05-13

Weekly Awareness Report (WAR) May 13, 2019

The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk. Summary Symantec ThreatCon Low: Basic network posture This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.

Sophos: last 10 Malware Last 10 PUAs * Troj/Stealer-PA * Somoto BetterInstaller * Troj/Stealer-PB * XMRig Miner * Troj/DocDrp-HT * Adposhel * Troj/Trickbo-QX * Download Assistant * Troj/PShlBat-Z * AdvancedMacCleaner * Java/Adwind-FEI * Advanced Mac Tuneup * Java/Adwind-FEH * KuaiZip * Java/Adwind-FEG * IStartSurfInstaller * Java/Adwind-FEF * PowerTool * Troj/BokBot-S * DealPly Updater

Interesting News

* The 2019 DBIR is out We are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive.

* * The IWC Cyber Range is scheduled to release a new version May 1st. Ghidra and Grass Marlin are now installed along with several more Red/Blue Team tools. If you are interested, we have an active FaceBook Group and YouTube Channel. As always, if you have any suggestions, feel free to let us know. Subscribe if you would like to receive the CIR updates by sending us an email: [email protected] Index of Sections

Current News * Packet Storm Security * Dark Reading * Krebs on Security * The Hacker News * Infosecurity Magazine * Threat Post * Naked Security * Quick Heal - Security Simplified

Hacker Corner: Tools, Hacked Defacements, and Exploits * Security Conferences * Packet Storm Security Latest Published Tools * Zone-H Latest Published Website Defacements * Packet Storm Security Latest Published Exploits * Exploit Database Releases

Advisories * Secunia Chart of Vulnerabilities Identified * US-Cert (Current Activity-Alerts-Bulletins) * Symantec's Latest List * Packet Storm Security's Latest List

Credits News

Packet Storm Security

* SIM Hijacking Ring Dismantled By The Feds * SHA-1 Collision Attacks Are Now Actually Practical And A Looming Danger * Facebook Sues Analytics Firm Rankwave Over Alleged Data Misuse * Swedish Authorities Want To Extradite Julian Assange For Rape * North Korea Debuts New Electricfish Malware In Hidden Cobra Campaigns * Data Breaches A Time Bomb, Warns Security Report * Unhackable eyeDisk Flash Drive Exposes Passwords In Clear Text * Feds Charge Chinese National In 2015 Breach Of Anthem * Amazon Sellers Hit By Extensive Fraud Campaign * School Lunch Baron Allegedly Hacked Students' Data To Take Down His Competitor * CIA Camps Out In Anonymized Tor Network * Binance Exchange Hackers Steal Bitcoins Worth $41 Million * AirBNB Hosts Are Getting Creepy And Recording People * Cisco Elastic Services Controller Allows Takeover * Facebook Deletes More Accounts Linked To Russia * Amid Bug Bounty Hype, Sometimes Security Is Left In The Dust * Stolen NSA Hacking Tools Were Used In The Wild 14 Months Before Shadow Brokers Leak * 3rd Party Software Now Blamed For 737 MAX Fiasco * The Russians Are Using A Clever Microsoft Exchange Backdoor * In A First, Israel Responds To Hamas Hackers With An Air-Strike * Japanese Govt To Create And Maintain Defensive Malware * Australia's Cybersecurity Chief Alastair MacGibbon Resigns * Inside Facebook's War Room: The Battle To Protect EU Elections * Retefe Banking Trojan Resurfaces, Says Goodbye To Tor * Denial Of Service Event Impacted U.S. Power Utility Last Month

