo , a staff attorney at the Knight First Amendment Institute at Columbia University , said Microsoft and other software companies have strategically settled lawsuits that could lead to court rulings weakening their licensing agreements . `` This area of law has been stunted in its growth , '' he said . `` It is very difficult to hold software manufacturers accountable for flaws in their products . '' Also enjoying strong protection from liability over the cyber attack is the US National Security Agency , whose stolen hacking tool is believed to be the basis for WannaCry . The NSA did not immediately return a request for comment . Jonathan Zittrain , a professor specializing in internet law at Harvard Law School , said courts have frequently dismissed lawsuits against the agency on the grounds they might result in the disclosure of top secret information . On top of that , the NSA would likely be able to claim that it is shielded from liability under the doctrine of sovereign immunity , which says that the government can not be sued over carrying out its official duties . `` I doubt there can be any liability that stems back to the NSA , '' Dore said .

The industrial company on Tuesday released Vulnerability-related.PatchVulnerability mitigations for eight vulnerabilities overall . Siemens AG on Tuesday issued Vulnerability-related.PatchVulnerability a slew of fixes addressing Vulnerability-related.PatchVulnerability eight vulnerabilities spanning its industrial product lines . The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens ’ SCALANCE firewall product . The flaw could allow an attacker to gain unauthorized access Attack.Databreach to industrial networks and ultimately put operations and production at risk . The SCALANCE S firewall is used to protect secure industrial networks from untrusted network traffic , and allows filtering incoming and outgoing network connections in different ways . Siemens S602 , S612 , S623 , S627-2M SCALANCE devices with software versions prior to V4.0.1.1 are impacted Vulnerability-related.DiscoverVulnerability . Researchers with Applied Risk , who discovered Vulnerability-related.DiscoverVulnerability the flaw , said Vulnerability-related.DiscoverVulnerability that vulnerability exists in Vulnerability-related.DiscoverVulnerability the web server of the firewall software . An attacker can carry out the attack by crafting Attack.Phishing a malicious link and tricking Attack.Phishing an administrator – who is logged into the web server – to click that link . Once an admin does so , the attacker can execute commands on the web server , on the administrator ’ s behalf . “ The integrated web server allows a cross-site scripting attack if an administrator is misled Attack.Phishing into accessing a malicious link , ” Applied Risk researcher Nelson Berg said in Vulnerability-related.DiscoverVulnerability an analysis Vulnerability-related.DiscoverVulnerability of the flaw . “ Successful exploitation may lead to the ability to bypass critical security measures provided by the firewall. ” Exploitation of this vulnerability could ultimately enable threat actors to bypass critical security functions provided by the firewall , potentially providing access to industrial networks and putting operations and production at risk . The vulnerability , CVE-2018-16555 , has a CVSS score which Applied Risk researcher calculates Vulnerability-related.DiscoverVulnerability to be 8.2 ( or high severity ) . That said , researchers said Vulnerability-related.DiscoverVulnerability a successful exploit is not completely seamless and takes some time and effort to carry out – for an attacker to exploit the flaw , user interaction is required and the administrator must be logged into the web interface . Researchers said Vulnerability-related.DiscoverVulnerability that no exploit of the vulnerability has been discovered Vulnerability-related.DiscoverVulnerability thus far . Siemens addressed Vulnerability-related.PatchVulnerability the reported vulnerability by releasing Vulnerability-related.PatchVulnerability a software update ( V4.0.1.1 ) and also advised customers to “ only access links from trusted sources in the browser you use to access the SCALANCE S administration website. ” The industrial company also released Vulnerability-related.PatchVulnerability an array of fixes for other vulnerabilities on Tuesday . Overall , eight advisories were released by the US CERT . Another serious vulnerability ( CVE-2018-16556 ) addressed Vulnerability-related.PatchVulnerability was an improper input validation flaw in certain Siemens S7-400 CPUs . Successful exploitation of these vulnerabilities could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation , according to the advisory . “ Specially crafted packets sent to Port 102/TCP via Ethernet interface , via PROFIBUS , or via multi-point interfaces ( MPI ) could cause the affected devices to go into defect mode . Manual reboot is required to resume normal operation , ” according to US Cert . An improper access control vulnerability that is exploitable Vulnerability-related.DiscoverVulnerability remotely in Siemens IEC 61850 system configurator , DIGSI 5 , DIGSI 4 , SICAM PAS/PQS , SICAM PQ Analyzer , and SICAM SCC , was also mitigated Vulnerability-related.PatchVulnerability . The vulnerability , CVE-2018-4858 , has a CVSS of 4.2 and exists in Vulnerability-related.DiscoverVulnerability a service of the affected products listening on all of the host ’ s network interfaces on either Port 4884/TCP , Port 5885/TCP , or Port 5886/TCP . The service could allow an attacker to either exfiltrate Attack.Databreach limited data from the system or execute code with Microsoft Windows user permissions . Also mitigated Vulnerability-related.PatchVulnerability were an improper authentication vulnerability ( CVE-2018-13804 ) in SIMATIC IT Production Suite and a code injection vulnerability ( CVE-2018-13814 ) in SIMATIC Panels and SIMATIC WinCC that could allow an attacker with network access to the web server to perform a HTTP header injection attack .