ESB-2020.2713 – [RedHat] Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2713
                      Red Hat OpenShift Service Mesh
           3scale-istio-adapter-rhel8-container security update
                               7 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux WS/Desktop 8
                   Red Hat Enterprise Linux Server 8
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14040 CVE-2020-11080 CVE-2020-9283

Reference:         ESB-2020.2575
                   ESB-2020.2377
                   ESB-2020.2375
                   ESB-2020.2303

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3372

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update
Advisory ID:       RHSA-2020:3372-01
Product:           Red Hat OpenShift Service Mesh
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3372
Issue date:        2020-08-06
CVE Names:         CVE-2020-9283 CVE-2020-11080 CVE-2020-14040 
=====================================================================

1. Summary:

An update for 3scale-istio-adapter-rhel8-container is now available for
OpenShift Service Mesh.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
service mesh project, tailored for installation into an on-premise
OpenShift Container Platform installation.

Security Fix(es):

* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
for panic (CVE-2020-9283)

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

5. JIRA issues fixed (https://issues.jboss.org/):

MAISTRA-1716 - Release 3scale-istio-adapter-rhel container

6. References:

https://access.redhat.com/security/cve/CVE-2020-9283
https://access.redhat.com/security/cve/CVE-2020-11080
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyxmttzjgjWX9erEAQhuDQ/5Ac/xFUMD/Gt0izxxIxDym6IR0Am04lHN
mBq4x/CtftXRVPMnbHE39SasCKs2PPvB1h3qPrvEpXyCRsNGfXHgaitvvUtrpEdB
w/ahVdvf3jzhj+BoU7u1m61PQil4+X3pE5d1hz3DjrmkstWePVyQoUFeXhnCXnDi
T+AN4I4u3bWpqDRn74if+h/sclxTutrUz//wO+FmKAiYd6oc0rN6foqk5P5Qy5vs
2k+kW9v+LkJa3JwxjLXsXykcwOXpouJYlY9OLAE89w5mLgw7RccRqAK4QfOUXinK
KuuGTBnGUYxe/jg8OVSTfWdhy99mLZxaspmZRsxbUxYR2P0TpGNiyBVm7eRG/y3W
sTT7z+QCW6FDs6J/it+OQbCtgOSdYUnI8VJXQ1RRBWCogt9da5uZCVUFFx4lFB6H
pBB74yHgoupufgs4MPgaGIU55qnKIsC+QKoNL7GD3FsYvGddsTkck0KqZJzb2794
B4NhXSjqN/eVzXVnsHONrPRoCRt1m1V0+qu0OznZQ4vDUBLaHOEDqCr5Ic8jA5Pu
aFeMGmKhTFJR7JpWSObBLRf8cma1o3Z7UpVZbE8tyLgAjTuTLeovofxB5T0F7Hnn
/VIWVSXkQlz2ANKhv39hc/VveV5LIMUInVTHaNHHw2g1uVOXepadcuvqmV15p450
JOErQVXrxWA=
=FI2L
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyzhPuNLKJtyKPYoAQh2og//RdQ7WJkt7LPdukcIqoyoE8VJbFeSYWNi
jklOXeUOvsV4KhFmLhVWJOxo6ChZKZZoGqh2diUO/GgiLfuxVNyHPV+kt7Jw/FPe
WvcEo0m1vSG7A/JwRi9cw0FiL9AAJYFFAsl8FWx2n9uM2/WB0pBmaBtWhYDTsEY+
Na9SmhRMTG/R0UtwOAYKf1W6dy81s96YpSGowTQYh20VWFYd/RPdKZpKM3SLesrQ
nMTqmEp1u+wAKyeZAPa7V4XcMqX5l0Y4S1la0BYqjsnDx7emspsm//2QqvWEvHEt
wweC/64PUGqHaca3ylTYDa31s5HkudtzSbu78MNTAIbjJ4g2xvYk+VdxaVIXyynQ
uBEchd7/ui4eQ87MuWuQidbslpHL1KMMYWJu0rhgTuyoZ2MQqVTY4DLx88Zdf8YW
EMnPRKkeySJRJikcqg4KHV6YFDn98Nw8r47urfFzmyWmOlq8dDB40JQeKI9Ssmac
RczQ7uzjYBHhDbDM3CPWincafkAi5loq3A4MUOry3ZJfvTNCGgEcoCHh81wlo7hE
gKmCbg3fS3aSUJv0xY764AX+dMMrv47lZwUOMwBl42uOfOL+nHIODlU+du1ydU/B
DiVCtvKO3a3OGNaydl9sxOXBu/DiEyrynhw9HRYeBVbbkSyWoJMqGwnDjOnnj+aT
2ibIwlPg9IA=
=pRNq
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/07/esb-2020-2713-redhat-red-hat-openshift-service-mesh-3scale-istio-adapter-rhel8-container-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2713-redhat-red-hat-openshift-service-mesh-3scale-istio-adapter-rhel8-container-denial-of-service-remote-unauthenticated

ESB-2020.2720 – [Appliance] Expat XML library: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2720
               Expat XML library vulnerability CVE-2015-1283
                               7 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Expat XML library
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Remote/Unauthenticated
                   Reduced Security  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-1283  

Reference:         ASB-2016.0120
                   ASB-2016.0103
                   ESB-2019.0094
                   ESB-2018.0626.3
                   ESB-2017.2550
                   ESB-2017.0819

Original Bulletin: 
   https://support.f5.com/csp/article/K15104541

- --------------------------BEGIN INCLUDED TEXT--------------------

K15104541:Expat XML library vulnerability CVE-2015-1283

Security Advisory

Original Publication Date: 12 Oct, 2016

Latest   Publication Date: 07 Aug, 2020

Security Advisory Description

Multiple integer overflows in the XML_GetBuffer function in Expat through
2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow
remote attackers to cause a denial of service (heap-based buffer overflow) or
possibly have unspecified other impact via crafted XML data, a related issue to
CVE-2015-2716. (CVE-2015-1283)

Impact

This vulnerability may allow a remote attacker to cause a denial of service
(DoS) or create other unspecified impact using crafted XML data.

