Federal court dismisses dangerous charges in lawsuit that threatens First Amendment

logging
WikiMedia Commons

Abusive ‘racketeering’ charges in a lawsuit brought by a logging company against Greenpeace and other environment groups have been dismissed. The case is a prime example of how powerful corporations bring lawsuits primarily in an attempt to drain their critics of resources and intimidate them into silence.

The lawsuit brought by Resolute Forest products against Greenpeace Inc., Greenpeace Fund, Greenpeace International, Stand.earth, and five individuals is a classic SLAPP lawsuit—”strategic lawsuits against public participation”—which is a tool often used by corporations to suppress First Amendment-protected speech. While this lawsuit was brought against advocacy groups, news organizations are also particularly vulnerable to them.

SLAPP suits usually focus on specious libel claims, but this time, Resolute Forest went a step further and included racketeering charges under the Racketeer Influenced and Corrupt Organizations Act (RICO)—a controversial, sweeping law that provides for huge penalties for acts performed as an “alleged criminal enterprise.”

It’s a lawsuit against environmental groups, but one with huge implications for political advocacy more generally, and for press freedom. SLAPP lawsuits—especially with RICO charges—often intend to hold small nonprofits responsible for acts committed by unaffiliated groups or individuals.

This type of application of the law could have had severe implications beyond the case, and ensure all sorts of advocacy organizations and even news outlets.

As we wrote last year in our coverage of a similar lawsuit by a pipeline company, which attempted to hold Greenpeace, a small environmental news publication, and other groups responsible for alleged criminal activity by other entities:

“The press freedom implications of this claim are chilling. Say a news organization like the Washington Post publishes a story about activists boycotting internet services providers who refuse to treat digital content neutrality. Under this legal theory, internet service providers could conceivably sue the Washington Post and try to hold it responsible for the actions of unaffiliated individuals or groups because they read the story and took independent action.”

A California judge thankfully tossed out the racketeering and charges, and a majority of Resolute’s defamation claims. Greenpeace and the other organizations named in the lawsuit will continue to fight the remaining charges.


Greenpeace USA General Counsel Tom Wetterer issued the following statement:

“From day one, it was clear Resolute intended to bully legitimate advocacy organizations and forest defenders by abusing laws designed to curtail the mafia. The judge made it clear this would not be tolerated...Today’s landmark decision should be a lesson for other corporate bullies attempting the same underhanded legal tactics, like Energy Transfer, that they will not succeed in attempts to criminalize free speech. We will continue to speak truth to power.”

It’s worth noting that Resolute Forest Products is the largest newsprint producer in North America. While newspapers across the country are doing important work of publishing the news and keeping the public informed, they are doing so on materials produced by a company that targets advocacy groups and attempts to silence free expression.

This isn’t the first time Resolute Forest Products has sued environmental advocacy groups—this is the logging company’s second defamation case against Greenpeace, the first of which was brought against Greenpeace Canada and is still pending. And Resolute Forest Products is far from the only corporation that has used just tactics to attempt to criminalize legitimate advocacy—groups that advocated against the construction of the Dakota Access Pipeline were hit by a $900 million lawsuit accuses them of defamation and racketeering, and essentially calls them a criminal enterprise. We have previously documented how SLAPP suits can also intimidate and even bankrupt news organizations who publish critical coverage.

These lawsuits post huge threats to political advocacy and press freedom. While most of the charges against Greenpeace were dismissed, some do remain. In our mind, the entire lawsuit should be dismissed immediately.

Cisco Connected Mobile Experiences Information Disclosure Vulnerability

A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device.

The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl


Security Impact Rating: Medium
CVE: CVE-2019-1645

Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos


Security Impact Rating: High
CVE: CVE-2019-1644

Cisco SD-WAN Solution Buffer Overflow Vulnerability

A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user.

The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo


Security Impact Rating: Critical
CVE: CVE-2019-1651

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device.

The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege


Security Impact Rating: High
CVE: CVE-2018-15459

Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution

Multiple vulnerabilities in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files.

The vulnerabilities exist because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit these vulnerabilities by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal


Security Impact Rating: High
CVE: CVE-2019-1646

Cisco Webex Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software.

The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss
Security Impact Rating: Medium
CVE: CVE-2019-1655

Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device.

The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write


Security Impact Rating: High
CVE: CVE-2019-1650

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device.

The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information.

This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access


Security Impact Rating: Medium
CVE: CVE-2019-1656

Cisco SD-WAN Solution Privilege Escalation Vulnerability

A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device.

The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal


Security Impact Rating: High
CVE: CVE-2019-1648

Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject


Security Impact Rating: High
CVE: CVE-2019-1652

Cisco SD-WAN Solution Unauthorized Access Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers.

The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess


Security Impact Rating: High
CVE: CVE-2019-1647

Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts.

