Windows 10: Cisco zero-day exploited in the wild to crash and reload devices

Borg 386 · Nov 5, 2018

The Cisco security team has revealed earlier the existence of a zero-day vulnerability affecting products that run Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.

The vulnerability has been exploited in the wild, according to a security advisory the company published a few hours ago. No patches are available at the time of writing.
Click to expand...

Cisco says CVE-2018-15454 "could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition."

Because SIP inspection is enabled by default in all ASA and FTD software packages, a large number of Cisco devices are believed to be vulnerable. Cisco has already confirmed that the following products are affected if they run ASA 9.4 and later, or FTD 6.0 and later:

3000 Series Industrial Security Appliance (ISA)

ASA 5500-X Series Next-Generation Firewalls

ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers

Adaptive Security Virtual Appliance (ASAv)

Firepower 2100 Series Security Appliance

Firepower 4100 Series Security Appliance

Firepower 9300 ASA Security Module

FTD Virtual (FTDv)

Until Cisco ships ASA and FTD software updates to address with this vulnerability, Cisco has provided three mitigations that devices owners can take and prevent a remote attacker from crashing their equipment.

The most obvious one is for device owners to disable SIP inspection. Second, if device owners have managed to identify an attacker's IP address, they can block traffic from that IP using the ASA and FTD traffic filtering systems at their disposal.

Furthermore, Cisco says that malicious traffic that has been observed in attacks until now has also used the 0.0.0.0 IP address for the "Sent-by Address" field, which also makes it easy for companies to filter an attacker's incoming traffic.

Step-by-step information on how to configure these mitigations, but also on how to determine if an ASA or FTD device has been hit by CVE-2018-15454 are available in Cisco's advisory.
Click to expand...

https://tools.cisco.com/security/cen...asaftd-sip-dos

Cisco zero-day exploited in the wild to crash and reload devices | ZDNet

:)

Borg 386 · Nov 5, 2018

Java zero-day security flaw exploited in the wild

Oracle is working with Trend Micro to patch the problem. Until a fix is issued, users concerned about falling victim to the exploit should temporarily disable Java in their browser.
Click to expand...

The Java zero-day is reportedly being exploited through drive-by downloads on the latest version of Java, version 1.8.0.45. Trend Micro says older versions, Java 1.6 and 1.7 are not affected by this zero-day exploit.
Click to expand...

Although no details have been released on delivery -- unsurprising, considering a patch is yet to be issued -- the exploit code, TROJ_DROPPR.CXC, drops a payload called TSPY_FAKEMS.C into the login user folder.
Click to expand...

Java zero-day security flaw exploited in the wild | ZDNet

Borg 386 · Nov 5, 2018

Adobe readies emergency patch for Flash zero-day bug exploited in the

Adobe readies emergency patch for Flash zero-day bug exploited in the wild

Adobe has told users that an emergency patch is being prepared for a Flash zero-day vulnerability being exploited in the wild which can give attackers complete control.

On Tuesday, the tech giant said in a security advisory that CVE-2016-1019, the zero-day security flaw, is a critical issue which exists in affects Adobe Flash Player 21.0.0.197 and earlier. The bug impacts Windows, Mac, Linux and Chrome operating systems.
The Flash zero-day "could cause a crash and potentially allow an attacker to take control of the affected system" if exploited, according to Adobe.
Click to expand...

the exploit is a serious issue, and so Adobe is readying a patch which is due to be released as soon as April 7. In the meantime, users should make sure their version of Flash is as up-to-date as possible.
Click to expand...

Adobe readies emergency patch for Flash zero-day bug exploited in the wild | ZDNet

Phone Man · Nov 5, 2018

New Flash Player Zero-Day in The Wild

A new flaw in latest version of Flash to be patched next week.
On my systems I use the free version of Malwarebytes Anti-Exploit to protect my systems.
I guess we will see another updated from MS also.

https://blog.malwarebytes.org/zero-d..._medium=social

Jim *Cool

Windows 10: Cisco zero-day exploited in the wild to crash and reload devices

Cisco zero-day exploited in the wild to crash and reload devices

Cisco zero-day exploited in the wild to crash and reload devices

Cisco zero-day exploited in the wild to crash and reload devices

Cisco zero-day exploited in the wild to crash and reload devices - Similar Threads - Cisco zero exploited

Windows 10 zero-day exploit code released online

Temporary micropatch available for zero-day Windows exploit

Adobe readies emergency patch for Flash zero-day bug exploited in the

Second Flash Player zero-day exploit found in Hacking Team's data

Java zero-day security flaw exploited in the wild

Shadow Brokers Release Zero Day Exploit Tools

Kaspersky Lab discovers Adobe Flash Zero Day used in the wild

Use Anti-Exploit Program to Help Protect Your PC From Zero-Day Attack

New Flash Player Zero-Day in The Wild