Security Advisory Status

F5 Product Development has assigned ID 617147 (BIG-IP), ID 617963 (BIG-IQ), ID
618241 (Enterprise Manager), and ID 528541 (ARX) to this vulnerability.
Additionally, BIG-IP iHealth may list Heuristic H15104541 on the Diagnostics >
Identified > Medium screen.

To determine if your release is known to be vulnerable, the components or
features that are affected by the vulnerability, and for information about
releases or hotfixes that address the vulnerability, refer to the following
table:

+---------------+----------------+-----------------+----------+----------------+
|               |Versions known  |Versions known to|          |Vulnerable      |
|Product        |to be vulnerable|be not vulnerable|Severity  |component or    |
|               |                |                 |          |feature         |
+---------------+----------------+-----------------+----------+----------------+
|               |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |          |                |
|BIG-IP LTM     |11.4.0 - 11.6.5 |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
|               |11.2.1          |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP AAM     |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |Medium    |iControl Soap   |
|               |11.4.0 - 11.6.5 |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP AFM     |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |Medium    |iControl Soap   |
|               |11.4.0 - 11.6.5 |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP         |12.0.0 - 12.1.5 |                 |          |                |
|Analytics      |11.4.0 - 11.6.5 |13.0.0 - 13.1.1  |Medium    |iControl Soap   |
|               |11.2.1          |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|               |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |          |                |
|BIG-IP APM     |11.4.0 - 11.6.5 |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
|               |11.2.1          |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|               |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |          |                |
|BIG-IP ASM     |11.4.0 - 11.6.5 |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
|               |11.2.1          |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP DNS     |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP Edge    |11.2.1          |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
|Gateway        |                |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP GTM     |11.4.0 - 11.6.5 |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
|               |11.2.1          |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP Link    |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |          |                |
|Controller     |11.4.0 - 11.6.5 |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
|               |11.2.1          |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP PEM     |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |Medium    |iControl Soap   |
|               |11.4.0 - 11.6.5 |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP PSM     |11.4.0 - 11.4.1 |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP         |11.2.1          |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
|WebAccelerator |                |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP WOM     |11.2.1          |10.2.1 - 10.2.4  |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IP WebSafe |12.0.0 - 12.1.5 |13.0.0 - 13.1.1  |Medium    |iControl Soap   |
|               |11.6.0 - 11.6.5 |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|ARX            |6.2.0 - 6.4.0   |None             |Low       |Expat XML parser|
|               |                |                 |          |library         |
+---------------+----------------+-----------------+----------+----------------+
|Enterprise     |3.1.1           |None             |Medium    |iControl Soap   |
|Manager        |                |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|FirePass       |None            |7.0.0            |Not       |None            |
|               |                |                 |vulnerable|                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IQ Cloud   |4.0.0 - 4.5.0   |None             |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IQ Device  |4.2.0 - 4.5.0   |None             |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IQ Security|4.0.0 - 4.5.0   |None             |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IQ ADC     |4.5.0           |None             |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IQ         |7.0.0 - 7.1.0   |                 |          |                |
|Centralized    |6.0.0 - 6.1.0   |None             |Medium    |iControl Soap   |
|Management     |5.0.0 - 5.4.0   |                 |          |                |
|               |4.6.0           |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|BIG-IQ Cloud   |                |                 |          |                |
|and            |1.0.0           |None             |Medium    |iControl Soap   |
|Orchestration  |                |                 |          |                |
+---------------+----------------+-----------------+----------+----------------+
|F5 iWorkflow   |2.0.0           |None             |Medium    |iControl Soap   |
+---------------+----------------+-----------------+----------+----------------+
|LineRate       |None            |2.5.0 - 2.6.1    |Not       |None            |
|               |                |                 |vulnerable|                |
+---------------+----------------+-----------------+----------+----------------+
|Traffix SDC    |None            |5.0.0            |Not       |None            |
|               |                |4.0.0 - 4.4.0    |vulnerable|                |
+---------------+----------------+-----------------+----------+----------------+

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Versions known to be not vulnerable column. If the table lists only an
older version than what you are currently running, or does not list a
non-vulnerable version, then no upgrade candidate currently exists.

To determine the necessary upgrade path for your BIG-IQ system, you should
understand the BIG-IQ product offering name changes. For more information,
refer to K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems
.