The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure


Security Impact Rating: Medium
CVE: CVE-2018-0187

Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information.

The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-threat-grid


Security Impact Rating: Medium
CVE: CVE-2019-1657

Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system.

These vulnerabilities are due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit these vulnerabilities by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss


Security Impact Rating: Medium
CVE: CVE-2019-1668

Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf


Security Impact Rating: Medium
CVE: CVE-2019-1658

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss


Security Impact Rating: Medium
CVE: CVE-2019-1642

Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce


Security Impact Rating: High
CVE: CVE-2019-1637,CVE-2019-1638,CVE-2019-1639,CVE-2019-1640,CVE-2019-1641

Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information.

The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info


Security Impact Rating: High
CVE: CVE-2019-1653

Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability

A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system.

This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams


Security Impact Rating: High
CVE: CVE-2019-1636

Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.

The vulnerability is due to the improper validation of requests stored in the system’s logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss


Security Impact Rating: Medium
CVE: CVE-2018-15455

AddressSanitizer (ASan) SUID Executable Privilege Escalation

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.

I2P 0.9.38

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

DataBreachToday.com RSS Syndication: Victim Count in Alaska Health Department Breach Soars

2018 Breach Report Said 501 Affected, But Now Up to 700,000 Being Notified
Alaska state authorities are reportedly notifying up to 700,000 individuals of a health department data breach that originally was reported to federal regulators last June as affecting only 501 people. Why is it so difficult to determine the scope of some breaches?

DataBreachToday.com RSS Syndication

Ubuntu Security Notice USN-3866-1

Ubuntu Security Notice 3866-1 - Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

Ubuntu Security Notice USN-3867-1

Ubuntu Security Notice 3867-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

Red Hat Security Advisory 2019-0148-01

Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-3707-2

Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.

Apple Security Advisory 2019-1-22-2

Apple Security Advisory 2019-1-22-2 - macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

U.S. Stocks Stave Off Bear Attack as Trade Risks Linger; Waves and Bitcoin Cash Lead Tepid Crypto Market Recovery

Stocks struggled to hold their ground Wednesday after an earnings boost failed to offset concerns about slowing global growth and a lack of progress in U.S.-China trade talks. An early rally in cryptocurrencies mostly faded by the afternoon, though bitcoin cash and Waves maintained sizable gains over the continuous 24-hour cycle. Stocks Hold Gains The […]

The post U.S. Stocks Stave Off Bear Attack as Trade Risks Linger; Waves and Bitcoin Cash Lead Tepid Crypto Market Recovery appeared first on Hacked: Hacking Finance.

Record Number of Americans See Climate Change As a Current Threat

An anonymous reader shares a report: More Americans are very worried about global warming and say the issue is personally important to them than ever before, according to a new poll released Tuesday. The polling may indicate that extreme weather events -- coupled with a series of grim scientific findings -- over the past year are starting to change peoples' minds about climate change, which could have significant implications for any significant climate legislation passing Congress. The key finding from the new survey from the Yale Program on Climate Change Communication and the George Mason University Center for Climate Change Communication is that Americans increasingly view global warming as a present-day threat to them, rather than an issue that will affect future generations. Nearly half of Americans (46%) said they personally experienced the effects of global warming -- a 15-point spike since March 2015.

Read more of this story at Slashdot.

Packet Storm: Ubuntu Security Notice USN-3707-2

Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.

Packet Storm

Packet Storm: Ubuntu Security Notice USN-3866-1

Ubuntu Security Notice 3866-1 - Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

Packet Storm

Packet Storm: I2P 0.9.38

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Packet Storm

Packet Storm: Red Hat Security Advisory 2019-0148-01

Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

Packet Storm

Packet Storm: AddressSanitizer (ASan) SUID Executable Privilege Escalation

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.

Packet Storm

Packet Storm: Apple Security Advisory 2019-1-22-2

Apple Security Advisory 2019-1-22-2 - macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

Packet Storm

Girl Scouts Of America Offering Cybersecurity Badges

It has been reported that the Girl Scouts of America is now offering girls as young as five a badge in cybersecurity. It’s part of a drive to get more girls involved in science, technology engineering and mathematics from a young age. An event in Silicon Valley gave scouts an opportunity to earn the first patch in the activity.

Cristina Roa, VP International at Securonix:

“The Girl Scouts initiative is an investment in the future of cybersecurity, and it will help to boost interest and participation in an industry in which women are not only traditionally underrepresented but an industry that is also facing a severe skills shortage.

The initiative offers girls the chance to learn about data privacy, online safety, coding and even how to become a white hat hacker. It is immensely important that initiatives, such as this one, continue to gain funding and support from the cybersecurity industry and governments. This will help drive awareness around cybersecurity, encourage more females to get into the industry and ensure that we have the resources in the future to combat an exponentially growing problem.”

