The UCLA Information Security Office is providing the campus community with notice of a recently-disclosed vulnerability affecting web servers that utilize server-side scripting in CGI-like environments. This includes web servers utilizing PHP, Apache Tomcat, Python, Go, and others. The vulnerability allows attackers to remotely set the value of the environment variable HTTP_PROXY, allowing them to redirect outgoing server communication from the web server, consume web server resources, and proxy outgoing responses through other, intermediate servers.
Articles
A highly critical vulnerability found in the GNU C Library (glibc) has been announced that affects most Linux distributions, leaving thousands of apps and electronic devices vulnerable to hackers that can take full control over them.
The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program’s memory with code. This code then compromises the vulnerable application and tries to take control over the whole system.
The Office of the Executive Vice Chancellor and Provost posted a campuswide cybersecurity initiative update on May 27, 2016. In it, EVC & Provost Waugh explains that technology enhancements are being deployed across the campus that will strengthen and better align our systems.
Several governance groups, comprised of academic and administrative members, are involved in reviewing the technologies to consider the impacts on privacy and academic freedom.
Microsoft has released 12 security bulletins for the last “Patch Tuesday” of the year, eight of which are rated as critical for remote code execution vulnerabilities.
Please pay special attention to MS15-127 which fixes a vulnerability that allows attackers to work a remote code execution with a DNS query. Attackers that exploit MS15-127 would gain control over the server and execute code in the system context. The attack is remote and does not require authentication.
DROWN attack is a new critical vulnerability that affects HTTP and services that rely on SSL and TLS.
These services are some of the most important for Internet security.
Multiple security vulnerabilities have been found in ImageMagick, an image processing library that is commonly used by millions of websites globally. The vulnerabilities can result in remote code execution on websites that allow user-submitted images. Due to dependencies on the ImageMagick library by other commonly-used plugins for PHP, Ruby, and nodejs, this vulnerability can potentially impact a large number of web services.
The popular online website where students go to rate their professors has been compromised. All registered users of RateMyProfessors.com have been notified via email of this security breach. Hackers could have possibly acquired the email addresses and passwords of some registered users.
MSIL/Samas.A (Samas), is a new and sophisticated variant of ransomware used in several significant ransomware attacks affecting medium and large‐sized critical infrastructure organizations in Southern California.
