Critical Infrastructure

SecList ICS

• Incident Response report 2018
• Threat Landscape for Industrial Automation Systems in H2 2018

Security Magazine

• Instituting Security in IoT Networks to Prepare for Massive 5G Rollouts
• Two Teens Jump Fence at Nuclear Reactor Facility
• Stepping Up Security for Transit Riders
• Product Spotlight: GSOC Products And Solutions
• Cybersecurity for Critical Infrastructure
• How to Meet the Growing Demand for Cybersecurity Professionals

• George Anderson, World Trade Center Security Director for the Port Authority of New York and New Jersey, to Receive 2019 SIA Insightful Practitioner Award
• American Airlines Mechanic Accused of Tampering with Plane
• Ensuring Duty of Care for Traveling Employees
• TSA Announces its "Cutest K9"
• Port of Indiana – Burns Harbor Awarded Funds for Security Services
• Port of Baltimore Receives Federal Grant to Strengthen Security

• Cincinnati Metro Introduces New Buses with Surveillance Cameras
• Dean Stecklair Named 2018 Amtrak Police Department Officer of the Year
• Bay Area Rapid Transit Receives $1.7 Million Federal Grant for Police Patrols
• Senate Bill Would Create a National Supply Chain Security Center
• St. Louis Metro Transit Announces New Public Safety Leadership Team
• Drug Positivity Rates Affecting Retail, Healthcare and More Sectors

Case Studies

• Safeguarding Security and Loss Prevention at Gap Inc.
• When Physical Intrusions Lead to Digital Breaches
• How Unified Device Management Is Critical to BYOD Enterprises
• Security Implications of the Electric Smart Grid
• Automating Security Incident Respons
• Defense in Depth: A Layered Approach to Network Security

• Collecting Insights and Metrics with Guard Tour Software
• Florida-based Company Protects Government Buildings with Window Film
• Simplify Connected Campus Security
• George Mason University: Migrating to Smart “One Card” Student ID
• NOVA Upgrades to Networked Power
• New Aloft Dubai Hotel Implements Advanced Surveillance System for Guest Protection

News

• Personal Data From Entire 16.6M Population Of Ecuador Leaked Online
• Uber Confirms Account Takeover Vulnerability
• iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
• 198M Records Of Prospective Auto Buyers Leaked
• LastPass Bug Leaks Credentials From Previous Site
• Instagram Fixed Flaw That Links Account Info To PII
• France To Block Facebook's Libra Cryptocurrency In Europe
• InnfiRAT Malware Lurks To Steal Cryptocurrency Wallet Data
• Infosec Duo Cuffed After Physically Breaking Into Courthouse During IT Security Assessment
• New Simjacker Attack Exploited In The Wild To Track Users For At Least Two Years
• Major Fraud Scheme Exposed By Insecure Database
• UNICEF Leaks Personal Data Of 8,000 Users Via Email Blunder
• Fin7 Operator Pleads Guilty To Two Counts
• Weakness In Intel Chips Lets Researchers Steal Encrypted SSH Keystrokes
• Suspected Commonwealth Games DDoS Was Only A Fortnite Update
• Secret Service Probing Breach At Federal IT Contractor
• 281 People Indicted In Massive Email Fraud Scheme
• The Cyberwar In Yemen
• Ransomware Disrupts Illinois School District's Systems
• 51 Tech CEOs Send Open Letter To Congress Asking For A Federal Data Privacy Law
• Now You Have To Jump Through Extra Hoops To Get Money From The Equifax Hack
• Apple, Angry At Google, Hits Back At Hack Claims
• Telnet Backdoor Opens More Than 1M IoT Radios To Hijack
• Brain Hack Devices Must Be Scrutinized, Say Top Scientists
• Researchers Expose Another Instance Of Chrome Patch Gapping