The ISBuzz Post: This Post Girl Scouts Of America Offering Cybersecurity Badges appeared first on Information Security Buzz.

France Will Hack Its Enemies Back, Its Defense Secretary Says

France's defence secretary Florence Parly had a declaration to make this week: "Cyber war has begun." And she said the Euro nation's military will use its "cyber arms as all other traditional weapons... to respond and attack," as well as setting up a military bug bounty program. From a report: Parly made her pledges during a speech to the Forum International de Cybersecurite (FIC) in the northern French town of Lille. Her speech was on a topic that most Western countries shy away from addressing directly in public. "The cyber weapon is not only for our enemies," said France's defence secretary this afternoon, speaking through a translator. "No. It's also, in France, a tool to defend ourselves. To respond and attack." Her remarks will be seen as moving the debate about offensive cyber capabilities -- not just so-called "active defence" but using infosec techniques as another weapon in the arsenal of state-on-state warfare -- to a new level.

Read more of this story at Slashdot.

Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability

A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition.

The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass


Security Impact Rating: High
CVE: CVE-2019-1669

The Plot Against George Soros Didn’t Start in Hungary. It Started on Fox News.

Paranoid conspiracy theories about George Soros — the liberal philanthropist and financier cast, in starkly anti-Semitic terms, as a shadowy puppet master bent on toppling governments — are now so common that it is easy to forget that this viral meme was first injected into the far-right imagination by Fox News more than a decade ago.

An otherwise valuable new article for Buzzfeed by the Swiss journalist Hannes Grassegger — which explains how Hungary’s prime minister, Viktor Orbán, focused his entire re-election campaign on the imaginary threat posed by Soros, a Hungarian-born Jew — is marred by an incomplete history of the meme. Grassegger, who is perhaps lucky not to have access to Fox broadcasts, incorrectly attributes the creation of the anti-Soros meme to the late Arthur Finkelstein, an American political consultant who advised Orbán.

Grassegger is right to report that Finkelstein and his partner George Birnbaum “turned Soros into a meme” in Hungary, starting in 2013, portraying the billionaire as an enemy of the Hungarian people in posters and attack ads disguised as public service announcements. But his claim that the two men “created a Frankenstein monster that found a new life on the internet,” ignores the earlier role Fox News played in pushing the coded anti-Semitic attack on Soros.

Years before Finkelstein advised Orbán to use Soros as a punching bag — casting his financial support for education, human rights and democracy in Hungary as somehow nefarious — the Fox News hosts Bill O’Reilly and Glenn Beck had already vilified the Holocaust survivor in similar terms. O’Reilly started by accusing Soros of secretly giving “millions to politicians who will do his bidding,” before Beck went full Stürmer by describing Soros as “The Puppet Master.”

O’Reilly first introduced Fox News viewers to his caricature of Soros as a shadowy financier bent on “imposing a radical-left agenda” on Americans on April 23, 2007. The goal of Soros, O’Reilly warned darkly, was “to buy a presidential election.”

To do this, O’Reilly claimed, “Soros has set up a complicated political operation designed to buy influence among some liberal politicians and smear people with whom he disagrees.” O’Reilly’s complaint about Soros-backed smears was a reference to the billionaire’s support for Media Matters, a liberal watchdog group that had irked the Fox News pundit by regularly fact-checking and debunking his false claims.

O’Reilly’s analysis was then echoed by one of his guests, the conservative talk-radio host Monica Crowley, who claimed that Soros’s donations to liberal groups were “a brilliant way to get around the campaign finance laws in this country,” which he had been able to keep secret “before you just exposed him, because the mainstream media protects him.” Another guest, the far-right political activist Phil Kent, later chimed in to describe Soros as “really the Dr. Evil of the whole world of left-wing foundations” who “really hates this country.”

Although O’Reilly did not refer to Soros’s ethnicity, his criticism of the financier as a shadowy string-puller appealed to the imaginations of anti-Semites online. Less than a year later, Soros was portrayed as “a Jewish tycoon,” secretly directing American foreign policy from inside the White House, in a bizarre animated propaganda film broadcast on Iranian television.

In 2008, an animated Iranian public service announcement featured George Soros.

The public service announcement produced by Iran’s intelligence ministry warned viewers that Soros was “the mastermind of ultra-modern colonialism,” who “uses his wealth and slogans like liberty, democracy, and human rights to bring the supporters of America to power.” In the cartoon, Soros was shown plotting to overthrow Iran’s government, with the help of the CIA, John McCain and Gene Sharp, a political scientist whose theoretical work on nonviolent protest influenced color revolutions in Eastern Europe.

By October 2008, the idea that Soros was secretly controlling American politics was even lampooned on “Saturday Night Live,” in a sketch that identified the financier in an on-screen graphic as “Owner, Democratic Party.”