Dark Reading

* Korean APT Adds Rare Bluetooth Device-Harvester Tool * Thrangrycat Claws Cisco Customer Security * LockerGoga, MegaCortex Ransomware Share Unlikely Traits * Attacks on JavaScript Services Leak Info From Websites * Poorly Configured Server Exposes Most Panama Citizens' Data * 78% of Consumers Say Online Companies Must Protect Their Info * How Open Testing Standards Can Improve Security * Demystifying the Dark Web: What You Need to Know * Microsoft SharePoint Bug Exploited in the Wild * How We Collectively Can Improve Cyber Resilience * Symantec CEO Greg Clark Steps Down * Hackers Still Outpace Breach Detection, Containment Efforts * Bumper Crop of New Briefings Added for Black Hat USA * Data Dump Purportedly Reveals Details on Previously Unknown Iranian Threat Group * US DoJ Indicts Chinese Man for Anthem Breach * Nation-State Breaches Surged in 2018: Verizon DBIR * How the Skills Gap Strains - and Constrains - Security Pros * New Initiative Aims to Fast-Track Women into Cybersecurity Careers News

Krebs on Security

* Nine Charged in Alleged SIM Swapping Ring * What's Behind the Wolters Kluwer Tax Outage? * Feds Bust Up Dark Web Hub Wall Street Market * Credit Union Sues Fintech Giant Fiserv Over Security Claims * Data: E-Retail Hacks More Lucrative Than Ever * P2P Weakness Exposes Millions of IoT Devices * Who's Behind the RevCode WebMonitor RAT? * Marcus "MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware * Wipro Intruders Targeted Other Major IT Firms * How Not to Acknowledge a Data Breach

The Hacker News

* U.S. Charges 9 'SIM Swapping' Attackers For Stealing $2.5 Million * North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data * U.S. Charges Chinese Hacker For 2015 Anthem Data Breach * Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites * Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks * Google Chrome to Introduce Improved Cookie Controls Against Online Tracking * Baltimore City Shuts Down Most of Its Servers After Ransomware Attack * Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin * Cynet's Free Incident Response Tool — Stop Active Attacks With Greater Visibility * 10 will get a full built-in Linux Kernel for WSL 2

Security Week

* US, EU Spar Over Sharing Electronic Evidence in Investigations * Nine Charged in SIM Hijacking Scheme * GAO Makes Recommendations to Improve Security of Taxpayer Data * New Bill Proposes Cybersecurity Training for U.S. House Members * Website Infections Holding Steady at 1%, But Attacks Becoming Stealthier: Report * Leak Reveals Activity of Iranian Hacking Group * An Ode to CISOs: How Real-World Risks Became Cyber Threats * Sectigo Acquires IoT Security Firm Icon Labs * North Korea-Linked 'ScarCruft' Adds Bluetooth Harvester to Toolkit * Remote Code Execution Flaw Found in Kaspersky Products * NVIDIA Patches High Severity Bugs in GPU Display Driver * Microsoft SharePoint Vulnerability Exploited in the Wild * Facebook Sues South Korea Data Analytics Firm * Over 100 Flaws Expose Buildings to Hacker Attacks * Android Q Enables TLS 1.3 Support by Default * Nigerian Cybercrime 'Group' Has 400 Malicious Actors * Symantec CEO Quits Unexpectedly, Stock Sinks After Missing Estimates * U.S. Charges Chinese Hackers Over Massive 2015 Anthem Breach * Russian Hackers Claim Breach of Three U.S. Anti-Virus Companies * U.S. Government Details ELECTRICFISH Malware Used by North Korea News

Infosecurity Magazine

* Malicious Attacks Cause of Most Aussie Breaches * ScarCruft APT Develops Malware to Target Bluetooth * Lawmakers Propose Cyber Training for Congress * WannaCry Remains a Global Threat Two Years On * ICO Calls Out HMRC for Illegal Biometric Data Collection * SMS Spammers Expose 80 Million Records Online * US Indicts Chinese Man for Anthem Breach * DHS Releases Analysis of ELECTRICFISH Malware * Photo App Develops Tool with User Images * Top Russian Hacking Group Breaches Three AV Companies

