Category Archives: News

RT News Channel To Be Investigated by Ofcom

Ofcom has today opened seven new investigations into the due impartiality of news and current affairs programmes on the RT news channel.

The investigations (PDF, 240.2 KB) form part of an Ofcom update, published today, into the licences held by TV Novosti, the company that broadcasts RT.

Until recently, TV Novosti’s overall compliance record has not been materially out of line with other broadcasters.

However, since the events in Salisbury, Ofcom have observed a significant increase in the number of programmes on the RT service that warrant investigation as potential breaches of the Ofcom Broadcasting Code.

Ofcom will announce the outcome of these investigations as soon as possible. In relation to their fit and proper duty, they will consider all relevant new evidence, including the outcome of these investigations and the future conduct of the licensee.




Image result for rt news

Joomla! JMS Music Component SQL Injection Vulnerability [CVE-2018-6581]

CVE Number – CVE-2018-6581

A vulnerability in the JMS Music component of Joomla! could allow an unauthenticated, remote attacker to conduct an SQL injection attack on a targeted system.

The vulnerability is due to insufficient protections imposed by the affected software on certain search parameters. An attacker could exploit this vulnerability by sending a GET request with either the keyword, username, or artist parameter to a targeted system. A successful exploit could allow the attacker to conduct an SQL injection attack on the system.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access affected systems.

Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.

Administrators can apply Snort SID 46041 to help prevent attacks that attempt to exploit this vulnerability.

Administrators are advised to monitor affected systems.




nghttp2 ALTSVC Frame NULL Pointer Dereference Denial of Service Vulnerability [CVE-2018-1000168]

CVE Number – CVE-2018-1000168

A vulnerability in nghttp2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper bounds checking by the affected software. If an alternative services (ALTSVC) frame is too large, the pointer field that points to the ALTSVC frame payload is left NULL. An attacker could exploit this vulnerability by sending a large ALTSVC frame to the targeted system. A successful exploit could trigger a NULL pointer dereference condition and cause the affected software to stop responding, resulting in a DoS condition on the affected system.

nghttp2.org has confirmed the vulnerability and released software updates.

Analysis
  • To exploit this vulnerability, an attacker must send a large ALTSVC frame to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.

    This vulnerability affects client and server systems running an affected version of nghttp2 if the reception of ALTSVC frames is enabled. By default, receiving an ALTSVC frame is disabled.

Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • nghttp2.org has released a security advisory at the following link: CVE-2018-1000168
Fixed Software





GEGL Process Function Unbounded Memory Allocation Denial of Service Vulnerability [CVE-2018-10113]

CVE Number – CVE-2018-10113

A vulnerability in the process function of the Generic Graphics Library (GEGL) could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper memory operations that are performed by the affected software when the process function, as defined in the operations/external/ppm-load.c source code file of the affected software, is used. An attacker could exploit this vulnerability by submitting malicious input to the targeted system designed to trigger a memory allocation failure. A successful exploit could cause the affected software to crash, resulting in a DoS condition on the affected system.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

The GNOME Project has not publicly confirmed this vulnerability and software updates are not available.

Analysis
  • To exploit this vulnerability, an attacker must have local access to the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Safeguards
  • Administrators are advised to contact the vendor regarding future updates and releases.

    Administrators are advised to allow only trusted users to access local systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • Vendor announcements are not available.
Fixed Software
  • Software updates are not available.





GEGL gegl_buffer_iterate_read_simple Function Remote Denial of Service Vulnerability [CVE-2018-10114]

CVE Number – CVE-2018-10114

A vulnerability in the Portable PixMap (PPM) File Handler component of the Generic Graphics Library (GEGL) could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted system.

The vulnerability is due to improper restrictions of memory allocation in the ppm_load_read_header function as defined in the operations/external/ppm-load.c source code file of the affected software. An attacker could exploit the vulnerability by persuading a user to access a PPM file that submits malicious input to the affected software. A successful exploit could trigger an out-of-bounds write condition in the gegl_buffer_iterate_read_simple function in the buffer/gegl-buffer-access.c source code file, which could cause the affected software to crash, resulting in a DoS condition on the affected system.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

The GNOME Project has confirmed the vulnerability and released a software patch.

Analysis
  • To exploit this vulnerability, the attacker may use misleading language or instructions to persuade a user to access a file that submits malicious input to the affected software.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.

    Administrators are advised to monitor critical systems.

Vendor Announcements
  • The GNOME Project has released a bug report at the following link: Bug 795248
Fixed Software





Exempi VPXChunk Class Denial of Service Vulnerability [CVE-2017-18235]

CVE Number – CVE-2017-18235

A vulnerability in Exempi could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the VPXChunk class defined in the source code file XMPFiles/source/FormatSupport/WEBP_Support.cpp, and is due to insufficient sanitization of “0” values passed to height() or width() by the affected software when handling .webq files. An attacker could exploit the vulnerability by persuading a user to access a .webq file that submits malicious input to the affected software. A successful exploit could cause the affected software to crash due to a memory assertion error, which could result in a DoS condition.

