Monthly Archives: January 2019

The Devil You Know – How Idioms Can Relate to Information Security

The Mirriam-Webster dictionary defines the idiom “better the devil you know than the devil you don’t” as “it is better to deal with a difficult person or situation one knows

The post The Devil You Know – How Idioms Can Relate to Information Security appeared first on The Cyber Security Place.

Boeing’s First Autonomous Air Taxi Flight Ends In Fewer Than 60 Seconds

Boeing has completed the first flight of its autonomous air taxi Tuesday at a small airport outside Washington, D.C. "The flight lasted less than a minute, according to Boeing, and it didn't actually go anywhere," reports CNN. "Instead, it hovered above the runway. Boeing declined to share how high above the ground it flew." From the report: But Boeing is hailing the achievement as a milestone for its NeXt division, which develops autonomous airplanes. The flying car prototype is 30 feet long and 28 feet wide. It's designed to fly up to 50 miles at a time. Boeing and its competitors such as Airbus are betting that small, self-flying airplanes -- technically dubbed electric vertical takeoff and landing (eVTOL) -- will revolutionize transportation, especially in urban areas. Boeing believes the vehicles, more commonly referred to as air taxis or flying cars, will be a solution to traffic congestion.

Read more of this story at Slashdot.

Cisco fixes security holes in SD-WAN, Webex, Small Business routers

Cisco has fixed a heap of security holes in a variety of its products, including a critical one affecting its SD-WAN Solution. Cisco SD-WAN vulnerabilities The most critical among the flaws fixed are a buffer overflow vulnerability (CVE-2019-1651) and a high risk unauthorized access flaw (CVE-2019-1647) affecting any Cisco vSmart Controller Software versions running a release of the Cisco SD-WAN Solution prior to 18.4.0. CVE-2019-1651 could be exploited by sending a malicious file to an … More

The post Cisco fixes security holes in SD-WAN, Webex, Small Business routers appeared first on Help Net Security.

The importance of updating your systems and software

The importance of updating your systems and software updates

Unpatched software leaves businesses open to attack

There seems to be a system or piece of software for everything nowadays – from apps that let you explore internet browsers in virtual reality to software that can help improve your speech, technology is helping push the boundaries of what can be achieved both inside and outside of the workplace.

But while every business, on the face of it at least, is happy to acquire new systems and applications to drive productivity and reduce costs, far too few update these systems and/or software on a regular basis to ensure security. The “gold standard” for the implementation of critical patches is 30 days, and 90 days for non-critical patches, although that’s still more than enough time for cyber criminals to do damage.

Often, these businesses have bespoke systems and/or software applications that are set up in a certain way and only work with specific versions of software. A lack of updates to the system/software infrastructure could result in critical parts of it not working.

Businesses cannot afford to adopt an approach of “if it’s not broken, don’t fix it”. The fact is that outdated systems and third-party applications often have a host of vulnerabilities, and ignoring software updates could prove to be a grave mistake.

Cybercriminals target software and system vulnerabilities

The majority of impactful cyberattacks often have one thing in common: they target known vulnerabilities in systems and third-party software. WannaCry and the Equifax and BA hacks are all high-profile examples of successful attacks on unpatched systems.

But these cases also have something else in common: each one could have been avoided. Software updates and patches were released before the attacks took place, and the only reason that so many businesses fell victim to these cyberattacks is because they neglected to download, run and install them.

In the case of WannaCry, an investigation by the National Audit Office discovered that the NHS had repeatedly been warned to migrate away from its dated systems – and that “basic IT security” was all that was required to prevent the “unsophisticated” WannaCry attack.

The same applies to the Equifax with an out of date version of Apache on their webserver, and BA who had not updated a cross-site scripting vulnerability.

Without a doubt, the fundamental issue is that many businesses mistakenly believe themselves to be secure because they have advanced cyber security and intrusion detection solutions in place.

But cybersecurity is only as good as its weakest link. If a business uses outdated systems or software, endpoints are left vulnerable and can be readily compromised by a cybercriminal with very little working knowledge.

Businesses face a multi-faceted challenge in the form of patch management

Indeed, the management of system software updates and patches has become a serious challenge for modern organisations. As the technology landscape has evolved and diversified, businesses now use a variety of systems and third-party applications to manage and enhance processes. Updating infrastructure is no longer a simple button press on an operating system – it’s a business-wide decision that affects all existing activities.

For many businesses, and large enterprises in particular, updating their technology stacks often means stopping critical operations for a day or two as system software updates and patches are downloaded, installed and configured. And as their infrastructure is incredibly intricate, any update or change could result in key bits of software malfunctioning.

Subsequently the patch management process becomes time-consuming, and businesses face the difficult decision of taking crucial elements of their infrastructure offline for updates and maintenance. Neglecting these updates is akin to someone leaving their front door open and windows unlocked, but many businesses simply cannot afford to take their activities offline for even a minute.

Manage software and system updates through automated patch solutions

For businesses with this kind of complex infrastructure, it’s easy to understand why updates and patches are pushed further and further back. Installing a patch as soon as it’s available is best practice, but that kind of agility can only really be applied to a small business with limited systems and software or a single user.

Basic operating system updates can (and should) be applied as and when they are available. But for more bespoke in-house systems, which are connected to a suite of tools, a more considered approach is necessary.

Fortunately, businesses can readily manage and update their systems and third-party software infrastructure through automated patch management solutions.

Automated patch management does exactly what it says on the tin: it analyses software and systems in use to determine whether patches and/or updates are available and downloads them. These patches and/or updates are acquired in the background and can be installed at a specified time.

Panda Patch Management, a module of Panda Adaptive Defense, manages vulnerabilities – outdated systems and third-party software – and their corresponding updates and patches. Full visibility of endpoint health, i.e. whether systems or software is outdated and patch status, is provided in real time and across the enterprise.

The solution also correlates detected and identified threats with uncovered vulnerabilities to minimise response time and contain and remediate attacks through automated patch application. This kind of patch management allows businesses to get ahead of software vulnerability exploit attacks, enhance endpoint security and reduce attack vectors.

Businesses cannot afford to overlook or avoid patching and updating software infrastructure. Cybercriminals are banking on businesses not updating or patching their systems or software so that they can exploit vulnerabilities and deal damage. If an update is available, it should be applied at the earliest and most practical opportunity.

If you want to find out more about Panda Patch Management and how it can ensure that your business remains protected, click here.

The post The importance of updating your systems and software appeared first on Panda Security Mediacenter.

GreyEnergy’s overlap with Zebrocy

In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015, which led to power outages. Like its predecessor, GreyEnergy malware has been detected attacking industrial and ICS targets, mainly in Ukraine.

Kaspersky Lab ICS CERT has identified an overlap between GreyEnergy and a Sofacy subset called “Zebrocy”. The Zebrocy activity was named after malware that Sofacy group began to use since mid-November 2015 for the post-exploitation stage of attacks on its victims. Zebrocy’s targets are widely spread across the Middle East, Europe and Asia and the targets’ profiles are mostly government-related.

Both sets of activity used the same servers at the same time and targeted the same organization.

Details

Servers

In our private APT Intel report from July 2018 “Zebrocy implements new VBA anti-sandboxing tricks”, details were provided about different Zebrocy C2 servers, including 193.23.181[.]151.

In the course of our research, the following Zebrocy samples were found to use the same server to download additional components (MD5):

7f20f7fbce9deee893dbce1a1b62827d
170d2721b91482e5cabf3d2fec091151
eae0b8997c82ebd93e999d4ce14dedf5
a5cbf5a131e84cd2c0a11fca5ddaa50a
c9e1b0628ac62e5cb01bf1fa30ac8317

The URL used to download additional data looks as follows:

hxxp://193.23.181[.]151/help-desk/remote-assistant-service/PostId.php?q={hex}

This same C2 server was also used in a spearphishing email attachment sent by GreyEnergy (aka FELIXROOT), as mentioned in a FireEye report. Details on this attachment are as follows:

  • The file (11227eca89cc053fb189fac3ebf27497) with the name “Seminar.rtf” exploited CVE-2017-0199
  • “Seminar.rtf” downloaded a second stage document from: hxxp://193.23.181[.]151/Seminar.rtf (4de5adb865b5198b4f2593ad436fceff, exploiting CVE-2017-11882)
  • The original document (Seminar.rtf) was hosted on the same server and downloaded by victims from: hxxp://193.23.181[.]151/ministerstvo-energetiki/seminars/2019/06/Seminar.rtf

Another server we detected that was used both by Zebrocy and by GreyEnergy is 185.217.0[.]124. Similarly, we detected a spearphishing GreyEnergy document (a541295eca38eaa4fde122468d633083, exploiting CVE-2017-11882), also named “Seminar.rtf”.

