Internal Threats












            Good heavens, is it time to patch Cisco kit again? Prime Infrastructure root privileges hole plugged -
            Among a bumper crop of 57 security issues Cisco divulged on Wednesday was a fix for a trio of vulns,
            one critical, in networks management tool Prime Infrastructure. The latter potentially allows
            unauthenticated miscreants to execute arbitrary code with root privileges on PI devices. "These
            vulnerabilities exist because the software improperly validates user-supplied input," Switchzilla
            continued. "An attacker could exploit these vulnerabilities by uploading a malicious file to the
            administrative web interface. A successful exploit could allow the attacker to execute code with root-
            level privileges on the underlying operating system.“ So far Cisco's PSIRT has said it is not aware of any
            proof-of-concepts or active exploits in the wild, but that's no excuse not to get patching ASAP.

                   Source: https://www.theregister.co.uk/2019/05/17/cisco_prime_infrastructure_critical_vuln/


            Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter - More security vulnerabilities
            were publicly disclosed in the first quarter of this year than in any previous three-month period.
            Troublingly, nearly four-in-10 (38.2%) of them currently have no known fixes, according to Risk Based
            Security, which recently analyzed vulnerability data for the firts quarter of 2019 collected from its own
            proprietary search engine and from various security vulnerability-reporting sites. The analysis showed a
            total of 5,501 vulnerabilities were disclosed via coordinated and uncoordinated disclosures during the
            first three months of this year. Nearly 38% of the vulnerabilities currently have publicly available exploits.
                   Source:  https://www.darkreading.com/application-security/q1-2019-smashes-record-for-most-
                   reported-vulnerabilities-in-a-quarter/d/d-id/1334757



            Open Source Vulnerabilities Increase in 2018 - Many organizations are still struggling to identify and
            manage open source risk across their application portfolios, according to the Open Source Security &
            Risk Analysis (OSSRA) report. The report says, "while the number of vulnerabilities in open source is
            small compared to proprietary software, over 7,000 open source vulnerabilities were discovered in 2018
            alone. Over 50,000 have emerged over the past two decades."
                   Source: https://www.securitymagazine.com/articles/90175-open-source-vulnerabilities-increase-
                   in-2018


            Bug-hunter reveals another 'make me admin' Windows 10 zero-day – and vows: 'There's more where
            that came from‘ - Updated A bug-hunter who previously disclosed Windows security flaws has publicly
            revealed another zero-day vulnerability in Microsoft's latest operating systems. The discovered hole can
            be exploited by malware and rogue logged-in users to gain system-level privileges on Windows 10 and
            recent Server releases, allowing them to gain full control of the machine. No patch exists for this bug,
            details and exploit code for which were shared online on Tuesday for anyone to use and abuse.

                   Source: https://www.theregister.co.uk/2019/05/22/windows_zero_day/








                                                    www.accumepartners.com
                                                                                                                     11