Supplemental Information

o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K167: Downloading software and firmware from F5
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K9502: BIG-IP hotfix matrix
  o K15106: Managing BIG-IQ product hotfixes
  o K15113: BIG-IQ hotfix matrix
  o K12766: ARX hotfix matrix

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyznn+NLKJtyKPYoAQjVUg/9GqW/6jRMTjYKbIicx2bi4TTaqc5g2C0a
wTe7TyIp3WB2SPgDrzOgBCXNd9iIqqmjEMBJn4jtEWTwGbAgwEKd5wSoUQvWeGm5
mzzc+xGKPbx3sx2IfWJ7JUxBgorHDMpbEq05V/zMR+Y5qbhK4HKBu7YkvkGQBGgG
wMWXktlaiRLLDmFGMK5PWmVlAe+moDGh6sqWjQ7cDvzamdkJrFRj7wajGzfwKtQn
HLaIpOjWsVwgQ8G50oA/m7kT/BLnKHgQFeBixLWlAOcTyLu0uAbH/6HCtvzDc6r0
493yfkDec/FQCfZ6Py2gYDNXJAUW7AOXK+QSwg1bAggsUriZgE2O2LOCvQH67zxf
Cc2E9+O9m1JSdKoRhzaevCO8psMI1d/G5Xpk3TfBBGxNAd90dfg2Jv90GsK9Ufj4
J03nMxRzSzTtUQBXPltXmZd3fovKRUZYlpqrtodNWF8Fc0vZJW3bZCTe1t2S948N
hTATzc88arxgawhVBuK03rNPbQ08+jXhsfkgv7/SJ03IfSNZgdDGvvw+q+Yn1M6A
9dLLQdCKM5/yR1PH75XnyWWVCJVFnkiG1C8FFt13KdfsyG1HkUqhXTaN6O8mKFTY
RmY6dWU6U1lI39WgnHZH8Wdpz5h+xU286H/eXep4AL1UEpTaN7Cc7YzqPAhA3WK4
9602Q3CJmbU=
=9cm/
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/07/esb-2020-2720-appliance-expat-xml-library-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2720-appliance-expat-xml-library-multiple-vulnerabilities

ESB-2020.2719 – [Appliance] G-Cam and G-Code: Root compromise – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2719
           Advisory (icsa-20-219-03) Geutebruck G-Cam and G-Code
                               7 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           G-Cam and G-Code
Publisher:         US-CERT
Operating System:  Network Appliance
Impact/Access:     Root Compromise -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16205  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-219-03)

Geutebruck G-Cam and G-Code

Original release date: August 06, 2020

Legal Notice

All information products included in https://us-cert.gov/ics are provided"as
is" for informational purposes only. The Department of Homeland Security (DHS)
does not provide any warranties of any kind regarding any information contained
within. DHS does not endorse any commercial product or service, referenced in
this product or otherwise. Further dissemination of this product is governed by
the Traffic Light Protocol (TLP) marking in the header. For more information
about TLP, see https://www.us-cert.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 7.2
  o ATTENTION: Exploitable remotely/low skill level to exploit/public exploits
    are available
  o Vendor: Geutebruck
  o Equipment: G-Cam and G-Code
  o Vulnerability: OS Command Injection

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow remote code execution
as root.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Geutebruck reports the vulnerability affects firmware Versions 1.12.0.25 and
prior as well as the limited Versions 1.12.13.2 and 1.12.14.5 of the following
Encoder and E2 Series Camera models:

  o G-Code:
       EEC-2xxx
  o G-Cam:
       EBC-21xx
       EFD-22xx
       ETHC-22xx
       EWPC-22xx

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS
COMMAND INJECTION') CWE-78

Using a specially crafted URL command, a remote authenticated user can execute
commands as root.

CVE-2020-16205 has been assigned to this vulnerability. A CVSS v3 base score of
7.2 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:H/UI:N/S:U/
C:H/I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Energy, Financial
    Services, Government Facilities, Healthcare and Public Health,
    Transportation Systems
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Davy Douhine of RandoriSec reported this vulnerability to CISA.

4. MITIGATIONS

Geutebruck recommends users update to firmware Version 1.12.0.27

The link for the download area on the Geutebruck website " latest firmware " is
the same as for the advisory " security advisory " (Login required).

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.gov . Several recommended practices are available
for reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyznS+NLKJtyKPYoAQiKjA//flcUK+x9IfpJpyiCTa8LWJnt2G21fuC4
baNMERRxtMHNvd3C3jW0rPTIGDmocfZWkqtFE26gIYe/pv3JTbfqvD9+JA6WSvqH
bMhphaRJWpTHfpWKCkJ8mEFmGRQDtaAu0QP0V6GFkZNk/SHsWEyQh8cHxHMmzU0l
lOy+uxt0FKi2fKaDKPSnj2R41F6QG2S0nAU98w+Vv9at/5oky8LbkNSt3FsZlWKJ
p4BSfag6Mg/1J0LBbCfehkgEc6keGggVBOMAmDrgoCM1/qsnqZYqBLs9jIKtkkCY
8q4qHtHjxqC6+/jLfQGoggpto6xTOCPWPyOjxnfY1lTfE/ffP+IvNWVzdQrl6kaB
YT5zyn4Vin2RqrUEkZ61MXo13lPDqoYi1nHul8U/DV/e7xr7xRttwIhPBFAi6GDS
khugaOrlTQZznTnXh4eI98Nv6RTbThrvg9uZLxPE3slY8p5+W8QBna0ozJCbdQVn
3ATB9Wl9SaNYzMiW/2In/IXF4ghXdRy1+FZGXrjjAdc7Q0tOU4hb8geRhqKy0ETT
lq00Q0n/Ekb5NPORRFVXjTNkXTWlhuQLkpgr3devcJztWo3DH0M1U3dQzJqBu34J
nFqVtg4ztxyM7q3VwmI+I1pwaEpEaRA/W1ZVZAhy3FjMQZRECLAfEXTzxrGNrc74
15omr6V8z1k=
=XtTa
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/07/esb-2020-2719-appliance-g-cam-and-g-code-root-compromise-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2719-appliance-g-cam-and-g-code-root-compromise-existing-account