“Seminar.rtf”, a GreyEnergy decoy document

This document downloads a GreyEnergy sample (78734cd268e5c9ab4184e1bbe21a6eb9) from the following SMB link:

\\185.217.0[.]124\Doc\Seminar\Seminar_2018_1.AO-A

The following Zebrocy samples use this server as C2:

7f20f7fbce9deee893dbce1a1b62827d
170d2721b91482e5cabf3d2fec091151
3803af6700ff4f712cd698cee262d4ac
e3100228f90692a19f88d9acb620960d

They retrieve additional data from the following URL:

hxxp://185.217.0[.]124/help-desk/remote-assistant-service/PostId.php?q={hex}

It is worth noting that at least two samples from the above list use both 193.23.181[.]151 and 185.217.0[.]124 as C2s.

Hosts associated with GreyEnergy and Zebrocy

Attacked company

Additionally, both GreyEnergy and Zebrocy spearphishing documents targeted a number of industrial companies in Kazakhstan. One of them was attacked in June 2018.

GreyEnergy and Zebrocy overlap

Attack timeframe

A spearphishing document entitled ‘Seminar.rtf’, which retrieved a GreyEnergy sample, was sent to the company approximately on June 21, 2018, followed by a Zebrocy spearphishing document sent approximately on June 28:

‘(28.06.18) Izmeneniya v prikaz PK.doc’ Zebrocy decoy document translation:
‘Changes to order, Republic of Kazakhstan’

The two C2 servers discussed above were actively used by Zebrocy and GreyEnergy almost at the same time:

  • 193.23.181[.]151 was used by GreyEnergy and Zebrocy in June 2018
  • 185.217.0[.]124 was used by GreyEnergy between May and June 2018 and by Zebrocy in June 2018

Conclusions

The GreyEnergy/BlackEnergy actor is an advanced group that possesses extensive knowledge on penetrating into their victim´s networks and exploiting any vulnerabilities it finds. This actor has demonstrated its ability to update its tools and infrastructure in order to avoid detection, tracking, and attribution.

Though no direct evidence exists on the origins of GreyEnergy, the links between a Sofacy subset known as Zebrocy and GreyEnergy suggest that these groups are related, as has been suggested before by some public analysis. In this paper, we detailed how both groups shared the same C2 server infrastructure during a certain period of time and how they both targeted the same organization almost at the same time, which seems to confirm the relationship’s existence.

For more information about APT reports please contact: intelreports@kaspersky.com

For more information about ICS threats please contact: ics-cert@kaspersky.com

Securelist: GreyEnergy’s overlap with Zebrocy

In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015, which led to power outages. Like its predecessor, GreyEnergy malware has been detected attacking industrial and ICS targets, mainly in Ukraine.

Kaspersky Lab ICS CERT has identified an overlap between GreyEnergy and a Sofacy subset called “Zebrocy”. The Zebrocy activity was named after malware that Sofacy group began to use since mid-November 2015 for the post-exploitation stage of attacks on its victims. Zebrocy’s targets are widely spread across the Middle East, Europe and Asia and the targets’ profiles are mostly government-related.

Both sets of activity used the same servers at the same time and targeted the same organization.

Details

Servers

In our private APT Intel report from July 2018 “Zebrocy implements new VBA anti-sandboxing tricks”, details were provided about different Zebrocy C2 servers, including 193.23.181[.]151.

In the course of our research, the following Zebrocy samples were found to use the same server to download additional components (MD5):

7f20f7fbce9deee893dbce1a1b62827d
170d2721b91482e5cabf3d2fec091151
eae0b8997c82ebd93e999d4ce14dedf5
a5cbf5a131e84cd2c0a11fca5ddaa50a
c9e1b0628ac62e5cb01bf1fa30ac8317

The URL used to download additional data looks as follows:

hxxp://193.23.181[.]151/help-desk/remote-assistant-service/PostId.php?q={hex}

This same C2 server was also used in a spearphishing email attachment sent by GreyEnergy (aka FELIXROOT), as mentioned in a FireEye report. Details on this attachment are as follows:

  • The file (11227eca89cc053fb189fac3ebf27497) with the name “Seminar.rtf” exploited CVE-2017-0199
  • “Seminar.rtf” downloaded a second stage document from: hxxp://193.23.181[.]151/Seminar.rtf (4de5adb865b5198b4f2593ad436fceff, exploiting CVE-2017-11882)
  • The original document (Seminar.rtf) was hosted on the same server and downloaded by victims from: hxxp://193.23.181[.]151/ministerstvo-energetiki/seminars/2019/06/Seminar.rtf

Another server we detected that was used both by Zebrocy and by GreyEnergy is 185.217.0[.]124. Similarly, we detected a spearphishing GreyEnergy document (a541295eca38eaa4fde122468d633083, exploiting CVE-2017-11882), also named “Seminar.rtf”.

“Seminar.rtf”, a GreyEnergy decoy document

This document downloads a GreyEnergy sample (78734cd268e5c9ab4184e1bbe21a6eb9) from the following SMB link:

\\185.217.0[.]124\Doc\Seminar\Seminar_2018_1.AO-A

The following Zebrocy samples use this server as C2:

7f20f7fbce9deee893dbce1a1b62827d
170d2721b91482e5cabf3d2fec091151
3803af6700ff4f712cd698cee262d4ac
e3100228f90692a19f88d9acb620960d

They retrieve additional data from the following URL:

hxxp://185.217.0[.]124/help-desk/remote-assistant-service/PostId.php?q={hex}

It is worth noting that at least two samples from the above list use both 193.23.181[.]151 and 185.217.0[.]124 as C2s.

Hosts associated with GreyEnergy and Zebrocy

Attacked company

Additionally, both GreyEnergy and Zebrocy spearphishing documents targeted a number of industrial companies in Kazakhstan. One of them was attacked in June 2018.

GreyEnergy and Zebrocy overlap

Attack timeframe

A spearphishing document entitled ‘Seminar.rtf’, which retrieved a GreyEnergy sample, was sent to the company approximately on June 21, 2018, followed by a Zebrocy spearphishing document sent approximately on June 28:

‘(28.06.18) Izmeneniya v prikaz PK.doc’ Zebrocy decoy document translation:
‘Changes to order, Republic of Kazakhstan’

The two C2 servers discussed above were actively used by Zebrocy and GreyEnergy almost at the same time:

  • 193.23.181[.]151 was used by GreyEnergy and Zebrocy in June 2018
  • 185.217.0[.]124 was used by GreyEnergy between May and June 2018 and by Zebrocy in June 2018

Conclusions

The GreyEnergy/BlackEnergy actor is an advanced group that possesses extensive knowledge on penetrating into their victim´s networks and exploiting any vulnerabilities it finds. This actor has demonstrated its ability to update its tools and infrastructure in order to avoid detection, tracking, and attribution.

Though no direct evidence exists on the origins of GreyEnergy, the links between a Sofacy subset known as Zebrocy and GreyEnergy suggest that these groups are related, as has been suggested before by some public analysis. In this paper, we detailed how both groups shared the same C2 server infrastructure during a certain period of time and how they both targeted the same organization almost at the same time, which seems to confirm the relationship’s existence.