Threat Post

* Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices * Twitter Leaks Apple iOS Users' Location Data to Ad Partner * ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks * ThreatList: Top 5 Most Dangerous Attachment Types * FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug * News Wrap: Facebook Regulation, Verizon DBIR, Hidden Airbnb Cameras * The WannaCry Security Legacy and What's to Come * Nvidia Warns Windows Gamers on GPU Driver Flaws * ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018 * 'Unhackable' Biometric USB Offers Up Passwords in Plain Text

Naked Security

* Two people indicted for massive Anthem health data breach * Study finds Android smartphones riddled with suspect 'bloatware' * Break up Facebook, cofounder says: it's an un-American monopoly * Monday review - the hot 18 stories of the week * Chrome browser pushes SameSite cookie security overhaul * 275m personal records swiped from exposed MongoDB database * FTC renews call for single federal privacy law * Airbnb Superhost's creepy spycam sniffed out by sleuthing infosec pro * Sextortion mail from yourself? It doesn't mean you've been hacked… * Metal keys beat smart locks in NYC legal battle

Quick Heal - Security Simplified

* Miners snatching open source tools to strengthen their malevolent power! * 5 ways to instantly detect a phishing email and save yourself from phishing attack * PCs fail to boot up / Freeze after receiving Microsoft Windows 9-April-2019 updates and rebooting the PC * JCry - A Ransomware written in Golang! * This summer vacation let your kids explore the internet with safety of parental control * 3059 android malware detected per day in 2018 - Are you still counting on free android antivirus for protection? * Essential cyber safety tips every woman should follow * Quick Heal Threat Report - Cryptojacking rising but Ransomware still #1 threat for consumers * GandCrab Riding Emotet's Bus! Security Conferences * Upcoming Events in the United States * Upcoming Events In Europe * 29 Amazing TED Cybersecurity Talks (2008 - 2020) * 7 Proven Ideas for Your InfoSec Conference Delegate Acquisition Strategy * An Interview with Jack Daniel: Co-Founder of BSides! Tools & Techniques * GNUnet P2P Framework 0.11.4 * I2P 0.9.40 * Lets Map Your Network * SQLMAP - Automatic SQL Injection Tool 1.3.5 * Suricata IDPE 4.1.4 * ifchk 1.1.1 * TestSSL 3.0rc5 * TestSSL 2.9.5-8 * Lynis Auditing Tool 2.7.4 * OpenSSH 8.0p1 * OSINT-SPY : Performs OSINT Scan On Email/Domain/IP_Address/Organisation * PAnalizer : Forensic Tool Search Images In A Specific Directory * FinalRecon : OSINT Tool for All-In-One Web Peconnaissance * iCULeak : Tool To Find & Extract Credentials From Phone Configuration Files Hosted On CUCM * Recon-T : Reconnaisance - Footprinting - Information Disclosure * QRGen : Simple Script for Generating Malformed QRCodes * ExtAnalysis : Browser Extension Analysis Framework * BruteDum : Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack * 10minutemail : Python Temporary Email * DumpTheGit : Public Repositories to Find Sensitive Information Uploaded to the Github Repositories Latest Zone-H Website Defacements * https://www.tekun.gov.my * http://www.mpib.gov.my/galau.htm * http://www3.itapemirim.es.leg.br/Arquivo/pw.html * http://www3.cmgl.es.gov.br/Arquivo/pw.html * http://processosbiblioteca.coppead.ufrj.br * http://processoscompras.coppead.ufrj.br * http://processosdoutorado.coppead.ufrj.br * http://processosespecializacao.coppead.ufrj.br * http://processosfinanceiro.coppead.ufrj.br * http://processosgrh.coppead.ufrj.br * http://processosmestrado.coppead.ufrj.br * http://processosgadm.coppead.ufrj.br * http://eduardoraupp.coppead.ufrj.br * http://cis.coppead.ufrj.br * http://cessaude.coppead.ufrj.br * http://eventos.coppead.ufrj.br * http://epokir.kutaitimurkab.go.id * http://emusrenbang.kutaitimurkab.go.id * http://resolution.environment.gov.rw/0.htm Proof of Concept (PoC) & Exploits