ESB-2020.2718 – [Appliance] https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2718
      Advisory (icsa-20-219-04) Delta Industrial Automation TPEditor
                               7 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04
Publisher:         US-CERT
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
                   Modify Arbitrary Files          -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16227 CVE-2020-16225 CVE-2020-16223
                   CVE-2020-16221 CVE-2020-16219 

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-219-04)

Delta Industrial Automation TPEditor

Original release date: August 06, 2020

Legal Notice

All information products included in https://us-cert.gov/ics are provided"as
is" for informational purposes only. The Department of Homeland Security (DHS)
does not provide any warranties of any kind regarding any information contained
within. DHS does not endorse any commercial product or service, referenced in
this product or otherwise. Further dissemination of this product is governed by
the Traffic Light Protocol (TLP) marking in the header. For more information
about TLP, see https://www.us-cert.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 7.8
  o ATTENTION: Low skill level to exploit
  o Vendor: Delta Electronics
  o Equipment: https://us-cert.cisa.gov/ics/advisories/icsa-20-219-04
  o Vulnerabilities: Out-of-bounds Read, Stack-based Buffer Overflow,
    Heap-based Buffer Overflow, Write-what-where Condition, Improper Input
    Validation

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to
read/modify information, execute arbitrary code, and/or crash the application.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of TPEditor, a programming software for Delta text
panels, are affected:

  o TPEditor Versions 1.97 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS READ CWE-125

An out-of-bounds read may be exploited by processing specially crafted project
files. Successful exploitation of this vulnerability may allow an attacker to
read/modify information, execute arbitrary code, and/or crash the application.

CVE-2020-16219 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.2 STACK-BASED BUFFER OVERFLOW CWE-121

A stack-based buffer overflow may be exploited by processing a specially
crafted project file. Successful exploitation of this vulnerability may allow
an attacker to read/modify information, execute arbitrary code, and/or crash
the application.

CVE-2020-16221 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.3 HEAP-BASED BUFFER OVERFLOW CWE-122

A heap-based buffer overflow may be exploited by processing a specially crafted
project file. Successful exploitation of this vulnerability may allow an
attacker to read/modify information, execute arbitrary code, and/or crash the
application.

CVE-2020-16223 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.4 WRITE-WHAT-WHERE CONDITION CWE-123

A write-what-where condition may be exploited by processing a specially crafted
project file. Successful exploitation of this vulnerability may allow an
attacker to read/modify information, execute arbitrary code, and/or crash the
application.

CVE-2020-16225 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.5 IMPROPER INPUT VALIDATION CWE-20

An improper input validation may be exploited by processing a specially crafted
project file not validated when the data is entered by a user. Successful
exploitation of this vulnerability may allow an attacker to read/modify
information, execute arbitrary code, and/or crash the application.

CVE-2020-16227 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Kdot, kimiya of 9SG Security Team, Justin Taft and Chris Anastasio working with
Trend Micro's Zero Day Initiative reported these vulnerabilities to CISA.

4. MITIGATIONS

Delta Electronics recommends affected users update to the latest version of
Delta Industrial Automation TPEditor, Version 1.98

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.gov . Several recommended practices are available
for reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves
from social engineering attacks:

  o Do not click web links or open unsolicited attachments in email messages.
  o Refer to Recognizing and Avoiding Email Scams for more information on
    avoiding email scams.
  o Refer to Avoiding Social Engineering and Phishing Attacks for more
    information on social engineering attacks.

No known public exploits specifically target these vulnerabilities. These
vulnerabilities are not exploitable remotely.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyzm8ONLKJtyKPYoAQg1rxAAlAyrodRP/T2SKMzGATl6YvSqHRgKs10y
cLNMZxg95v4VLC3jWbr7AVHaGj+OEKnaGpgU3t/Hn4cwWrRW69d5cXy05BcSmJNB
U2ati3Kya09D5xqsCcpmU+DFMsw8KTqQkbsBLqIBM3hz4L91M2Ue3OwiSZJPc8Mi
djqlHCpSg0jVpOWePMuieZdY+0pcRrV9pBEIMZ8Qv+TOlVR92F4Srd7oXFkPYgJn
gXyklQ+DUd4q0XxbJNBwTnCVu81P5+ETJZNyYKnJ1EYXW/XhlLqIJwQ6wZ0GxRA0
6LcMrxPyQDiJQH1tGkQXydUi5GxJhvkexhPGF4oSiMPQin4EBJikCn59yo4agNWC
JDbr8iUc4DL7IqhH2GQWc8vKEnvdVG6GlEJPw/ubDYayLnE6rDLdMOPJ1QiiGF+p
W5p6b4+Q19MVTgmbCU6K8fea9rlsUcR2mD2ru64UPwWLigl+OvCOnf3EarYgBbrV
EXdXqYZ9GUmibxDMT9n83KoeNDx8AofAkpQwI2Vde+xqOldLK3RSv6FZTzJpCkZG
XLnv1fb3GLJiDR+j09kil7q/loIiTB09eV4ZM8UDqYwzBtc7rKVmGz6oyjuIYp2G
GeBKbFTTTSSkkrI5sCmUhWTzFbiuDHX0s01qBnnVi2MQZoP5INt2yyH21l6ANqN5
nijMfyYlfFo=
=SIEu
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/07/esb-2020-2718-appliance-https-us-cert-cisa-gov-ics-advisories-icsa-20-219-04-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2718-appliance-https-us-cert-cisa-gov-ics-advisories-icsa-20-219-04-multiple-vulnerabilities