For more information about APT reports please contact: intelreports@kaspersky.com

For more information about ICS threats please contact: ics-cert@kaspersky.com



Securelist

Organizations waste money storing useless IT hardware

A survey of 600 data center experts from APAC, Europe and North America reveals that two in five organizations that store their data in-house spend more than $100,000 storing useless IT hardware that could pose a security or compliance risk. Astonishingly, 54 percent of these companies have been cited at least once or twice by regulators or governing bodies for noncompliance with international data protection laws. Fines of up to $1.5 million could be issued … More

The post Organizations waste money storing useless IT hardware appeared first on Help Net Security.

China Blocks Microsoft’s Bing Search Engine, Despite Offering Censored Results

China has blocked Microsoft-owned search engine Bing, the company confirmed after receiving complaints from users throughout the country who took to social media beginning late Wednesday to express concerns. So, Bing becomes the latest service to be shut down by Chinese government behind its so-called Great Firewall of China, which blocks thousands of websites originating in the west

Multi-vector attacks target cloud-hosted technologies

The push to move everything into the cloud over the past several years has generated a large number of misconfigured and exposed deployments of various software stacks. This has attracted sophisticated attacks that destroy data or abuse server resources for cryptocurrency mining.

In a new report released today, security researchers from Securonix warn of an increase in the number of multi-vector and multi-platform automated attacks against cloud infrastructure over the past few months. These often combine cryptomining, ransomware and botnet malware all in one.

To read this article in full, please click here

DHS issues emergency Directive to prevent DNS hijacking attacks

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e. .gov) to prevent DNS hijacking attacks.

The notice was issued by the DHS and links the emergency directive
Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”

“In coordination with government and industry partners, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is tracking a series of incidents1 involving Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.” reads the emergency directive.

“To address the significant and imminent risks to agency information and information systems presented by this activity, this emergency directive requires the following near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.”

Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.

The emergency directive requests federal agencies to check public DNS records for all .gov and other domains they manage to ensure that they have not been tampered with. The check must be completed in 10 days and includes Address (A), Mail Exchanger (MX), and Name Server (NS) records.

Within 10 business days, agencies will have to change the passwords for their DNS account and enable multifactor authentication where available, but CISA warns risks for SMS-based MFA.

DHS also instructed federal agencies to monitor Certificate Transparency logs for any abuse related to fraudulently issued certificates.

The overall process and signs of progress will be monitored by the DHS, the agencies must submit a status report by January 25 and a final report for all the actions done in compliance with the directive by February 5.

“Beginning February 6, 2019, the CISA Director will engage Chief Information Officers (CIO) and/or Senior Agency Officials for Risk Management (SAORM) of agencies that have not completed required actions, as appropriate, to ensure their most critical federal information systems are adequately protected,” continues CISA.

“By February 8, 2019, CISA will provide a report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) identifying agency status and outstanding issues.”

DHS DNS hijacking

The emergency directive is probably related to a recently disclosed campaign of DNS hijacking attacks uncovered by FireEye.

The DNS hijacking campaign targeted government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe. According to the experts, the campaign is carried out, with “moderate confidence,” by APT groups linked to the Iranian Government.

FireEye researchers tracked access from Iranian IPs to machines used to intercept, record and forward network traffic. The same IPs were previously associated with cyber attacks conducted by Iranian cyberspies.

The attackers are not financially motivated and targeted several Middle Eastern governments whose data would be of interest to Iran.

It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale. Attackers used three different ways to manipulate DNS records to enable victim compromises.

After the FireEye’s report, the US-CERT published an alert on January 10 to warn organizations of DNS hijacking campaigns.

Pierluigi Paganini

(SecurityAffairs – DHS, DNS hijacking attacks)

The post DHS issues emergency Directive to prevent DNS hijacking attacks appeared first on Security Affairs.

Branching out more efficiently and securely with SD-WAN

As enterprises expand, through organic growth or acquisition, they need to support the IT needs of more distributed locations. These often include teams in shared office spaces versus enterprise-owned or leased facilities. To serve remote locations and users, enterprises are rapidly moving toward cloud-based applications including Unified Communications as a Service (UCaaS). As always, IT teams are under pressure to contain costs and are turning to Software Defined Wide Area Networks (SD-WAN) to play a … More

The post Branching out more efficiently and securely with SD-WAN appeared first on Help Net Security.

Weird Orbits of Distant Objects Can Be Explained Without Invoking a ‘Planet Nine’

schwit1 shares a report from Space.com: The weirdly clustered orbits of some far-flung bodies in our solar system can be explained without invoking a big, undiscovered "Planet Nine," a new study suggests. The shepherding gravitational pull could come from many fellow trans-Neptunian objects (TNOs) rather than a single massive world, according to the research. "If you remove Planet Nine from the model, and instead allow for lots of small objects scattered across a wide area, collective attractions between those objects could just as easily account for the eccentric orbits we see in some TNOs," study lead author Antranik Sefilian, a doctoral student in the Department of Applied Mathematics and Theoretical Physics at Cambridge University in England, said in a statement. The duo's modeling work suggests that the strength-in-numbers explanation does indeed work -- if the mass of the Kuiper Belt, the ring of bodies beyond Neptune, is a few to 10 times that of Earth. This is a pretty big "if," given that most estimates peg the Kuiper Belt's mass at less than 10 percent that of Earth (and one recent study put the figure at 0.02 Earth masses). But other solar systems are known to harbor massive disks of material in their outer reaches, Sefilian and Touma noted. And our failure to spot one around our own sun doesn't mean it doesn't exist, they stressed. The new study has been accepted for publication in the Astronomical Journal.

Read more of this story at Slashdot.

Focus on the Penetration Testing eXtreme Training Course — PTX

Malicious hackers are becoming increasingly smart. But so are IT Security professionals! See how the Penetration Testing eXtreme (PTX) training course can help you learn advanced techniques to keep your organization out of harm’s way.

Reading from your mobile? Click on the image to fit your screen.

See what some of our students say about this course, read their reviews below:

Want to learn advanced penetration testing skills? Discover the PTX training course and get your free trial below:
 DISCOVER PTX   |   – GET FREE TRIAL 

Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram

Reimagining risk management to mitigate looming economic dangers

In a volatile market environment and with the edict to “do more with less,” many financial institutions are beginning efforts to reengineer their risk management programs, according to a new survey by Deloitte Global, with emerging technologies in the driver’s seat. Seventy percent of the financial services executives surveyed said their institutions have either recently completed an update of their risk management program or have one in progress, while an additional 12 percent said they … More

The post Reimagining risk management to mitigate looming economic dangers appeared first on Help Net Security.

Microsoft remains the most impersonated brand, Netflix phishing spikes

Although Microsoft remains the top target for phishers, Netflix saw an incredible surge in Dec., making it the second most impersonated brand in Q4 2018, according to Vade Secure. Microsoft remains the #1 impersonated brand, receiving more than 2.3 times the number of phishing URLs than Netflix. One credential can provide hackers with a single entry point to all of the apps under the Office 365 platform—as well as the files, data, contacts, etc. stored … More

The post Microsoft remains the most impersonated brand, Netflix phishing spikes appeared first on Help Net Security.

Expert shares PoC exploit code for remote iOS 12 jailbreak On iPhone X

Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X

The security researcher Qixun Zhao of Qihoo 360’s Vulcan Team has published a PoC exploit code for critical vulnerabilities in Apple Safari web browser and iOS that could be exploited by a remote attacker to jailbreak an iPhoneX running iOS 12.1.2 and early versions.

The exploitation of the flaw is quite simple, the attacker needs to trick victims into opening a specially crafted web page using Safari browser.

The PoC code developed by Qixun Zhao, dubbed Chaos, chains two security flaws that were demonstrated at TianfuCup hacking contest in November.

The Chaos exploit code triggers a couple of vulnerabilities, a type confusion memory corruption flaw in Apple’s Safari WebKit (CVE-2019-6227) and a use-after-free memory corruption bug (CVE-2019-6225) in iOS Kernel. Apple addressed the flaws by releasing the iOS version 12.1.3

The Safari vulnerability allowed maliciously crafted web content to execute arbitrary code on the targeted device, which then the second one allowed to elevate privileges and silently deploy a malicious application

Zhao published a blog post that includes some details for the exploit code, the expert also shared a PoC video demonstration for it.