Packet Storm Security

* System Down: A systemd-journald Exploit * Go Cryptography Libraries Cleartext Message Spoofing * SOCA Access Control System 180612 Cross Site Request Forgery * SOCA Access Control System 180612 SQL Injection * SOCA Access Control System 180612 Cross Site Scripting * SOCA Access Control System 180612 Information Disclosure * SalesERP 8.1 SQL Injection * XOOPS CMS 2.5.9 SQL Injection * Firefly CMS 1.0 Remote Command Execution * WordPress Form Maker 1.13.3 SQL Injection * DNSS Domain Name Search Software 2.1.8 Denial Of Service * SpotMSN 2.4.6 Denial Of Service * CCSP 7.2.5 API XML Injection / Server-Side Request Forgery * WolfCMS 0.8.3.1 Cross Site Scripting * OpenCMS 10.5.4 CSV Injection * OpenCMS 10.5.4 Cross Site Scripting * OpenProject 8.3.1 SQL Injection * Chrome V8 Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Failed Check * CyberArk Enterprise Password Vault 10.7 XML External Entity Injection * PHPRunner 10.1 Denial Of Service * ASPRunner.NET 10.1 Denial Of Service * SpotPaltalk 1.1.5 Denial Of Service

Exploit Database

* [webapps] CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection * [webapps] RICOH SP 4520DN Printer - HTML Injection * [webapps] RICOH SP 4510DN Printer - HTML Injection * [webapps] dotCMS 5.1.1 - HTML Injection * [dos] PHPRunner 10.1 - Denial of Service (PoC) * [dos] ASPRunner.NET 10.1 - Denial of Service (PoC) * [dos] SpotPaltalk 1.1.5 - Denial of Service (PoC) * [dos] SpotIM 2.2 - Denial of Service (PoC) * [webapps] TheHive Project Cortex * [dos] jetCast Server 2.0 - Denial of Service (PoC) * [dos] Convert Video jetAudio 8.1.7 - Denial of Service (PoC) * [dos] Lyric Maker 2.0.1.0 - Denial of Service (PoC) * [dos] Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC) * [webapps] Zoho ManageEngine ADSelfService Plus 5.7 * [remote] Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit) * [remote] PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit) * [remote] Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit) * [webapps] NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass Advisories US-Cert Alerts & bulletins

* AA19-122A: New Exploits for Unsecure SAP Systems * AA19-024A: DNS Infrastructure Hijacking Campaign * SB19-133: Vulnerability Summary for the Week of May 6, 2019 * SB19-126: Vulnerability Summary for the Week of April 29, 2019

Symantec - Latest List

* Microsoft XML External Entity Information Disclosure Vulnerability * Microsoft Azure CVE-2019-0816 Security Bypass Vulnerability * Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability * Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability * Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability * Microsoft Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability * Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability * Microsoft Windows LUAFV Driver CVE-2019-0836 Local Privilege Escalation Vulnerability * Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability * Microsoft Azure DevOps Server CVE-2019-0857 Spoofing Vulnerability * Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability * Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability * Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability * Microsoft Azure DevOps Server CVE-2019-0869 HTML Injection Vulnerability * Microsoft Windows MS XML CVE-2019-0793 Remote Code Execution Vulnerability * Microsoft Windows MS XML CVE-2019-0795 Remote Code Execution Vulnerability * Microsoft Windows MS XML CVE-2019-0792 Remote Code Execution Vulnerability * Microsoft Internet Explorer VBScript Engine CVE-2019-0862 Remote Code Execution Vulnerability * Microsoft Open Enclave SDK CVE-2019-0876 Information Disclosure Vulnerability * Microsoft Windows MS XML CVE-2019-0791 Remote Code Execution Vulnerability * Microsoft ASP.NET Core CVE-2019-0815 Denial of Service Vulnerability * Microsoft Edge Chakra Scripting Engine CVE-2019-0739 Remote Memory Corruption Vulnerability * Microsoft Edge CVE-2019-0833 Information Disclosure Vulnerability * Microsoft Edge and Internet Explorer CVE-2019-0764 Tampering Security Bypass Vulnerability * Microsoft Windows JET Database Engine CVE-2019-0879 Remote Code Execution Vulnerability * Microsoft Windows VBScript Engine CVE-2019-0842 Remote Code Execution Vulnerability Packet Storm Security - Latest List