ESB-2020.2716 – [Ubuntu] ppp: Execute arbitrary code/commands – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2716
                       USN-4451-2: ppp vulnerability
                               7 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ppp
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15704  

Reference:         ESB-2020.2673

Original Bulletin: 
   https://usn.ubuntu.com/4451-2/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4451-2: ppp vulnerability
06 August 2020

ppp could be made to load arbitrary kernel modules and possibly run
programs.
Releases

  o Ubuntu 14.04 ESM
  o Ubuntu 12.04 ESM

Packages

  o ppp - Point-to-Point Protocol (PPP)

Details

USN-4451-1 fixed a vulnerability in ppp. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Thomas Chauchefoin discovered that ppp incorrectly handled module loading.
A local attacker could use this issue to load arbitrary kernel modules and
possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 14.04

  o ppp - 2.4.5-5.1ubuntu2.3+esm2

Ubuntu 12.04

  o ppp - 2.4.5-5ubuntu1.4

In general, a standard system update will make all the necessary changes.

References

  o CVE-2020-15704

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyzlKONLKJtyKPYoAQjfOQ//QOrDQGMCMOQSd8aHyS8Jt22YoPbVPvXE
PITEAcLiT6TzYlB4VfYSzUN2pxu0NzdoVZ+hJipTkcqdPYF5YXKqhdwvKHpDWVTv
uLtQx9Yyu0uYCmLQwi92pYiQr1Z1u4XSFP/wh2K+07p5b9kRbLz/kN7NpT7ITZnS
8wTf3nwD3bSh5bB+9J7VDX39+9oOY3kVeuH7gHGCmkceZUPAScWUB29ZULM3Cl9i
tAzSDIGRknfe+8JWs5NlPPAJcEJlsF6IJROzoOCZ5SB8QeQ5V84EDoFM03I9iXct
Fr5wUlAlJ3tNPbGI9fAEE0SF5LRX+kI/mlOxONhTQ3tsUhITF9QWISwtVHi1H/v1
I5cHYSlPN8YoE+cDbCacTqSfPVeijkxURFlcjdON5NW4brPa5nnnCLuxGVLtYu8s
ph/WKQ9UdIJvvuhVg6A+YMu1DuGxvBwIo+UTm7RR8tBQ5KQuEAJnA+Dq8KlVeLEY
ffwGYIqyjS+tMvw24w2ShvySSjnQW8fgnYVt9YR1PNGPDLFSGjabivCSXClaHMdY
dWwePnqxCy7q4WUSPnguBREGMCUNpkxTil5yCUzcaKVBobxr1hXdRu11hV7P17Ri
nqUku0Qn+R6xgiA6h5hIGS5jj4DleBizAG/KXJ9dZ6npwMGzrx9tG8UI5W3OOhl2
uSEacds3rPw=
=hx6d
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/07/esb-2020-2716-ubuntu-ppp-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2716-ubuntu-ppp-execute-arbitrary-code-commands-existing-account

ESB-2020.2717 – [Appliance] Power Line Communications Bus / PLC4TRUCKS / J2497: Access confidential data – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2717
        Advisory (icsa-20-219-01) Trailer Power Line Communications
                               7 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Power Line Communications Bus / PLC4TRUCKS / J2497
Publisher:         US-CERT
Operating System:  Network Appliance
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        None
CVE Names:         CVE-2020-14514  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-219-01

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-219-01)

Trailer Power Line Communications

Original release date: August 06, 2020

Legal Notice

All information products included in https://us-cert.gov/ics are provided"as
is" for informational purposes only. The Department of Homeland Security (DHS)
does not provide any warranties of any kind regarding any information contained
within. DHS does not endorse any commercial product or service, referenced in
this product or otherwise. Further dissemination of this product is governed by
the Traffic Light Protocol (TLP) marking in the header. For more information
about TLP, see https://www.us-cert.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 4.3
  o Vendor: Multiple Trailer and Brake Manufacturers
  o Equipment: Power Line Communications Bus / PLC4TRUCKS / J2497
  o Vulnerability: Exposure of Sensitive Information Through Sent Data

2. RISK EVALUATION

The National Motor Freight Traffic Association (NMFTA) and Assured Information
Security (AIS) have released research detailing a vulnerability within trailer
Power Line Communications (PLC) signals. Their research indicates it is
possible to read PLC signals using active antennas reliably at 6 feet and up to
8 feet away, subject to environmental conditions. The researchers expect to be
able to push this reception distance further with receiver improvements. The
impact of this issue depends heavily on what information is being sent by ECUs
on the trailer PLC bus. Typical trailer traffic is only ABS fault messages and
will thus have minimal loss of confidentiality. CISA is publishing this
advisory to bring awareness to trailer and brake manufacturers who may be
seeking to leverage PLC for sensitive information: e.g., air weigh axles or key
exchange in setting up high-speed wireless links in future tractor-trailer
interfaces.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

All trailer power line communications are affected.