Zhao hasn’t published the exploit code for the iOS jailbreak to prevent attacks in the wild.

“I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release. At the same time, I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community,” Zhao said.

iPhone users urge to install the latest iOS update as soon as possible,

Pierluigi Paganini

(SecurityAffairs – iOS jailbreak, Apple)

The post Expert shares PoC exploit code for remote iOS 12 jailbreak On iPhone X appeared first on Security Affairs.

Cyberattacks fueled by geopolitical tension are increasing

Billions of personal records were stolen in 2018, unearthed in breaches that successfully targeted household names in government, technology, healthcare, travel and hospitality. Compounding the problem has been increased geopolitical tension between western democracies and countries like Russia, China and North Korea. Modern cyberattacks appear to increasingly be fueled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected — using techniques such as lateral movement, island hopping and counter … More

The post Cyberattacks fueled by geopolitical tension are increasing appeared first on Help Net Security.

CVE-2018-20742

An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write.

CVE-2019-6486

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

Latest Hacking News Podcast #208

Image based malware targeting Mac users through ads, phishing campaign using fake voicemail messages to steal passwords, and banking trojan rotating tactics to evade detection on episode 208 of our daily cybersecurity podcast.

Latest Hacking News Podcast #208 on Latest Hacking News.

CVE-2018-17694

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138.

CVE-2018-17702

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of button objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7252.

CVE-2018-17696

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169.

CVE-2018-17703

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the defaultValue property of ComboBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7253.

CVE-2018-17698

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067.

CVE-2018-17704

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the textColor property of RadioButton objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7254.

CVE-2018-17700

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7131.

CVE-2018-17705

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7255.

CVE-2018-17693

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7130.

CVE-2018-17707

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler for the com.epicgames.launcher protocol. A crafted URI with the com.epicgames.launcher protocol can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-7241.

CVE-2018-17697

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170.

CVE-2018-17701

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JSON objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7132.

CVE-2018-17695

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the username property of a TextField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7145.

CVE-2018-17699

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073.

CVE-2018-17692

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7129.

CVE-2018-17673

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subtype property of a Annotation object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6820.

CVE-2018-17674

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845.

CVE-2018-17675

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848.

CVE-2018-17676

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849.

CVE-2018-17677

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mailDoc method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6850.

CVE-2018-17678

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoNamedDest method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6851.

CVE-2018-17681

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getPageBox method of a Form. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7141.

CVE-2018-17683

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the createIcon method of an app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7163.

CVE-2018-17684

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isPropertySpecified method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6470.

CVE-2018-17685

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6819.

CVE-2018-17687

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7068.

CVE-2018-17688

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setItems method of a ComboBox. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7069.

CVE-2018-17689

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7070.

CVE-2018-17690

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rect property of a Link object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7103.

CVE-2018-17679

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6890.

CVE-2018-17680

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the style property of a Field object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6915.

CVE-2018-17686

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6844.

CVE-2018-17691

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128.

CVE-2018-17682

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157.

CVE-2018-17670

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the content property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6524.

CVE-2018-17669

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6523.

CVE-2018-17656

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getDisplayItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6506.

CVE-2018-17657

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoURL method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6507.

CVE-2018-17658

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the respose property of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6509.

CVE-2018-17659

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the title property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6511.

CVE-2018-17660

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6512.

CVE-2018-17661

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the messageBox method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6513.

CVE-2018-17662

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514.

CVE-2018-17663

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6517.

CVE-2018-17664

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isCompatibleNS method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6518.

CVE-2018-17665

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the currentPage property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6519.

CVE-2018-17666

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520.

CVE-2018-17672

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of array indices. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6817.

CVE-2018-17667

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the print method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6521.

CVE-2018-17671

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Lower method of a XFA object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6617.

CVE-2018-17668

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeAttribute method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6522.

CVE-2018-17646

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6483.

CVE-2018-17653

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6503.

CVE-2018-17643

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the editValue property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6480.

CVE-2018-17647

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the boundItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6484.

CVE-2018-17648

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rotate property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6485.

CVE-2018-17649

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAttribute method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6486.

CVE-2018-17650

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNodes method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6487.

CVE-2018-17651

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getItemState method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6501.

CVE-2018-17652

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mandatory property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6502.

CVE-2018-17655

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the moveInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6505.

CVE-2018-17654

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the insertInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6504.

CVE-2018-17640

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Form count property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6477.

CVE-2018-17642

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the colSpan property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6479.

CVE-2018-17639

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setElement method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6475.

CVE-2018-17641

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the deleteItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6478.

CVE-2018-17645

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482.

CVE-2018-17644

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6481.

CVE-2018-17629

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of template objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6614.

CVE-2018-17630

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616.

CVE-2018-17628

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA setInterval method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6458.

CVE-2018-17638

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getAttribute method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6474.

CVE-2018-17637

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the loadXML method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6473.

CVE-2018-17636

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id property of a aliasNode. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6472.

CVE-2018-17635

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471.

CVE-2018-17634

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the attachIcon property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6499.

CVE-2018-17633

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subject property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6498.

CVE-2018-17632

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6700.

CVE-2018-17625

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438.

CVE-2018-17627

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA mouseUp event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6455.

CVE-2018-17631

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeInstance event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6500.

CVE-2018-17626

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Validate events of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6439.

Emulator Project Aims To Resurrect Classic Mac Apps, Games Without the OS

An anonymous reader quotes a report from Ars Technica, written by Sean Gallagher: Want to be able to run classic Mac OS applications compiled for the Motorola 68000 series of processors on your ever-so-modern Mac OS X machine? Or maybe you'd rather run them on a Raspberry Pi, or an Android device for that matter? There's an emulation project that's trying to achieve just that: Advanced Mac Substitute (AMS). Advanced Mac Substitute is an effort by long-time Mac hacker Josh Juran to make it possible to run old Mac OS software (up to Mac OS 6) without a need for an Apple ROM or system software. Other emulators out there for 64000 Mac applications such as Basilisk II require a copy of MacOS installation media -- such as install CDs from Mac OS 7.5 or Mac OS 8. But AMS uses a set of software libraries that allow old Mac applications to launch right within the operating environment of the host device, without needing to have a full virtual hardware and operating system instance behind them. And it's all open source. I got a demo of AMS from Juran at Shmoocon in Washington, DC, this past weekend. He showed me an early attempt at getting the game LoadRunner to work with the emulator -- it's not yet interactive. A version of the project, downloadable from Github, includes a "Welcome" screen application (a sort of Mac OS "hello world"), Mac Tic-Tac-Toe, and an animation of NyanCat. Applications are launched from the command line for now and are executed by the emulation software, which interprets the system and firmware calls. Unfortunately, there's still a lot of work to be done. While AMS works on Mac OS X up to version 10.12 -- both on Intel and PowerPC versions of the operating system -- the code currently won't compile on MacOS Mojave. And the Linux implementation of AMS does not yet support keyboard input. I was unable to get the front end to execute at all on Debian 9 on Intel.

Read more of this story at Slashdot.

How Safe is Your Child’s School WiFi?

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily life than the canteen!! And that is saying something…

You’d be hard pressed to find a child who rocked up to school without a device in their backpack in our digital age. The vast majority of schools have embraced the many positive learning benefits that internet-connected devices offer our kids. The traditional blackboard and textbook lessons that were confined to the four walls of the classroom are gone. Instead our kids can research, discover, collaborate, create and most importantly, learn like never before.

But in order for this new learning to occur, our kids need to be internet connected. And this is where school WiFi comes into play.

Do Parents Need to Be Concerned About School WiFi?

As parents, we have a responsibility to ensure our kids are safe and not at risk – and that includes when they are using the WiFi at school. Ideally, your child’s school should have a secure WiFi network but unfortunately, that doesn’t mean that they do. School budgets are tight and top-notch secure WiFi networks are expensive, so in some cases, security maybe jeopardised.

The other factor we shouldn’t ignore is that our batch of digital natives are very tech literate. The possibility that one of them may choose to cause some mayhem to their school WiFi network should also not be ignored!!