Exploits

• LastPass Credential Leak From Previous Site
• Inteno IOPSYS Gateway 3DES Key Extraction Improper Access
• docPrint Pro 8.0 SEH Buffer Overflow
• AppXSvc 17763.1.amd64fre.rs5_release.180914-1434 Privilege Escalation
• Webmin 1.920 Remote Code Execution
• College-Management-System 1.2 Authentication Bypass
• Ticket-Booking 1.4 Authentication Bypass
• Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
• phpMyAdmin 4.9.0.1 Cross Site Request Forgery
• Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
• Folder Lock 7.7.9 Denial Of Service
• FTPShell Client 6.74 Buffer Overflow
• LimeSurvey 3.17.13 Cross Site Scripting
• Generic Zip Slip Traversal
• Opencart 2.3.0.2 Pre-Auth Remote Command Execution
• Microsoft DirectWrite sfac_GetSbitBitmap Out-Of-Bounds Read
• Microsoft DirectWrite SplicePixel Invalid Read
• eWON Flexy 13.0 Authentication Bypass
• OpenEdx Ironwood.1 Cross Site Scripting
• WordPress SlickQuiz 1.3.7.1 SQL Injection
• WordPress SlickQuiz 1.3.7.1 Cross Site Scripting
• AVCON6 Systems Management Platform Remote Root
• WordPress Checklist 1.1.5 Cross Site Scripting
• WordPress Photo Gallery 1.5.34 Cross Site Scripting
• WordPress Photo Gallery 1.5.34 SQL Injection

• [webapps] CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection
• [local] docPrint Pro 8.0 - SEH Buffer Overflow
• [webapps] Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload
• [remote] Inteno IOPSYS Gateway - Improper Access Restrictions
• [local] AppXSvc - Privilege Escalation
• [webapps] College-Management-System 1.2 - Authentication Bypass
• [webapps] Ticket-Booking 1.4 - Authentication Bypass
• [webapps] LimeSurvey 3.17.13 - Cross-Site Scripting
• [webapps] phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
• [webapps] Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
• [dos] Folder Lock 7.7.9 - Denial of Service
• [dos] Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts
• [dos] Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts
• [webapps] eWON Flexy - Authentication Bypass
• [webapps] AVCON6 systems management platform - OGNL Remote Command Execution
• [local] Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
• [local] Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
• [remote] October CMS - Upload Protection Bypass Code Execution (Metasploit)
• [remote] LibreNMS - Collectd Command Injection (Metasploit)
• [webapps] WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
• [webapps] WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
• [webapps] WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
• [webapps] Dolibarr ERP-CRM 10.0.1 - SQL Injection
• [webapps] WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
• [webapps] Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure
• [webapps] Online Appointment - SQL Injection
• [webapps] Enigma NMS 65.0.0 - SQL Injection
• [webapps] Enigma NMS 65.0.0 - OS Command Injection
• [webapps] Enigma NMS 65.0.0 - Cross-Site Request Forgery
• [webapps] Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
• [webapps] WordPress 5.2.3 - Cross-Site Host Modification
• [remote] FusionPBX 4.4.8 - Remote Code Execution
• [local] Windows NTFS - Privileged File Access Enumeration
• [webapps] Inventory Webapp - 'itemquery' SQL injection
• [remote] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
• [remote] AwindInc SNMP Service - Command Injection (Metasploit)
• [webapps] DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
• [webapps] WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
• [webapps] FileThingie 2.5.7 - Arbitrary File Upload
• [remote] Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)
• [remote] Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
• [remote] Cisco UCS Director - default scpuser password (Metasploit)
• [local] ptrace - Sudo Token Privilege Escalation (Metasploit)
• [local] ktsuss 1.4 - suid Privilege Escalation (Metasploit)
• [webapps] Craft CMS 2.7.9/3.2.5 - Information Disclosure
• [local] Kaseya VSA agent 9.5 - Privilege Escalation

Last 20 Website Defacements - Zone-h

• http://healthws.ntwo.moph.go.th
• http://kpi.ntwo.moph.go.th
• http://pns.ntwo.moph.go.th
• http://ntwo.moph.go.th
• http://hsbcprivatebanking.srdb.gop.pk/read.htm
• http://ecobanknigplc.srdb.gop.pk/read.htm
• http://centralbanknig.srdb.gop.pk/read.htm
• https://srdb.gop.pk/read.htm
• https://cianjurkab.go.id
• https://kominfo.jogjakota.go.id
• https://www.mps.gov.my/sites/default/gsh.html
• http://www.mbpp.gov.my/sites/default/gsh.html
• http://www.cpgrams.ts.nic.in/important/indonesia.txt5
• http://www.rcueshyd.gov.in/images/indonesia.php5
• https://www.kpp2.go.th/index.php
• http://immchonburi.go.th/main
• http://dnacpn.gouv.ml/rx.html
• http://uyd.yb.gov.ng/virusa.html
• http://www.tspa.gov.in
• http://ehajira.gov.bd/rx.html