3.2 VULNERABILITY OVERVIEW

3.2.1 EXPOSURE OF SENSITIVE INFORMATION THROUGH SENT DATA CWE-201

PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet
away. Further distances are also possible, subject to environmental conditions
and receiver improvements.

CVE-2020-14514 has been assigned to this vulnerability. A CVSS v3 base score of
4.3 has been assigned; the CVSS vector string is ( AV:A/AC:L/PR:N/UI:N/S:U/C:L/
I:N/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Transportation Systems
  o COUNTRIES/AREAS DEPLOYED: Worldwide

3.4 RESEARCHER

National Motor Freight Traffic Association (NMFTA) researcher Ben Gardiner,
NMFTA motor freight carriers, and Assured Information Security researchers Dan
Salloum, Chris Poore, and Eric Thayer reported this vulnerability to CISA.

4. MITIGATIONS

No current mitigations have been developed alongside this research. Future
designs can mitigate this issue by reducing radiated emissions using shorter
lengths of PLC buses and reduced transmit voltage. The goal of this advisory is
to bring awareness of the issue to the transportation systems sector.
CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Assess expected confidentiality of PLC traffic that is present on trailers.
       Theoretical examples to consider:
           Air weigh systems on trailer PLC could expose business intelligence
           Trailer brake controllers configured to stream values could expose
            business intelligence
           Trailer telematics systems which use PLC, while rare, could be
            exposing network information that should remain confidential

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.gov . Several recommended practices are available
for reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyzlpeNLKJtyKPYoAQj5MBAAn/TORd7+9mfpBcLaF+TSyk96yPuy0gsT
T3iJftN6wnfYC2j+BTq8w6PcknIFAKW0BmL5pRiKUM1nS1bKYZVLuAxtCaio8tDF
5w+MP1BzHDqKEdiCOyOiwdOcfkViyjSnF+hjW4WO1hUpj1gQQu9kqoBfKbIOuqdI
2jL1Qe4bR8ywHYsl0D7OVZW/+cDugm5mHF5hJgNX3EaQWlbh+9i2NLzWe1WbeFX9
Fazea1C/OjVeJf4SybdxSgAG+gzlgab1Ir1TiybMH7drIT3Drg+CwPdCfsDOX/kv
VhX7R2c45JeNgqTCNbaFB3ctVUtUYob2GKMskp1jK+De+34Vk7SmmOaq66PNpPag
Ug4nqYNJDLIzL5+hIYSiHdXZOFFAsX26pYD3WmaWCMbzyH3A2s3Peat1Ik39aLbu
f5sfXZnZjKzzFOab2cSuVuY+d7g1OIXOCh5u8iBa97fn0y5B2y9frS0SsJXAl+J7
IdPl+tpsHkQwK4Kzz5fxadfMlUu9yx1zrHyHV3VYnuuEgEHv6k2VARhyrXnPTDa4
WOr/ejb35BGwwkOPzfL4Z+p0hZjwuaX00u1zgjL+9zBB4WR8Hvom6KcBLSCGfLle
a3+1Gs/868Q6pbBJGBuImXJEybJd1JJNLskEjoFE9Y0yT6HRjxdVLmKATvPVWHgB
TuaQXARr5l8=
=6Hoy
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/07/esb-2020-2717-appliance-power-line-communications-bus-plc4trucks-j2497-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2717-appliance-power-line-communications-bus-plc4trucks-j2497-access-confidential-data-remote-unauthenticated

ESB-2020.2714 – [RedHat] Red Hat OpenShift Service Mesh: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2714
              Red Hat OpenShift Service Mesh security update
                               7 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat OpenShift Service Mesh
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14040 CVE-2020-12666 CVE-2020-11023
                   CVE-2020-9283 CVE-2020-8203 

Reference:         ESB-2020.2575
                   ESB-2020.2517
                   ESB-2020.2375
                   ESB-2020.2287
                   ESB-2020.1961

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3369

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Service Mesh security update
Advisory ID:       RHSA-2020:3369-01
Product:           Red Hat OpenShift Service Mesh
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3369
Issue date:        2020-08-06
CVE Names:         CVE-2020-8203 CVE-2020-9283 CVE-2020-11023 
                   CVE-2020-12666 CVE-2020-14040 
=====================================================================

1. Summary:

An update is now available for OpenShift Service Mesh 1.1.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

OpenShift Service Mesh 1.1 - x86_64
Red Hat OpenShift Service Mesh 1.1 - x86_64

3. Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
service mesh project, tailored for installation into an on-premise
OpenShift Container Platform installation.

Security Fix(es):

* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
for panic (CVE-2020-9283)

* nodejs-lodash: prototype pollution in zipObjectDeep function
(CVE-2020-8203)

* jQuery: passing HTML containing  elements to manipulation methods
could result in untrusted code execution (CVE-2020-11023)

* macaron: open redirect in the static handler (CVE-2020-12666)

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1850004 - CVE-2020-11023 jQuery: passing HTML containing  elements to manipulation methods could result in untrusted code execution
1850034 - CVE-2020-12666 macaron: open redirect in the static handler
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function

6. Package List:

Red Hat OpenShift Service Mesh 1.1:

Source:
kiali-v1.12.10.redhat2-1.el7.src.rpm

x86_64:
kiali-v1.12.10.redhat2-1.el7.x86_64.rpm

OpenShift Service Mesh 1.1:

Source:
ior-1.1.6-1.el8.src.rpm
servicemesh-1.1.6-1.el8.src.rpm
servicemesh-cni-1.1.6-1.el8.src.rpm
servicemesh-grafana-6.4.3-13.el8.src.rpm
servicemesh-operator-1.1.6-2.el8.src.rpm
servicemesh-prometheus-2.14.0-14.el8.src.rpm

x86_64:
ior-1.1.6-1.el8.x86_64.rpm
servicemesh-1.1.6-1.el8.x86_64.rpm
servicemesh-citadel-1.1.6-1.el8.x86_64.rpm
servicemesh-cni-1.1.6-1.el8.x86_64.rpm
servicemesh-galley-1.1.6-1.el8.x86_64.rpm
servicemesh-grafana-6.4.3-13.el8.x86_64.rpm
servicemesh-grafana-prometheus-6.4.3-13.el8.x86_64.rpm
servicemesh-istioctl-1.1.6-1.el8.x86_64.rpm
servicemesh-mixc-1.1.6-1.el8.x86_64.rpm
servicemesh-mixs-1.1.6-1.el8.x86_64.rpm
servicemesh-operator-1.1.6-2.el8.x86_64.rpm
servicemesh-pilot-agent-1.1.6-1.el8.x86_64.rpm
servicemesh-pilot-discovery-1.1.6-1.el8.x86_64.rpm
servicemesh-prometheus-2.14.0-14.el8.x86_64.rpm
servicemesh-sidecar-injector-1.1.6-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-8203
https://access.redhat.com/security/cve/CVE-2020-9283
https://access.redhat.com/security/cve/CVE-2020-11023
https://access.redhat.com/security/cve/CVE-2020-12666
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyxlxtzjgjWX9erEAQhclg/9EnxiLQNfrShlYbIMVx2JN4/4KbHJ3Dpp
I2gHNeTC4SraZTTYo8NTitoQZO9GduCythbyBPKoH+jJC7qwZ9dIMPMJMjPtACNf
5ci4QbhTf/HNMntoEpvtvLIql6im1fEPjFE8+CY1cb1ChjsALgLqdB+OaALAGA5D
XKj/ezACrGHtMpjG1e7o1dOTK/y/F9c1Flb9KbackwjXCRHVMaiMiWKF5Emxpq8k
+YAk6CoGiq/HUuldvbq/ZK9ZNkEy7z5pamV39OWEFvTzZyCTejoBIbots4rLaSvh
xZQEwGGNY6Y86zirpiTrercZiIgyoEH0f5c3nXodC4u7QPPYy29nyN1DW1zgfpOZ
1vHHXH1bqIo8lkZnXFL/eFgtdn6QEuxUQSj+YaE39sq0VkDthhSEc6rHRZErxdFL
TAKIFy1K96A5zs9mixiL+ATG5ZFlGKGdOqxW450cPSCoJBe1Y2DOUJzULfw4ikjg
cqsLjzPHTUOoBaAzdBas4KF2OiLvU28YfeBRP4y/mWElSKTt3zkerrzvBHr0kKeT
MgSBpbnLU3rE5VUwu9ir0KyiIQmFT8/NN6erEsLw0+gtceI7GRpDv3b3TZA38p9v
itxqoq5R+xA3Ar1MFLBad7um78FElw4r6qQx5VEcQuZ3Jfx5NXQnQhcTX+k/QvT7
IpvJsEUV9VY=
=TiBu
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyzkIONLKJtyKPYoAQgs0g//bE4np9u1AWGbOtMeGWkTCIFMU1uTdQ6V
raAMYkFMxShVSPMiVCaj7VH4SPVwSHwMcElLsXH1XrOU7zQ5dOmp6i31BKU9JnAP
qa4dhorW2V+MopsaOUblMctPMl0KvLnCpq2CerXnvUdU3O4MG37u7PezJG8vb/y7
X7H5AAM0tRQKfD1UOOLuLp/cy7fhp/xKwZrJPJt4C3QHNHWhLWentePotS4T3S7I
0k1mvnIgH3N91U85Lf3seIG83/gdDK1KmKrUXWNbQdKxpaVfjazInSJjv2nGHCPR
M3IxRVVlz0vHvuavinW66zHoUyjjYT/VRVUs/IRY6zTEcS7heZMwPgm0fTfEkzvy
DNV3VzoLvOeEVHGSuOneNmOunB2ko/GNxO1yJHcoDP3BJOPh/1U5TDlUc1To0vbe
kE6lm/jewwNKkrDrjPExaIP/vCyCelgD0O1zgT39kuL8Aa5/FHmf9K2BeMFWUJg2
4kVWpQHHV1khMJWpEw8s3bdHnnSQ2EkwM8lTx6jsjnQKxNM6mNDD/wyvKNXjTO7k
ah/e73RkaAjIkrqlY/xbbK2AX/061USr5nQ/ps7U6RElN0/A2TBc19IJZqkQIW3O
7KnJemn1DTtfMeND8Ui7HfSliluryu8UE4uklZzZmx2Hlfp110ZYg5svfOiaYfjI
aP97WdVXYsU=
=PSSi
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/07/esb-2020-2714-redhat-red-hat-openshift-service-mesh-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2714-redhat-red-hat-openshift-service-mesh-multiple-vulnerabilities

SWVHSC: Observing Disinformation Campaigns – Chad Anderson – PSW #661

Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work he is doing that will be released that maps Twitter hunting into a nice, observable dashboard for the lazy.