At the end of the day, the security of a WiFi network is all about whether it has tight access controls. If it allows only approved devices and people to connect via a secure login then it is more secure than public WiFi. However, if it is open to anyone or easy for anyone to connect to it, then you need to treat it like public WiFi.

What Are the Risks?

An unsecured school WiFi network is as risky as public WiFi which, according to the Harvard Business Review, is as risky as rolling a dice,

Students and staff who use an unsecured WiFi network are at risk of receiving phishing emails, being the victim of a ransomware attack or even having their data or personal details stolen. There is also a risk that the entire school’s operations could be disrupted and possibly even closed down through a DDOS – a Denial of Service Attack.

What Can Parents Do to Ensure Their Kids Are Safe Using School WiFi?

There are several steps parents can take to minimise the risks when their offspring use school WiFi.

  1. Talk To Your School

The first thing to do is speak to your child’s school to understand exactly how secure their network is. I’d recommend asking who has access to the network, what security practices they have in place and how they manage your child’s private data.

  1. Install Security Software

Operating a device without security software is no different to leaving your front door unlocked. Installing security software on all devices, including smartphones, will provide protection against viruses, online threats, risky websites and dangerous downloads. Check out McAfee’s Total Protection security software for total peace of mind!

  1. Keep Device Software Up To Date

Software updates are commonly designed to address security issues. So ensuring ALL your devices are up to date is a relatively easy way of minimising the risk of being hacked.

  1. Schedule Regular Data Back Up

If you are the victim of a ransomware attack and your data is backed up then you won’t even have to consider paying the hefty fee to retrieve your (or your child’s) data. Backing up data regularly should be not negotiable however life can often get in the way. Why not schedule automatic backups? I personally love online backup options such as Dropbox and Google Drive however you may choose to invest in a hard drive.

  1. Public Wi-Fi Rules?

If after talking to your school, you aren’t convinced that your child’s school WiFi network is secure, then I recommend that your kids should treat it as if it was public WiFi. This means that they should NEVER conduct any financial transactions using it and never share any personal details. But the absolute best way of ensuring your child is safe using an unsecured WiFi network, is to use a Virtual Private Network (VPN). A VPN like McAfee’s Safe Connect creates an encrypted tunnel so anything that is shared over WiFi is completely safe.

As a mum of 4, I am very keen to ensure my kids are engaged with their learning. And in our digital times, this means devices and WiFi. So, let’s support our kids and their teachers in their quest for interactive, digital learning but please don’t forget to check in and ensure your kids are as safe as possible while using WiFi at school.

Take Care

Alex xx

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.

McAfee Blogs: How Safe is Your Child’s School WiFi?

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily life than the canteen!! And that is saying something…

You’d be hard pressed to find a child who rocked up to school without a device in their backpack in our digital age. The vast majority of schools have embraced the many positive learning benefits that internet-connected devices offer our kids. The traditional blackboard and textbook lessons that were confined to the four walls of the classroom are gone. Instead our kids can research, discover, collaborate, create and most importantly, learn like never before.

But in order for this new learning to occur, our kids need to be internet connected. And this is where school WiFi comes into play.

Do Parents Need to Be Concerned About School WiFi?

As parents, we have a responsibility to ensure our kids are safe and not at risk – and that includes when they are using the WiFi at school. Ideally, your child’s school should have a secure WiFi network but unfortunately, that doesn’t mean that they do. School budgets are tight and top-notch secure WiFi networks are expensive, so in some cases, security maybe jeopardised.

The other factor we shouldn’t ignore is that our batch of digital natives are very tech literate. The possibility that one of them may choose to cause some mayhem to their school WiFi network should also not be ignored!!

At the end of the day, the security of a WiFi network is all about whether it has tight access controls. If it allows only approved devices and people to connect via a secure login then it is more secure than public WiFi. However, if it is open to anyone or easy for anyone to connect to it, then you need to treat it like public WiFi.

What Are the Risks?

An unsecured school WiFi network is as risky as public WiFi which, according to the Harvard Business Review, is as risky as rolling a dice,

Students and staff who use an unsecured WiFi network are at risk of receiving phishing emails, being the victim of a ransomware attack or even having their data or personal details stolen. There is also a risk that the entire school’s operations could be disrupted and possibly even closed down through a DDOS – a Denial of Service Attack.

What Can Parents Do to Ensure Their Kids Are Safe Using School WiFi?

There are several steps parents can take to minimise the risks when their offspring use school WiFi.

  1. Talk To Your School

The first thing to do is speak to your child’s school to understand exactly how secure their network is. I’d recommend asking who has access to the network, what security practices they have in place and how they manage your child’s private data.

  1. Install Security Software

Operating a device without security software is no different to leaving your front door unlocked. Installing security software on all devices, including smartphones, will provide protection against viruses, online threats, risky websites and dangerous downloads. Check out McAfee’s Total Protection security software for total peace of mind!

  1. Keep Device Software Up To Date

Software updates are commonly designed to address security issues. So ensuring ALL your devices are up to date is a relatively easy way of minimising the risk of being hacked.

  1. Schedule Regular Data Back Up

If you are the victim of a ransomware attack and your data is backed up then you won’t even have to consider paying the hefty fee to retrieve your (or your child’s) data. Backing up data regularly should be not negotiable however life can often get in the way. Why not schedule automatic backups? I personally love online backup options such as Dropbox and Google Drive however you may choose to invest in a hard drive.

  1. Public Wi-Fi Rules?

If after talking to your school, you aren’t convinced that your child’s school WiFi network is secure, then I recommend that your kids should treat it as if it was public WiFi. This means that they should NEVER conduct any financial transactions using it and never share any personal details. But the absolute best way of ensuring your child is safe using an unsecured WiFi network, is to use a Virtual Private Network (VPN). A VPN like McAfee’s Safe Connect creates an encrypted tunnel so anything that is shared over WiFi is completely safe.

As a mum of 4, I am very keen to ensure my kids are engaged with their learning. And in our digital times, this means devices and WiFi. So, let’s support our kids and their teachers in their quest for interactive, digital learning but please don’t forget to check in and ensure your kids are as safe as possible while using WiFi at school.

Take Care

Alex xx

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.



McAfee Blogs

Cohesity backup solution prevents, detects, and responds to ransomware attacks

Cohesity released the Cohesity Anti-Ransomware Solution, a series of new capabilities available for the latest version of Cohesity DataPlatform that combats ransomware attacks, one of the greatest enterprise security threats today. This solution offers the set of capabilities of any modern-day backup vendor with a multi-layered approach that can prevent, detect, and if necessary respond to attacks – helping ensure business continuity while keeping cybercriminals in their place. Ransomware attacks have become increasingly complex, targeted, … More

The post Cohesity backup solution prevents, detects, and responds to ransomware attacks appeared first on Help Net Security.

ThrottleNet’s new managed IT+Security services deliver business continuity

ThrottleNet launched IT+Security – a new service designed to keep business networks operational and secure 24/7/365. According to the Better Business Bureau’s State of Cybersecurity report, 32 percent of all businesses with 11 to 49 employees have reported a cyber-attack within the last 12 months. “ThrottleNet’s IT+Security services reflect our continued focus on delivering business continuity for companies in a world filled with disruptive and costly security threats,” said Mike Heil, CEO, ThrottleNet. “While our … More

The post ThrottleNet’s new managed IT+Security services deliver business continuity appeared first on Help Net Security.

