DSA-3923 freerdp – security update

Tyler Bohan of Talos discovered that FreeRDP, a free implementation of
the Remote Desktop Protocol (RDP), contained several vulnerabilities
that allowed a malicious remote server or a man-in-the-middle to
either cause a DoS by forcibly terminating the client, or execute
arbitrary code on the client side.

Read More

HBO Hacked — ‘Game of Thrones’ Scripts & Other Episodes Leaked Online

game-of-thrones-season-full-download

If you are a die heart fan of ‘Game of Thrones’ series, there’s good news for you, but obviously bad for HBO.

Hackers claim to have stolen 1.5 terabytes of data from HBO, including episodes of HBO shows yet to release online and information on the current season of Game of Thrones.

What’s more? The hackers have already leaked upcoming episodes of the shows “Ballers” and “Room 104” on the Internet.

Additionally, the hackers have also released a script that is reportedly for the upcoming fourth episode of “Game of Thrones” Season 7.

According to Entertainment Weekly, hackers claim to have obtained 1.5 terabytes of data from the entertainment giant and informed several reporters about the hack via anonymous email sent on Sunday.

Though HBO has confirmed the cyber attack on its network and released a statement, the company did not confirm what the hackers have stolen more information, and whether or not upcoming episodes of the widely watched Game Of Thrones have been stolen.

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” the company confirmed the hack in a statement.

“We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

After leaking episodes of “Ballers” and “Room 104” and a script that is believed to be the new episode of “Game of Thrones,” hackers have promised more leaks to be “coming soon.”

The anonymous email sent to the reporters read:

“Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh, I forget to tell. It’s HBO and Game of Thrones……!!!!!!

You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him.”

If hackers have indeed stolen 1.5 terabytes of data from HBO, it could be the company’s second major cyber attack, after 2015, when the first four episodes of “Game of Thrones Season 5” appeared on the Internet shortly before the season’s premiere.

However, when compared to Sony hack 2014, wherein hackers stole 100 terabytes of data, the amount of data stolen from HBO is nowhere near it.

In an email sent to its employees about the latest breach obtained by EW, HBO chairman and CEO Richard Plepler said:

“The problem before us is unfortunately all too familiar in the world we now find ourselves a part of. As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully.”

At this moment, it is still unclear who is behind the hack. We will update the story with the latest information.

Powered by WPeMatico

USN-3372-1: NSS vulnerability

Ubuntu Security Notice USN-3372-1

31st July, 2017

nss vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in NSS.

Software description

  • nss
    – Network Security Service library

Details

It was discovered that NSS incorrectly handled certain empty SSLv2
messages. A remote attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. (CVE-2017-7502)

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update causes NSS to limit use of the same symmetric key.
(CVE-2016-2183)

It was discovered that NSS incorrectly handled Base64 decoding. A remote
attacker could use this flaw to cause NSS to crash, resulting in a denial
of service, or possibly execute arbitrary code. (CVE-2017-5461)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
libnss3

2:3.28.4-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References

CVE-2016-2183,

CVE-2017-5461,

CVE-2017-7502

Read More

USN-3373-1: Apache HTTP Server vulnerabilities

Ubuntu Security Notice USN-3373-1

31st July, 2017

apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Apache HTTP Server.

Software description

  • apache2
    – Apache HTTP server

Details

Emmanuel Dreyfus discovered that third-party modules using the
ap_get_basic_auth_pw() function outside of the authentication phase may
lead to authentication requirements being bypassed. This update adds a new
ap_get_basic_auth_components() function for use by third-party modules.
(CVE-2017-3167)

Vasileios Panopoulos discovered that the Apache mod_ssl module may crash
when third-party modules call ap_hook_process_connection() during an HTTP
request to an HTTPS port. (CVE-2017-3169)

Javier Jiménez discovered that the Apache HTTP Server incorrectly handled
parsing certain requests. A remote attacker could possibly use this issue
to cause the Apache HTTP Server to crash, resulting in a denial of service.
(CVE-2017-7668)

ChenQin and Hanno Böck discovered that the Apache mod_mime module
incorrectly handled certain Content-Type response headers. A remote
attacker could possibly use this issue to cause the Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2017-7679)

David Dennerline and Régis Leroy discovered that the Apache HTTP Server
incorrectly handled unusual whitespace when parsing requests, contrary to
specifications. When being used in combination with a proxy or backend
server, a remote attacker could possibly use this issue to perform an
injection attack and pollute cache. This update may introduce compatibility
issues with clients that do not strictly follow HTTP protocol
specifications. A new configuration option “HttpProtocolOptions Unsafe” can
be used to revert to the previous unsafe behaviour in problematic
environments. (CVE-2016-8743)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
apache2.2-bin

2.2.22-1ubuntu1.12

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-8743,

CVE-2017-3167,

CVE-2017-3169,

CVE-2017-7668,

CVE-2017-7679

Read More

USN-3363-2: ImageMagick regression

Ubuntu Security Notice USN-3363-2

31st July, 2017

imagemagick regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

USN-3363-1 caused a regression in ImageMagick.