Red Hat Security Advisory 2019-1152-01 Red Hat Security Advisory 2019-1152-01 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a sandbox escape vulnerability. Ubuntu Security Notice USN-3972-1 Ubuntu Security Notice 3972-1 - It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. Red Hat Security Advisory 2019-1151-01 Red Hat Security Advisory 2019-1151-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability. Red Hat Security Advisory 2019-1148-01 Red Hat Security Advisory 2019-1148-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability. Red Hat Security Advisory 2019-1147-01 Red Hat Security Advisory 2019-1147-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include denial of service and traversal vulnerabilities. Red Hat Security Advisory 2019-1145-01 Red Hat Security Advisory 2019-1145-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include an ineffective connection limitation vulnerability. Red Hat Security Advisory 2019-1143-01 Red Hat Security Advisory 2019-1143-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Issues addressed include a bypass vulnerability. Red Hat Security Advisory 2019-1144-01 Red Hat Security Advisory 2019-1144-01 - is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability. Red Hat Security Advisory 2019-1150-01 Red Hat Security Advisory 2019-1150-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability. Red Hat Security Advisory 2019-1146-01 Red Hat Security Advisory 2019-1146-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability. Red Hat Security Advisory 2019-1149-01 Red Hat Security Advisory 2019-1149-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include denial of service and traversal vulnerabilities. Red Hat Security Advisory 2019-1142-01 Red Hat Security Advisory 2019-1142-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include a bypass vulnerability. Debian Security Advisory 4442-1 Debian Linux Security Advisory 4442-1 - A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the - -dSAFER sandbox being enabled). Sqlite3 Window Function Remote Code Execution An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Debian Security Advisory 4441-1 Debian Linux Security Advisory 4441-1 - Multiple vulnerabilities were discovered in the Symfony PHP framework which could lead to cache bypass, authentication bypass, information disclosure, open redirect, cross-site request forgery, deletion of arbitrary files, or arbitrary code execution. Debian Security Advisory 4440-1 Debian Linux Security Advisory 4440-1 - Multiple vulnerabilities were found in the BIND DNS server. Debian Security Advisory 4439-1 Debian Linux Security Advisory 4439-1 - Dean Rasheed discovered that row security policies in the PostgreSQL database system could be bypassed. Texture Canada Unencrypted Third Party Analytics The Texture Canada Android and iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch). dotCMS 5.1.1 Vulnerable Dependencies dotCMS version 5.1.1 suffers from cross site scripting and various other vulnerabilities due to various open source dependencies. Red Hat Security Advisory 2019-1140-01 Red Hat Security Advisory 2019-1140-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.1 serves as a replacement for Red Hat Single Sign-On 7.3.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a deserialization vulnerability. Ubuntu Security Notice USN-3969-2 Ubuntu Security Notice 3969-2 - USN-3969-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed. Red Hat Security Advisory 2019-1131-01 Red Hat Security Advisory 2019-1131-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include a bypass vulnerability. Ubuntu Security Notice USN-3956-2 Ubuntu Security Notice 3956-2 - USN-3956-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Various other issues were also addressed. Ubuntu Security Notice USN-3971-1 Ubuntu Security Notice 3971-1 - Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting attacks. Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information.