September 21, SecurityWeek – (International) MacOS 10.12 patches over 60 vulnerabilities. Apple Inc., released the final version of its Mac operating system (OS) Sierra 10.12 resolving at least 65 vulnerabilities, including 16 flaws in the “apache_mod_php” module that could lead to arbitrary code execution or unexpected application termination, as well as denial-of-service issues and arbitrary code execution flaws in Apple’s implementation of Apache, Audio, and Bluetooth, among other components. Apple also released Safari 10, macOS Server 5.2, and iCloud for Windows 6.0 patching a flaw in WebKit that could lead to arbitrary code execution when a device is processing specially crafted Web content, among other vulnerabilities. Source
September 21, SecurityWeek – (International) Over 840,000 Cisco devices affected by NSA-linked flaw. The Shadowserver Foundation reported that as of September 21, more than 840,000 Cisco devices, including 255,000 in the U.S. were found to be affected by the vulnerability in Cisco’s IOS, IOS XE, IOS XR software Internet Key Exchange version 1 (IKEv1) packet processing code that can be exploited by a remote, unauthenticated attacker to access memory content potentially containing sensitive information, which was originally discovered following the Shadow Brokers leak. Source
September 21, Softpedia – (International) Security bug lets hackers steal Monero, today’s 2nd most popular cryptocurrency. A security researcher at MWR Labs discovered that Monero’s Simplewallet tool was plagued with a cross-site request forgery (CSRF) flaw that can be exploited to empty a user's Simplewallet and potentially initiate the command and transfer of the user’s funds after an attacker issued malicious commands to a Remote Procedure Call (RPC) service on port 18082 using maliciously crafted JavaScript code. Monero stated it was working to develop a Simplewallet user interface without the vulnerable RPC service. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report