Julian Assange Launches Legal Challenge Against Trump Administration

SonicSpike shares a report from The Guardian: Julian Assange, the fugitive WikiLeaks founder whose diplomatic sanctuary in the Ecuadorian embassy appears increasingly precarious, is launching a legal challenge against the Trump administration. Lawyers for the Australian activist have filed an urgent application to the Washington-based Inter-American Commission of Human Rights (IACHR) aimed at forcing the hand of U.S. prosecutors, requiring them to "unseal" any secret charges against him. The legal move is an attempt to prevent Assange's extradition to the U.S. at a time that a new Ecuadorian government has been making his stay in the central London apartment increasingly inhospitable. The 1,172-page submission by Assange's lawyers calls on the U.S. to unseal any secret charges against him and urges Ecuador to cease its "espionage activities" against him. Baltasar Garzon, the prominent Spanish judge who has pursued dictators, terrorists and drug barons, is the international coordinator of Assange's legal team. He has said the case involves "the right to access and impart information freely" that has been put in "jeopardy." The Trump administration is refusing to reveal details of charges against Assange despite the fact that sources in the U.S. Department of Justice have confirmed to the media that they exist under seal. The application alleges that U.S. prosecutors have begun approaching people in the U.S., Germany and Iceland and pressed them to testify against Assange in return for immunity from prosecution. Those approached, it is said, include people associated with WikiLeaks' joint publications with other media about U.S. diplomacy, Guantanamo Bay and the wars in Iraq and Afghanistan.

Read more of this story at Slashdot.

Está aqui, sob o VLT, o cemitério de escravos que a prefeitura do Rio dizia ser ‘especulação’

Quando chovia forte no centro do Rio de Janeiro dos séculos 18 e 19 era comum que corpos mortos e apodrecidos de pessoas escravizadas boiassem na enchente. Quando não era o corpo inteiro, muitas vezes os passantes cruzavam com pernas e braços dilacerados, vagando pelas esquinas. Insetos, bactérias, cães, gatos e urubus aproveitavam-se. A repugnância diante dos corpos destroçados ficou bem registrada em centenas de documentos da Câmara de Vereadores e nos relatos de viajantes. Em 1814, o alemão G. W. Freireyss escreveu: “Havia um monte de terra da qual, aqui e acolá, saíam restos de cadáveres descobertos pela chuva que tinha carregado a terra e ainda havia muitos cadáveres no chão que não tinham sido ainda enterrados”.

Freireyss estava de certa maneira enganado. Os cadáveres a que se referia não seriam “ainda enterrados”. Pelo contrário, eles já tinham sido enterrados, com quase nenhuma terra sobre seus corpos, e agora era a chuva que ia desenterrando esses homens e mulheres. Freireyss, na realidade, descrevia a indignidade de um Cemitério de Pretos Novos, espaços dedicados ao enterro (ou ao descarte) dos corpos de escravizados africanos recém chegados ao centro do Rio de Janeiro.

Em vez de dar visibilidade a sua história, a prefeitura preferiu esconder o cemitério dos cariocas.

É sobre um desses cemitérios, o que funcionou em frente à Igreja de Santa Rita, que a terceira linha do Veículo Leve Sobre Trilhos, o VLT carioca, acaba de ser construída. Em vez de dar visibilidade a sua história, a prefeitura preferiu esconder o cemitério dos cariocas.

No início dos anos 1700, a corrida pela exploração do ouro na região de Minas Gerais fez disparar o número de desembarques no Rio de Janeiro. Eram dezenas de milhares de crianças, mulheres e homens que, a cada ano – sequestrados desde a Costa da Mina, na Guiné, do Senegal, de Angola e de muitos outras partes da África – desembarcavam na Praia do Peixe, centro do Rio que, naquele começo de século, ia se transformando na mais brutal cidade escravagista que o mundo já conheceu. Se houvesse compradores, os escravos eram comercializados ali mesmo, onde hoje é a rua Primeiro de Março, na região da Assembleia Legislativa do estado. Às vezes, agentes de inspeção de saúde entravam nos barcos para fiscalizar e impedir o desembarque de algum escravo muito doente. Outros, também muito doentes, eram vendidos a preços baixíssimos para comerciantes pobres, que assim faziam uma aposta: se houvesse melhora, o preço subia na revenda. Quem não era negociado, mas resistira à viagem com saúde, era levado aos mercados.

A frequente morte de quem descia sem saúde dos navios negreiros virou problema público importante no Rio por volta de 1710. A falta de dignidade dos enterros estava angustiando o clero do Rio. Foram os religiosos que exigiram que o rei Dom João V enviasse dinheiro para construir um cemitério especialmente dedicado a esses africanos. A primeira ideia é que ele fosse construído aos pés do Morro do Castelo, onde hoje está a Biblioteca Nacional, na região da Cinelândia. Mas o local decidido foi outro, muito mais próximo ao ponto de desembarque: em frente à Igreja de Santa Rita, na Freguesia de Santa Rita, na atual rua Marechal Floriano, também no centro do Rio.

No século XIX, o Cemitério de Pretos Novos de Santa Rita já estava soterrado pela falta de memória. Na imagem, negros e negras buscam água no chafariz que havia na região.

Pintura de Eduardo Hildebrant - Largo de Santa Rita (1844)

Foi lá, aproximadamente entre os anos de 1722 e 1774, que funcionou o primeiro cemitério de Pretos Novos do Rio. Os enterros não eram gratuitos. Quem operava e cobrava pelo serviço era a igreja de Santa Rita. “A entidade católica cobrava do Estado pelo serviço. Apesar disso, além de serem os enterros feitos em cova rasa, os corpos eram enterrados nus, envoltos e amarrados em esteiras, sem qualquer ritual religioso, reza, encomendação ou sacramento”, escreveu o historiador Murilo de Carvalho na introdução do livro “À flor da Terra” do também historiador Júlio César Medeiros.

Se sequer havia ritual religioso para os escravizados que já eram católicos, convertidos ainda na África, é bem razoável pensar que menos respeito ainda recebiam aqueles escravizados devotos de religiões africanas ou mesmo do islã. A pergunta que fica é: quantos seres humanos foram descartados ali em Santa Rita, sem roupa, respeito religioso ou dignidade?

Começaram longos meses de debates sobre como o presente respeita o passado. Ou como o passado grita para ser ouvido pelo presente.

Essa conta é bastante difícil, mas pode seguir a pista de um único documento sobrevivente, hoje no Arquivo Geral da Cidade do Rio de Janeiro. Nele, o historiador João Carlos Nara encontrou a Procuradoria da Câmara de Vereadores tentando convencer o Tribunal a levar o Cemitério dos Pretos Novos de Santa Rita, uma região então bastante movimentada, para um local mais afastado, conhecido como Valongo – o que de fato aconteceu. Ao descrever as atividades, a Procuradoria apontou que houvera 220 enterramentos apenas no primeiro semestre de 1766. Se a média deste ano se mantivesse, ao multiplicar as mortes pelos 52 anos de cemitério, chegaríamos a total de mais de 20 mil pessoas “enterradas” por ali.

<u>Era sobre esta história de escravidão e morte, em Santa Rita, que a prefeitura projetou passar a terceira e última linha do bilionário projeto do VLT<u/>, que custou, ao todo, R$ 1,1 bilhão aos cofres públicos. As obras da linha 3, que liga o aeroporto Santos Dumont à Central do Brasil, começaram em abril de 2018, sem qualquer conversa com a sociedade civil ou movimentos negros. Mas, ao saber dos trabalhos, não demorou para grupos de negros organizados reclamarem alto. Eles identificam ali ancestrais de suas histórias. Muitos arqueólogos também ligaram as sirenes, fizeram barulho, exigindo uma proteção atenta do Instituto do Patrimônio Histórico e Artístico Nacional, o Iphan, órgão diretamente responsável por preservar sítios arqueológicos.

O VLT foi obrigado a contratar uma empresa de arqueologia para realizar escavações. Foi formada então uma comissão, chamada de Pequena África, nome de uma área do centro do Rio, para acompanhar a execução das obras e, principalmente, para exigir que houvesse respeito à memória do povo negro do Rio de Janeiro. O primeiro pedido do movimento foi de que as obras da linha 3 fossem paralisadas, especialmente no trecho da igreja. O VLT atendeu, e começaram ali longos meses de debates sobre como o presente respeita o passado. Ou como o passado grita para ser ouvido pelo presente.

Foto-destruicao-1547821597

Obras demoraram 8 meses e reviraram o asfalto de toda a extensão da rua Marechal Floriano Peixoto.

Foto: Caetano Manenti

O VLT tinha pressa. O dinheiro do Ministério das Cidades e da Prefeitura (na Parceria Público Privada com o VLT) estava disponível, numa época de vacas magérrimas para obras urbanas no Brasil e no Rio. Para piorar, o início dos trabalhos, marcado para janeiro, atrasara em quatro meses.