Software description

  • imagemagick
    – Image manipulation programs and library

Details

USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a
regression for certain users when processing images. The problematic
patch has been reverted pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libmagick++-6.q16-5v5

8:6.8.9.9-7ubuntu5.9
imagemagick

8:6.8.9.9-7ubuntu5.9
imagemagick-6.q16

8:6.8.9.9-7ubuntu5.9
libmagickcore-6.q16-2

8:6.8.9.9-7ubuntu5.9
Ubuntu 14.04 LTS:
libmagick++5

8:6.7.7.10-6ubuntu3.9
libmagickcore5

8:6.7.7.10-6ubuntu3.9
imagemagick

8:6.7.7.10-6ubuntu3.9

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1707015

Read More

USN-3374-1: RabbitMQ vulnerability

Ubuntu Security Notice USN-3374-1

31st July, 2017

rabbitmq-server vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

RabbitMQ could allow unintended access to network services.

Software description

  • rabbitmq-server
    – AMQP server written in Erlang

Details

It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry
Transport) authentication. A remote attacker could use this issue to
authenticate successfully with an existing username by omitting the
password.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
rabbitmq-server

3.5.7-1ubuntu0.16.04.2
Ubuntu 14.04 LTS:
rabbitmq-server

3.2.4-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-9877

Read More

Someone Hijacks A Popular Chrome Extension to Push Malware

chrome-extention-hacking-adware

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users.

Dubbed Copyfish, the extension allows users to extract text from images, PDF documents and video, and has more than 37,500 users.

Unfortunately, the Chrome extension of Copyfish has been hijacked and compromised by some unknown attacker, who equipped the extension with advertisement injection capabilities. However, its Firefox counterpart was not affected by the attack.

The attackers even moved the extension to their developer account, preventing its developers from removing the infected extension from the store, even after being spotted that the extension has been compromised.

“So far, the update looks like standard adware hack, but, as we still have no control over Copyfish, the thieves might update the extension another time… until we get it back,” the developers warned. “We can not even disable it—as it is no longer in our developer account.”

Here’s How the Hackers Hijacked the Extension:

chrome-extention-hacked

Copyfish developers traced the hack back to a phishing attack that occurred on 28 July.

According to a9t9 software, one of its team members received a phishing email impersonating the Chrome Web Store team that said them to update their Copyfish Chrome extension; otherwise, Google would remove it from the web store.

The phishing email instructed the member to click on “Click here to read more details,” which opened the “Google” password dialogue box.

The provided link was a bit.ly link, but since the team member was viewing the link in HTML form, he did not find it immediately suspicious and entered the password for their developer account.

The developers said the password screen looked almost exactly the one used by Google. Although the team did not have any screenshot of the fake password page as it appeared only once, it did take a screenshot of the initial phishing email and its reply.


“This looked legit to the team member, so we did not notice the [phishing] attack as such at this point. [Phishing] for Chrome extensions was simply not on our radar screen,” the developers said.

Once the developer entered the credentials for a9t9 software’s developer account, the hackers behind the attack updated the Copyfish extension on 29 July to Version 2.8.5, which is pushing out spams and advertisements to its users.

The worst part comes in when the Copyfish makers noticed the issue very quickly, but they could not do anything because the hackers moved the extension to their developer account.

The software company contacted Google developer support, which is currently working to provide the company access to their software.

The a9t9 software is warning users that the Chrome extension for Copyfish is currently not under its control. So, users are advised not to install the malicious Chrome extension and remove, if they have already installed.

Powered by WPeMatico

Oracle MySQL Server CVE-2017-3653 Remote Security Vulnerability

Vulnerable:

Oracle MySQL Server 5.7.18
Oracle MySQL Server 5.7.17
Oracle MySQL Server 5.7.16
Oracle MySQL Server 5.7.15
Oracle MySQL Server 5.7.12
Oracle MySQL Server 5.7
Oracle MySQL Server 5.6.36
Oracle MySQL Server 5.6.35
Oracle MySQL Server 5.6.34
Oracle MySQL Server 5.6.33
Oracle MySQL Server 5.6.30
Oracle MySQL Server 5.6.29
Oracle MySQL Server 5.6.28
Oracle MySQL Server 5.6.27
Oracle MySQL Server 5.6.26
Oracle MySQL Server 5.6.23
Oracle MySQL Server 5.6.22
Oracle MySQL Server 5.6.21
Oracle MySQL Server 5.5.56
Oracle MySQL Server 5.5.55
Oracle MySQL Server 5.5.54
Oracle MySQL Server 5.5.53
Oracle MySQL Server 5.5.52
Oracle MySQL Server 5.5.48
Oracle MySQL Server 5.5.47
Oracle MySQL Server 5.5.46
Oracle MySQL Server 5.5.45
Oracle MySQL Server 5.5.42
Oracle MySQL Server 5.5.41
Oracle MySQL Server 5.5.40
Oracle MySQL Server 5.6.25
Oracle MySQL Server 5.6.24
Oracle MySQL Server 5.6.20
Oracle MySQL Server 5.6.16
Oracle MySQL Server 5.6.15
Oracle MySQL Server 5.5.44
Oracle MySQL Server 5.5.43
Oracle MySQL Server 5.5.36
Oracle MySQL Server 5.5.35
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

Powered by WPeMatico

Oracle MySQL Server CVE-2017-3641 Remote Security Vulnerability

Vulnerable:

Oracle MySQL Server 5.7.18
Oracle MySQL Server 5.7.17
Oracle MySQL Server 5.7.16
Oracle MySQL Server 5.7.15
Oracle MySQL Server 5.7.12
Oracle MySQL Server 5.7
Oracle MySQL Server 5.6.36
Oracle MySQL Server 5.6.35
Oracle MySQL Server 5.6.34
Oracle MySQL Server 5.6.33
Oracle MySQL Server 5.6.30
Oracle MySQL Server 5.6.29
Oracle MySQL Server 5.6.28
Oracle MySQL Server 5.6.27
Oracle MySQL Server 5.6.26
Oracle MySQL Server 5.6.23
Oracle MySQL Server 5.6.22
Oracle MySQL Server 5.6.21
Oracle MySQL Server 5.5.56
Oracle MySQL Server 5.5.55
Oracle MySQL Server 5.5.54
Oracle MySQL Server 5.5.53
Oracle MySQL Server 5.5.52
Oracle MySQL Server 5.5.48
Oracle MySQL Server 5.5.47
Oracle MySQL Server 5.5.46
Oracle MySQL Server 5.5.45
Oracle MySQL Server 5.5.42
Oracle MySQL Server 5.5.41
Oracle MySQL Server 5.5.40
Oracle MySQL Server 5.6.25
Oracle MySQL Server 5.6.24
Oracle MySQL Server 5.6.20
Oracle MySQL Server 5.6.16
Oracle MySQL Server 5.6.15
Oracle MySQL Server 5.5.44
Oracle MySQL Server 5.5.43
Oracle MySQL Server 5.5.36
Oracle MySQL Server 5.5.35

Powered by WPeMatico

Oracle MySQL Connectors/MySQL Server CVE-2017-3635 Remote Security Vulnerability

Vulnerable:

Oracle MySQL Server 5.7.18
Oracle MySQL Server 5.7.17
Oracle MySQL Server 5.7.16
Oracle MySQL Server 5.7.15
Oracle MySQL Server 5.7.12
Oracle MySQL Server 5.7
Oracle MySQL Server 5.6.36
Oracle MySQL Server 5.6.35
Oracle MySQL Server 5.6.34
Oracle MySQL Server 5.6.33
Oracle MySQL Server 5.6.30
Oracle MySQL Server 5.6.29
Oracle MySQL Server 5.6.28
Oracle MySQL Server 5.6.27
Oracle MySQL Server 5.6.26
Oracle MySQL Server 5.6.23
Oracle MySQL Server 5.6.22
Oracle MySQL Server 5.6.21
Oracle MySQL Server 5.5.56
Oracle MySQL Server 5.5.55
Oracle MySQL Server 5.5.54
Oracle MySQL Server 5.5.53
Oracle MySQL Server 5.5.52
Oracle MySQL Server 5.5.48
Oracle MySQL Server 5.5.47
Oracle MySQL Server 5.5.46
Oracle MySQL Server 5.5.45
Oracle MySQL Server 5.5.42
Oracle MySQL Server 5.5.41
Oracle MySQL Server 5.5.40
Oracle MySQL Server 5.6.25
Oracle MySQL Server 5.6.24
Oracle MySQL Server 5.6.20
Oracle MySQL Server 5.6.16
Oracle MySQL Server 5.6.15
Oracle MySQL Server 5.5.44
Oracle MySQL Server 5.5.43
Oracle MySQL Server 5.5.36
Oracle MySQL Server 5.5.35
Oracle MySQL Connectors 6.1.9
Oracle MySQL Connectors 6.1.10
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

Powered by WPeMatico