Will Forte played George Soros in a “Saturday Night Live” sketch broadcast on Oct. 4, 2008.

The actor playing Soros in the sketch, a mock C-SPAN broadcast, even joked that he had drained hundreds of billions of dollars from the American economy during the financial crisis and was planning to devalue the dollar.

Two years later, Fox’s Glenn Beck made the echo of anti-Jewish Nazi propaganda impossible to ignore, calling Soros a “puppet master” who “collapses regimes” in a broadcast — complete with actual puppets — that the columnist Michelle Goldberg described as “a symphony of anti-Semitic dog-whistles.”

In his long indictment of Soros, what Beck did not say about the list of governments he claimed the philanthropist had helped to topple was striking. Before claiming the United States would be Soros’s next “target,” Beck ominously intoned: “Soros has helped fund the ‘Velvet Revolution’ in the Czech Republic, the ‘Orange Revolution’ in the Ukraine, the ‘Rose Revolution’ in Georgia. He also helped to engineer coups in Slovakia, Croatia and Yugoslavia.” Beck failed to mention that in each of the countries he named, Soros had provided support to popular pro-democracy groups battling repressive regimes led by Communist or former Communist autocrats.

There were also no coups in Slovakia, Croatia or Yugoslavia. Slovakia was created by the so-called “velvet divorce,” the peaceful dissolution of the federal state of Czechoslovakia by democratically-elected leaders in 1993; Croatia’s wartime president, Franjo Tudjman, an authoritarian former Communist general, died in office in 1999 and was replaced by a former member of his party after a democratic election; Slobodan Milosevic, the Yugoslav leader who was most responsible for the brutal campaign of ethnic cleansing that killed tens of thousands in Bosnia, Croatia and Kosovo, resigned in 2000, following street protests after his loss in a democratic election.

Beck’s elaborate conspiracy theory, sketched out on both sides of a series of blackboards, was so unhinged that it inspired an extended parody by Jon Stewart.

Asked at the time what he made of Beck’s claims, “that you are the mastermind who is trying to bring down the American government,” Soros told Fareed Zakaria of CNN: “I would be amused if people saw the joke in it, because what he is doing, he is projecting what Fox, what Rupert Murdoch is doing — because he has a media empire that is telling the people some falsehoods and leading the government in the wrong direction.”

“Fox News,” Soros added, “has imported the methods of George Orwell, you know, Newspeak, where you can tell the people falsehoods and deceive them.”

While it is difficult to trace the influence of Fox News in Europe, where it is not broadcast on television, copies of Beck’s program, “The Puppet Master,” have been widely shared online, and the conspiracy theory soon became a matter of faith for far-right commentators on American websites.

An online editorial cartoon, published in 2011, showed how well-established conspiracy theories about George Soros were by then.

The conspiracy theories about Soros are now so widespread that earlier this week, Yair Netanyahu, the Israeli prime minister’s son, shared a link to a post by Pamela Geller, a far-right blogger, who distorted remarks made by Soros about how he survived the Holocaust to falsely accuse him of having been “a Nazi collaborator.”

Even after parting company with both Beck and O’Reilly, Fox has continued to focus obsessively on spreading invective and false claims about Soros as a hidden mastermind of liberal causes.

In April, one of the network’s new stars, Tucker Carlson, declared on air that “George Soros hates the United States.” Another new arrival, Laura Ingraham, claimed that Soros was behind protests against the confirmation of Brett Kavanaugh to the Supreme Court, despite a credible allegation of sexual assault. And in October, Lou Dobbs of Fox Business News made no objection when Christopher Farrell, the head of the far-right Judicial Watch, claimed that Soros was funding a caravan of asylum seekers marching to the U.S. border, through the “Soros-occupied State Department.”

The same week, Fox News reported that a pipe bomb had been sent to the home of “Democratic mega-donor George Soros.”

“This comes at a time,” the Fox News correspondent Bryan Llenas observed from outside Soros’s home, “when Soros’s name has been recently evoked by right-wing activists, including with the caravan moving forward. Rep. Matt Gaetz, just a few days ago tweeted, suggesting that Soros perhaps was part of the funding — funding the migrant caravan moving to the border. And the president himself has evoked Soros’s name recently, in Missoula, Montana, talking about Soros perhaps funding liberal protesters.”

The post The Plot Against George Soros Didn’t Start in Hungary. It Started on Fox News. appeared first on The Intercept.

The three most important ways to defend against security threats

An average of 5,000 to 7,000 new computer security threats are announced each year. That’s as many as 19 every day. The rate at which new threats appear make it difficult to decide which ones require your attention. It might surprise you that, while your competitors waste money on high-tech, expensive, and sometimes exotic defenses, you can get far more value by concentrating on just three things you already do.  You can spend less money and nothing you do otherwise will provide a better defense.

To read this article in full, please click here

(Insider Story)