‘Era a chance que se tinha de, finalmente, conhecer o passado do cemitério.’

Enquanto Iphan, VLT e movimento negro discutiam, a prefeitura do bispo Marcelo Crivella lavava as mãos. Os representantes do Instituto Rio Patrimônio da Humanidade fizeram questão de dizer que a polêmica não era deles, mas do Iphan. O prefeito Crivella estava muito mais preocupado com o Memorial do Holocausto. Em junho, chegou a fazer um show beneficente e, cantor gospel que é, se apresentou de graça para ajudar na arrecadação.

No primeiro momento das conversas, havia pouco consenso. Mercedes Guimarães, presidente do Instituto dos Pretos Novos, entidade criada para gerir a memória daquele que foi o segundo cemitério de Pretos Novos do Rio, na região da Praça da Harmonia, não queria que os trens passassem por cima dos mortos de Santa Rita: “Eu acho não tinha que ter VLT aí. Tinha que ter era monumento, dizendo o que foi ali. Aquilo é um bloco testemunho. Ali tinha que se falar o que foi o cemitério, qual a intenção daquele cemitério, contar o período que ele funcionou”.

Foto-Arqueologos-1547823064

Empresa contratada de arqueologia realizou escavações em outros trechos, mas não no local onde havia o Cemitério de Pretos Novos de Santa Rita.

Foto: Tatiana Nukowitz/Divulgação Iphan

Muitos historiadores e arqueólogos, claro, queriam escavações, principalmente para proteger os ossos que sempre estão em risco em grandes obras de infraestrutura como essa. Era a chance que se tinha de, finalmente, conhecer o passado do cemitério, como defende Nara: “Se não temos muita documentação, é a arqueologia que deve suprir essa deficiência. Muita gente tem medo de que os remanescentes sejam tratados como fósseis. Artefatos arqueológicos serão aquilo que nós dissermos que eles são. Se nós dissermos que é um fóssil, ele será tratado cientificamente como tal. Se dissermos que é uma ossada, isso terá uma perspectiva forense. Se nós dissermos que são remanescentes humanos, isso implica que existe uma solidariedade, existe uma preocupação e uma afeição por aquilo”.

No meio de toda essa discussão, a prefeitura dava suas caneladas ou, no conceito do líder da oposição, o vereador Tarcísio Motta, do PSOL, suas “Crivelladas”. Em nota divulgada nos grandes jornais que se debruçavam sobre o assunto em agosto, a Companhia de Desenvolvimento Urbano da Região do Porto, que representa a administração de Crivella no imbróglio, minimizava a certeza de que ali sim havia funcionado um grande cemitério de Pretos Novos. O documento dizia que “o trecho passará por pesquisa arqueológica como determina a legislação para melhor compreender o sítio arqueológico que se supõe que exista no Largo de Santa Rita, hoje ainda no campo da especulação”.

‘O trecho passará por pesquisa arqueológica como determina a legislação para melhor compreender o sítio arqueológico que se supõe que exista no Largo de Santa Rita, hoje ainda no campo da especulação.’

Este repórter estranhou tanto a declaração que fez questão de questionar a representante da prefeitura presente em reunião promovida pelo Ministério Público no fim de agosto. Afinal, a prefeitura desconhecia a existência do cemitério? A pergunta simplesmente não foi respondida. Eu voltaria a questionar o governo municipal em setembro, dessa vez em seminário no Arquivo Nacional, mas o representante de Crivella, Antônio Carlos Barbosa, presidente da CDURP, assinou a lista de presença logo na chegada do evento e foi embora.

Fato é que a prefeitura não se dedicou em dar visibilidade à existência do cemitério. Nenhum release, nenhuma postagem, nenhum debate, nenhum pronunciamento, nada foi feito para chamar a atenção de que a cidade tinha, à frente dela, com a avenida aberta para obras, um Cemitério de Pretos Novos ali. Na única oportunidade de falar da cultura e história africana no período, em cerimônia no Museu de Arte do Rio de Janeiro, o bispo apresentou um rodízio de gafes para todos os gostos, provando que sabe tanto de história do Brasil como governar a cidade, ou seja, quase nada.

“Villegagnon condenava a morte os soldados que furnicassem com as índias, embora a natureza fosse muito forte para atraí-los. Foi expulso dessa cidade. E vieram para cá os portugueses que já eram uma raça mestiça. Foram com as índias que os portugueses nos deram nossos primeiros heróis: os bandeirantes”, disse Crivella.

“Nem o Ibérico, nem o índio poderiam suportar o esforço da indústria do açúcar. Ela necessitava de uma força muito maior. Então vieram para cá muitos africanos. E hoje nós não somos brancos, nós não somos negros, nós não somos amarelos, nós não somos vermelhos, somos brasileiros”.

Voltando ao debate do cemitério, Luiz Eduardo Negrogun, presidente do Conselho Estadual dos Direitos do Negro, estava revoltado com os nomes das estações que o VLT havia apresentado. A companhia insistia que as paradas tinham que ter referência geográfica e, assim, decidira que a última estação, próxima ao Palácio Duque de Caxias, quartel-general do Comando Militar no Leste, se chamaria Estação Duque de Caxias. Negrogun exaltou-se: “Não queremos esses nomes! Não vão ser esses nomes! Principalmente Duque de Caxias, racista, assassino, homofóbico!”.

Mas ainda havia a questão das obras e das escavações. O que fazer? Paralisar tudo? Desviar o traçado do VLT? Escavar para pesquisar? Para expor? Para ressepultar?

Negrogun disse que, mesmo dentro do movimento negro, havia muitas opiniões: “Tinha quem queria tirar os ossos. Outros que tivesse as escavações mas que deixassem janelas com os ossos à vista. Tinha uma outra discussão para impedir a obra. Mas nós não somos contra o progresso. Queríamos um diálogo para que houvesse uma reparação, um reconhecimento mínimo”.

O cemitério que a Prefeitura não deu nenhuma atenção virou, ao menos, nome de uma estação.

Negrogun trouxe enfim a opinião do Comitê: a comunidade negra não queria as escavações. “Se tem escavação, tem remoção dos artefatos encontrados. Aquilo não são artefatos, são ossos de nossos ancestrais. Não queríamos que fosse removido dali para serem levados para outro lugar, para ficar exposto, ou abandonado, encaixotado. Quando escava, você sabe como começa, mas não sabe como vai terminar”, diz. “É como se teus antepassados estivessem enterrados num sítio de vocês e aí passasse uma draga revirando todas aqueles ossos, aquilo ali seria uma profanação do leito eterno dos nossos parentes”.

O professor Nara não concorda com o termo profanação. “Salvamento arqueológico não é profanação. Salvamento é para salvar o que seria destruído”. Outra historiadora, a professora Mônica Lima, trazia, no entanto, um meio termo. Aceitava que pequenas mostras fossem coletadas para o estudo, mas preferia que o sítio arqueológico fosse preservado.“Eu fico pensando sempre nas pessoas e nas suas relações com a morte. Para os africanos, a relação com a morte tem uma importância enorme. Que direitos temos nós? Nós abriríamos as covas que se têm nas igrejas mais antigas do Rio para estudar aqueles corpos da sociedade branca?”

Enfim, quando o VLT mostrou disposição para alterar os nomes das estações, instalar tótens informativos sobre a história negra na região e ainda demarcar o espaço do cemitério com pedras portuguesas com desenhos de Rosas Negras, o Comitê da Pequena África, então, deu o ok para a continuação das obras. O Iphan também autorizou que os trilhos passassem sobre o cemitério. A prefeitura se deu por satisfeita e a obra, a partir de então, seguiu em ritmo acelerado até o fim de 2018.

Foto-Negrogun-1547822713

Luiz Eduardo Negrogun, como presidente do Conselho Estadual dos Direitos do Negro, liderou os debates com o VLT, Iphan e Prefeitura do Rio de Janeiro.