Advisories

• Ubuntu Security Notice USN-4124-2 Mon, 16 Sep 2019 16:00:28 GMT
  Ubuntu Security Notice 4124-2 - USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Various other issues were also addressed.
• Debian Security Advisory 4523-1 Mon, 16 Sep 2019 16:00:11 GMT
  Debian Linux Security Advisory 4523-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.
• Red Hat Security Advisory 2019-2774-01 Mon, 16 Sep 2019 15:56:49 GMT
  Red Hat Security Advisory 2019-2774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-4134-1 Mon, 16 Sep 2019 15:56:34 GMT
  Ubuntu Security Notice 4134-1 - Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
• Ubuntu Security Notice USN-4133-1 Mon, 16 Sep 2019 15:53:09 GMT
  Ubuntu Security Notice 4133-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
• Debian Security Advisory 4522-1 Mon, 16 Sep 2019 15:52:44 GMT
  Debian Linux Security Advisory 4522-1 - Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.
• Ubuntu Security Notice USN-4129-2 Thu, 12 Sep 2019 20:42:18 GMT
  Ubuntu Security Notice 4129-2 - USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4132-2 Thu, 12 Sep 2019 20:42:12 GMT
  Ubuntu Security Notice 4132-2 - USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
• Ubuntu Security Notice USN-4132-1 Thu, 12 Sep 2019 20:42:05 GMT
  Ubuntu Security Notice 4132-1 - It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
• Red Hat Security Advisory 2019-2766-01 Thu, 12 Sep 2019 20:40:57 GMT
  Red Hat Security Advisory 2019-2766-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains updated container images for multus-cni, operator-lifecycle-manager, and operator-registry in Red Hat OpenShift Container Platform 4.1.15. Each of these container images includes gRPC, which has been updated with the fixes for unbounded memory growth issues.
• Red Hat Security Advisory 2019-2756-01 Thu, 12 Sep 2019 14:33:15 GMT
  Red Hat Security Advisory 2019-2756-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.255. Issues addressed include a code execution vulnerability.
• Red Hat Security Advisory 2019-2746-01 Thu, 12 Sep 2019 14:32:51 GMT
  Red Hat Security Advisory 2019-2746-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2019-2745-01 Thu, 12 Sep 2019 14:32:43 GMT
  Red Hat Security Advisory 2019-2745-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2019-2743-01 Thu, 12 Sep 2019 14:32:34 GMT
  Red Hat Security Advisory 2019-2743-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include a code execution vulnerability.
• Slackware Security Advisory - mozilla-thunderbird Updates Thu, 12 Sep 2019 14:32:20 GMT
  Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
• Slackware Security Advisory - openssl Updates Thu, 12 Sep 2019 14:32:14 GMT
  Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
• Slackware Security Advisory - curl Updates Thu, 12 Sep 2019 14:32:07 GMT
  Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
• Ubuntu Security Notice USN-4130-1 Wed, 11 Sep 2019 20:00:19 GMT
  Ubuntu Security Notice 4130-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
• Ubuntu Security Notice USN-4131-1 Wed, 11 Sep 2019 20:00:11 GMT
  Ubuntu Security Notice 4131-1 - It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2019-2741-01 Wed, 11 Sep 2019 20:00:04 GMT
  Red Hat Security Advisory 2019-2741-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, and use-after-free vulnerabilities.
• Red Hat Security Advisory 2019-2736-01 Wed, 11 Sep 2019 19:59:56 GMT
  Red Hat Security Advisory 2019-2736-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and null pointer vulnerabilities.
• Red Hat Security Advisory 2019-2690-01 Wed, 11 Sep 2019 19:58:47 GMT
  Red Hat Security Advisory 2019-2690-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include unbounded memory growth.
• Red Hat Security Advisory 2019-2737-01 Wed, 11 Sep 2019 19:58:39 GMT
  Red Hat Security Advisory 2019-2737-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP40. Issues addressed include deserialization, out of bounds access, and use-after-free vulnerabilities.
• Red Hat Security Advisory 2019-2732-01 Wed, 11 Sep 2019 14:02:08 GMT
  Red Hat Security Advisory 2019-2732-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.13, and 2.2.7. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2019-2731-01 Wed, 11 Sep 2019 14:02:01 GMT
  Red Hat Security Advisory 2019-2731-01 - NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 2.1.509 and Runtime 2.1.13. Issues addressed include a denial of service vulnerability.