Exempi has confirmed the vulnerability and released software updates.

Analysis
  • To exploit this vulnerability, the attacker may use misleading language or instructions to persuade a user to access a file that submits malicious input to the affected software.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.

    Users are advised not to visit websites or follow links that have suspicious characteristics or cannot be verified as safe.

    Administrators are advised to use an unprivileged account when browsing the Internet.

    Administrators are advised to monitor critical systems.

Vendor Announcements
Fixed Software
  • Exempi has released software updates at the following link: Download Exempi





HPE Intelligent Management Center PLAT Arbitrary Code Execution Vulnerability [CVE-2017-12556]

CVE Number – CVE-2017-12556

A vulnerability in HPE Intelligent Management Center (IMC) PLAT could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists in the MibBrowserTopoFilterServlet of the affected software and is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting crafted input to the targeted system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges, which could result in a complete system compromise.

HPE has confirmed the vulnerability and released software updates.

Analysis
  • To exploit this vulnerability, an attacker must send malicious input to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

    Administrators can apply Snort SID 45677 to help prevent attacks that attempt to exploit this vulnerability.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • HPE has released a security bulletin at the following link: HPESBHF03778
Fixed Software
  • HPE has released IMC PLAT 7.3 (E0506P03) to address this vulnerability, as described in the “Resolution” section of the HPE security bulletin. Customers may contact HPE Technical Support for any assistance in obtaining the software updates.





Zabbix iConfig Proxy Request Information Disclosure Vulnerability [CVE-2017-2826]

CVE Number – CVE-2017-2826

  • A vulnerability in the iConfig proxy request feature of Zabbix server could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

    The vulnerability is due to improper handling of iConfig proxy requests by the affected software. An attacker who has knowledge of the IP address of a configured Zabbix proxy could exploit this vulnerability by sending customized iConfig proxy request packets to a targeted Zabbix server. A successful exploit could allow the attacker to access sensitive information from any configured Zabbix proxy.

    Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

    Zabbix has not publicly confirmed this vulnerability and software updates are not available.

Analysis
  • To exploit this vulnerability, an attacker must know the IP address of a Zabbix proxy that is configured to be used with a Zabbix server in order to send crafted iConfig proxy request packets to the server. This requirement could make a successful exploit difficult to achieve.

    Cisco Talos has released a report describing this vulnerability at the following link: TALOS-2017-0327

Safeguards
  • Administrators are advised to contact the vendor regarding future updates and releases.

    Administrators are advised to allow only trusted users to have network access.

    Administrators are advised to allow only privileged users to access administration or management systems.

    Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • Vendor announcements are unavailable.

Fixed Software
  • Software updates are unavailable.





Maktub Ransomware

Maktub, also known as MaktubLocker and Iron, is a newly observed ransomware tool being sold using a malware-as-a-service model.

It is delivered via smaller-scale spam campaigns containing a malicious attachment. This attachment contains a rich text format document resembling a Terms of Service (ToS) agreement. Unlike most malicious attachments, this document appears to be a legitimate ToS agreement, and is believed to be included as a way to occupy the user while the malware is installing.

Once installed, Maktub checks the keyboard locale list, only proceeding if it does not detect Russian values on the list. Encryption uses the Windows Crypto API and targets all local, network and external drives. Files are also compressed before encryption, possibly to increase the speed of the process.

Maktub Locker has clearly been developed by professionals. The full product’s complexity suggests that it is the work of a team of people with different areas of expertise.

Further technical details here

Affected Platforms

Microsoft Windows – All versions

website1

Image via – bleepingcomputer.com





Absolute Radio’s Medium Wave (AM) Coverage Will Be Reduced From 90% To 85%

Ofcom has today approved a variation to Absolute Radio’s national analogue radio licence, following a consultation. The change means that Absolute Radio’s medium wave (AM) coverage across the UK, will be reduced from 90% to 85%.

The service will continue to be available to listeners in the affected areas through other means such as DAB radio, the internet and digital TV.

Through a combination of closing some transmitter sites and reducing the transmitting power at others, Absolute Radio has proposed a reduction in the coverage of its AM network from 90.5% of the UK adult population to 85.4%, which would take effect from May 2018.

Absolute Radio has made these proposals in the context of declining listening to AM radio and increasing transmission costs and noted that, if it is not able to make these changes, it may have to consider shutting down Absolute Radio’s entire AM network and surrendering its national licence.