Foto: Caetano Manenti

Negrogun disse que a única sugestão que não foi acatada foi de alterar a última estação de Duque de Caxias para Almirante Negro João Cândido, um dos maiores heróis do movimento negro contemporâneo. No fim, nem um, nem outro: ficou estação Cristiano Ottoni (nome da Praça)/Pequena África. Uma outra agora se chama Camerino/Rosas Negras, enquanto a derradeira se chama Santa Rita/Pretos Novos. O cemitério que a Prefeitura não deu nenhuma atenção virou, ao menos, nome de uma estação.

De toda forma, Crivella, como era de se esperar, não foi poupado das críticas. A prefeitura tinha a responsabilidade de ter tratado a história negra com muito mais respeito e atenção. Assim como Pereira Passos, o bispo que virou prefeito, ao revirar o centro, não lembrou daqueles que construíram a cidade. A professora Mônica Lima considera que faltou uma compreensão do que o cemitério poderia significar. “As obras do centro do Rio não podem ser tratadas apenas como questão de mobilidade urbana, mas de uma relação com a história da cidade”. Mercedes Guimarães foi ainda mais dura: “Os pretos novos estavam esperando uma coisa melhor: um monumento, mas pessoas se meteram e, em vez de fazer uma coisa bacana, legal, infelizmente, aceitaram as migalhas do colonialismo”.

As obras do centro do Rio não podem ser tratadas apenas como questão de mobilidade urbana, mas de uma relação com a história da cidade.’

Até mesmo o prefeito Marcelo Crivella não parece muito satisfeito com o VLT, herança de Eduardo Paes e das administrações mdbistas na cidade, no estado e no país. Disse ele, recentemente, ao Valor Econômico: “Você acha justo um VLT, que foi negociado no tempo deles, que o município deve bancar, todos os dias, se não houver 300 mil passageiros? Hoje tenho 70 mil passageiros. E tenho que pagar 230 mil passagens diariamente. Você acha um bom negócio isso? São R$ 293 mil por dia, R$ 9 milhões ao mês”.

A linha 3 do VLT, que deveria ser inaugurada antes do natal de 2018, ainda não começou a operar. Crivella agora bate o pé e afirma que a prefeitura quer alterar o contrato que, segundo ele, dá prejuízo para os cofres da cidade. Não há mais uma previsão para o início das viagens. A instalação dos tótens também não tem prazo definido, tampouco a construção do mosaico em pedras portuguesas que vão delimitar a área do cemitério.

A comunidade negra espera que seja rápido, mais rápido que os 240 anos que já se passaram desde que o último Preto Novo foi descartado por ali.

The post Está aqui, sob o VLT, o cemitério de escravos que a prefeitura do Rio dizia ser ‘especulação’ appeared first on The Intercept.

API cybersecurity solution from Ping Identity protects organizations against API threats

Ping Identity has made several updates to PingIntelligence for APIs, its AI-powered API cybersecurity solution. These latest enhancements include an AI-based cloud trial, the ability to detect new types of attacks, support for Splunk environments, and additional integration with API gateways. The lack of visibility into how APIs are consumed is becoming commonplace in todays enterprise environment. In fact, a recent Ping Identity survey conducted among security and IT professionals reveals that 45% of respondents … More

The post API cybersecurity solution from Ping Identity protects organizations against API threats appeared first on Help Net Security.

Social Media Stars Agree To Declare When They Post Ads For Products

"Britain's Competition and Markets Authority (CMA) has threatened prominent social media stars with heavy fines or prison time if they advertise commercial products on social media without making it clear that they are doing so in exchange for financial rewards," writes Slashdot reader dryriver. The BBC reports: Sixteen social media stars including singers Ellie Goulding and Rita Ora, models Rosie Huntington-Whiteley and Alexa Chung, and vlogger Zoella have agreed to change how they post online. They will have to clearly state if they have been paid or received any gifts or loans of products they endorse. It follows warnings from the Competition and Markets Authority that their posts could break consumer law. Online endorsements can boost brands but can also mislead, said the CMA. The CMA has not made a finding on whether the influencers named breached consumer law, but said all of them volunteered to change their practices following an investigation. However, if they fail to comply with the agreement reached with the CMA, they could be taken to court and face heavy fines or prison sentences of up to two years.

Read more of this story at Slashdot.

Veeam expands leadership in cloud data management

Veeam Software releases new cloud data management capabilities as part of Veeam Availability Suite 9.5 update 4, as well as the upcoming Veeam Availability for AWS and Veeam Availability Console v3. The new capabilities deliver cost effective data retention, easy cloud migration and data mobility, cloud-native backup and protection for Amazon Web Services (AWS), portable cloud-ready licensing, increased security and data governance, and solutions to make it easier than ever for service providers to deliver … More

The post Veeam expands leadership in cloud data management appeared first on Help Net Security.

Attivo Networks names Chris Roberts as chief security strategist

Attivo Networks named Chris Roberts, one of the world’s experts on counter threat intelligence within the cybersecurity industry, to the new role of chief security strategist. Previously a member of the Attivo Networks Advisory Board, Roberts will use his more than 20 years’ security experience to further develop and define strategy and processes for the company’s government and industry customers on issues related to cybersecurity strategy, policy, risk threat assessments, and incident response. Roberts will … More

The post Attivo Networks names Chris Roberts as chief security strategist appeared first on Help Net Security.

DFLabs CDI Program extends open approach to security orchestration and automation

DFLabs unveiled its Community Development Incentive (CDI) Program which rewards and encourages the sharing of innovations for the DFLabs IncMan SOAR platform. The DFLabs CDI Program extends the company’s recent initiatives to foster an open approach to security orchestration, including an Open Integration Framework for linking third party security tools and actions, a free IncMan SOAR (CE) Community Edition and a Community Portal with developer resources and a forum. DFLabs also announced 100% growth in … More

The post DFLabs CDI Program extends open approach to security orchestration and automation appeared first on Help Net Security.

GBP/JPY Price Prediction: Cable Jumps Over 150 Pips With Room for Another Squeeze Higher

GBP/JPY saw decent gains on Wednesday, receiving a helping hand from Brexit and BOJ fundamentals. Brexit optimism helps GBP higher, while BOJ remain dovish, adding pressure to JPY. GBP/JPY jumped to its highest levels seen since 14th December 2018. The session high print was observed at 143.56, with the pair having gained over 150 pips. […]

The post GBP/JPY Price Prediction: Cable Jumps Over 150 Pips With Room for Another Squeeze Higher appeared first on Hacked: Hacking Finance.

Comcast Lowered Cable Investment Despite Net Neutrality Repeal

An anonymous reader quotes a report from Ars Technica: Comcast's cable division spent 3 percent less on capital expenditures last year, despite promises that the repeal of net neutrality rules would boost broadband network investment. Comcast's cable division spent $7.95 billion on capital expenditures during calendar year 2017, but that fell to $7.72 billion in the 12 months ending on December 31, 2018. Comcast's overall capital expenditures went up 2.3 percent, from $9.6 billion in 2017 to $9.8 billion in 2018. But that company-wide capital expenditure number includes the Comcast-owned NBCUniversal, which spent $1.7 billion in 2018, a 15.2 percent increase, "primarily reflecting investment at Theme Parks," Comcast said. The cable capital expenditure statistic thus provides a more accurate picture of whether Comcast increased or decreased investment in its broadband network. Cable capital expenditures as a percentage of Comcast's cable revenue dropped from 15 percent in 2017 to 14 percent in 2018. Comcast's network spending should have risen in 2018 if predictions from Federal Communications Commission Chairman Ajit Pai and Comcast had been correct. Pai's net neutrality repeal took effect in June 2018. But the vote to repeal net neutrality rules was in December 2017, and Pai claimed in February 2018 that the repeal was already causing increased broadband investment. While Comcast's cable capital expenditures did rise year over year in the fourth quarter, from $2.15 billion to $2.32 billion, it wasn't enough to offset the full-year decline. Ars Technology also notes: "The corporate tax cut implemented as 2018 began also didn't stop job cuts at Comcast and AT&T, despite promises that the tax cut would create new jobs."

Read more of this story at Slashdot.