This segment is sponsored by DomainTools.

Visit https://securityweekly.com/domaintools to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw661

https://www.malwaredevil.com/2020/08/07/swvhsc-observing-disinformation-campaigns-chad-anderson-psw-661/?utm_source=rss&utm_medium=rss&utm_campaign=swvhsc-observing-disinformation-campaigns-chad-anderson-psw-661

Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem

An inside look at how nation-states use social media to influence, confuse and divide — and why cybersecurity researchers should be involved.
Read More

https://www.malwaredevil.com/2020/08/07/black-hat-2020-influence-campaigns-are-a-cybersecurity-problem/?utm_source=rss&utm_medium=rss&utm_campaign=black-hat-2020-influence-campaigns-are-a-cybersecurity-problem

The Twitter-hood

Some people write badly about you. It stings. But then you wonder… what, why, por que? Is this something I said, something I implied, something I thought of?

In the era of rapid judgment AD 2020 I found myself a subject to Twitter blocks and criticism on more than one occasion. My lesson learned bit is that dudes (so far dudes only) blocked me on Twitter because they don’t agree with my opinion/take/whatever. I always believed that if we were about to drive someone to obscurity by social media banning them it would require us to follow a meticulously explored path of questioning and probing, you know, to understand their point of view, but hell no…. it’s far easier to just block & forget.

Cuz Twitter.

As such I reply to my blockers: come at me with arguments and not blocks. I am not always right, but will listen and will change my mind, if you make me so… speaking of you people:

Read More

https://www.malwaredevil.com/2020/08/06/the-twitter-hood/?utm_source=rss&utm_medium=rss&utm_campaign=the-twitter-hood

Network Security News Summary for Friday August 7 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

https://www.malwaredevil.com/2020/08/06/network-security-news-summary-for-friday-august-7-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-friday-august-7-2020

🔴 LIVE: SWVHSC: Paul’s Security Weekly #661

This week, it’s the Security Weekly Virtual Hacker Summer Camp edition of Paul’s Security Weekly! In our first segment, we welcome Chad Anderson from DomainTools, then we run through the Security News, and we wrap the show with a Pre-Recorded interview with Sumedh Thakar and Mehul Revankar of Qualys!

→Full Show Notes: https://www.wiki.securityweekly.com/psw661

→Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly

https://www.malwaredevil.com/2020/08/06/%f0%9f%94%b4-live-swvhsc-pauls-security-weekly-661/?utm_source=rss&utm_medium=rss&utm_campaign=%25f0%259f%2594%25b4-live-swvhsc-pauls-security-weekly-661

JavaScript Security – Taemin Park – BH2020

Security holes and attack vectors in JavaScript. Defense mechanisms against JavaScript exploitations.

Visit https://securityweekly.com/summercamp2020 to view the Live Stream and previously recorded micro-interviews.

Chat live with the Security Weekly Staff, Hosts, and Guests in our Discord Server: https://discord.gg/pqSwWm4

Show Notes: https://securityweekly.com/bh204

https://www.malwaredevil.com/2020/08/06/javascript-security-taemin-park-bh2020/?utm_source=rss&utm_medium=rss&utm_campaign=javascript-security-taemin-park-bh2020

Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs

Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.
Read More

https://www.malwaredevil.com/2020/08/06/black-hat-2020-mercedes-benz-e-series-rife-with-19-bugs/?utm_source=rss&utm_medium=rss&utm_campaign=black-hat-2020-mercedes-benz-e-series-rife-with-19-bugs

Challenges Configuring Your Home Network for Remote Workers – BH2020

Paul Asadoorian and Matt Alderman discuss the challenges of remote work and how to setup your home network. This discussion will lead to a number of technical segments on future shows to help individuals setup a more secure network at home.

Visit https://securityweekly.com/summercamp2020 to view the Live Stream and previously recorded micro-interviews.

Chat live with the Security Weekly Staff, Hosts, and Guests in our Discord Server: https://discord.gg/pqSwWm4

Show Notes: https://securityweekly.com/bh204

https://www.malwaredevil.com/2020/08/06/challenges-configuring-your-home-network-for-remote-workers-bh2020/?utm_source=rss&utm_medium=rss&utm_campaign=challenges-configuring-your-home-network-for-remote-workers-bh2020

Canon Admits Ransomware Attack in Employee Note, Report

The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang.
Read More

https://www.malwaredevil.com/2020/08/06/canon-admits-ransomware-attack-in-employee-note-report/?utm_source=rss&utm_medium=rss&utm_campaign=canon-admits-ransomware-attack-in-employee-note-report

Summarizing the BlackHat Threat Intelligence Report – Matthew Gardiner – BH2020

Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020.

This segment is sponsored by Mimecast.

Visit https://securityweekly.com/mimecastbh to learn more about them!

Visit https://securityweekly.com/summercamp2020 to view the Live Stream and previously recorded micro-interviews.

Chat live with the Security Weekly Staff, Hosts, and Guests in our Discord Server: https://discord.gg/pqSwWm4

Show Notes: https://securityweekly.com/bh204

https://www.malwaredevil.com/2020/08/06/summarizing-the-blackhat-threat-intelligence-report-matthew-gardiner-bh2020/?utm_source=rss&utm_medium=rss&utm_campaign=summarizing-the-blackhat-threat-intelligence-report-matthew-gardiner-bh2020