Security Pop Quiz! q85.mp3

News

Packet Storm Security

* Digital Artists Targeted In RedLine Infostealer Campaign
* Utilities Concerningly At Risk From Active Exploits
* Apple Hurries Patches For Safari Bugs Under Active Attack
* Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched
* TimeCache Aims To Block Side-Channel Cache Attacks

Security Affairs

* Cyberium malware-hosting domain employed in multiple Mirai variants campaigns
* Fujifilm restores operations after recent ransomware attack
* The source code of the Paradise Ransomware was leaked on XSS hacking forum
* Former NSA contractor Reality Winner who leaked gov report will be released on November
* Instagram flaw allowed to see private, archived Posts/Stories of users without following them

Looking Glass Cyber

securingtomorrow.mcafee.com

* A New Program for Your Peloton – Whether You Like It or Not
* Is Your Peloton Spinning Up Malware?
* McAfee Named a 2021 Gartner Peer Insights Customers’ Choice for SWG
* How to Prepare for Your Child’s First Smartphone
* McAfee a Leader in The Forrester Wave™ Unstructured Data Security Platforms

Quick Heal

* Google Play store applications laced with Joker malware yet again
* Cobalt Strike 2021 - Analysis of Malicious PowerShell Attack Framework
* LinkedIn Phishing Scam: Hackers target users with fake job offers
* Quick Heal announces SHA-1 deprecation for its products
* Quick Heal Supports Windows 10 May 2021 Update (Version 21H1)

Threat Post

* Researchers: Booming Cyber-Underground Market for Initial-Access Brokers
* Peloton Bike+ Bug Gives Hackers Complete Control
* Millions of Connected Cameras Open to Eavesdropping
* Malicious PDFs Flood the Web, Lead to Password-Snarfing
* Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign

Naked Security

* "Face of Anonymous" suspect deported from Mexico to face US hacking charges
* ALPACA - the wacky TLS security vulnerability with a funky name
* S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast]
* Chrome zero-day, hot on the heels of Microsoft's IE zero-day. Patch now!
* How could the FBI recover BTC from Colonial's ransomware payment?

ESET

* Microsoft takes down large‑scale BEC operation
* Vishing: What is it and how do I avoid getting scammed?
* Week in security with Tony Anscombe
* Tracking ransomware cryptocurrency payments: What now for Bitcoin?
* Google fixes actively exploited Chrome zero‑day

CIS

• Back to Normal? Remember Cybersecurity Awareness Training! Mon, 14 Jun 2021 20:16:07 +0000
  

  Many offices are opening their doors and welcoming employees back to the workplace for the first time since the COVID-19 pandemic started. The transition from home to the office will likely be as difficult as the transition from the workplace to a work-from-home environment a year ago. Old routines may have to be relearned, and […]

  The post Back to Normal? Remember Cybersecurity Awareness Training! appeared first on CIS.

Malware Patrol

* InfoSec Articles (05/24/21 - 06/07/21)
* InfoSec Articles (05/10/21 - 05/24/21)

SecList

• Ferocious Kitten: 6 years of covert surveillance in Iran
  Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

MySonicWall

Critical Infrastructure

* A bill in Louisiana would double fines for drones flying over critical infrastructure
* U.S. to issue first cybersecurity regulations after Colonial Pipeline ransomware attack
* Securitas North America partners with National Center for Missing & Exploited Children to provide ext

* 2 million people travel by air in the U.S.; biggest daily tally since COVID-19 pandemic began
* DHS to support TSA screening officer workforce
* Securitas North America partners with National Center for Missing & Exploited Children to provide ext

* San Jose rail yard mass shooting marks at least the 232nd mass shooting thus far in 2021
* Securitas North America partners with National Center for Missing & Exploited Children to provide ext
* NYPD to ramp up police presence in the subway

Case Studies

* Notorious cybersecurity attacks in history and how to prevent them
* Disinformation: Companies in the crosshairs
* A first-hand account of ransomware: To pay or not to pay

* Pittsburgh suburb installs surveillance cameras to stop vandalism and littering
* Video surveillance installed in Prichard, Alabama
* Florida school districts to implement badge-based panic alarm system

Tools

* Hashcat Advanced Password Recovery 6.2.2 Source Code
* Hashcat Advanced Password Recovery 6.2.2 Binary Release
* TOR Virtual Network Tunneling Tool 0.4.6.5
* tcpdump 4.99.1
* nfstream 6.3.2

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* SAP Netweaver JAVA 7.50 Missing Authorization
* Client Management System 1.1 SQL Injection
* Client Management System 1.1 Cross Site Scripting
* IPFire 2.25 Remote Code Execution
* HashiCorp Nomad Remote Command Execution
* Brother BRPrint Auditor 3.0.7 Unquoted Service Path
* XML External Entity Via MP3 File Upload On WordPress
* Polkit 0.105-26 0.117-2 Privilege Escalation
* Online Library Management System 2.0 Cross Site Request Forgery
* Brother BRAgent 1.38 Unquoted Service Path

Last 20 Website Defacements - Zone-h

* http://buolkab.go.id/oh.php
* https://padangsidimpuankota.go.id/oh.php
* http://dprd-brebeskab.go.id/o.txt
* http://tc.sep.gov.mk/noname.html
* http://www.nongchaisri.go.th
* http://www.banyanglocal.go.th
* http://munibongara.gob.pe/sh1raoka.htm
* https://www.nk.go.th/galau.html
* https://dpp.go.ug/id.html
* http://comprensivoleini.gov.it/rn.html
* https://padanglawasutarakab.go.id/yoloo.php
* http://kehadiran.bkpsdm.natunakab.go.id/hyme.html
* http://ibadah.bkpsdm.natunakab.go.id/hyme.html
* http://www.esatu.bkpsdm.natunakab.go.id/hyme.html
* http://revista.hospitaltacna.gob.pe/public/site/images/krz/kz.gif
* https://www.inspilip.gob.ec/OJS/public/site/images/krz/kz.gif
* https://chronos.samu.fortaleza.ce.gov.br/public/site/images/krz/kz.gif
* https://ejournal3.kemsos.go.id/public/site/images/krz/kz.gif
* http://makassar.lan.go.id/jap/public/site/images/krz/kz.gif
* https://jurnalsetjen.kemendagri.go.id/public/site/images/krz/kz.gif

Press Play to hear the answer!

Advisories

• SAP Solution Manager 7.20 Missing Authorization Tue, 15 Jun 2021 15:49:33 GMT
  Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.
• Red Hat Security Advisory 2021-2439-01 Tue, 15 Jun 2021 15:49:18 GMT
  Red Hat Security Advisory 2021-2439-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section. Issues addressed include a cross site request forgery vulnerability.
• Red Hat Security Advisory 2021-2417-01 Tue, 15 Jun 2021 15:46:42 GMT
  Red Hat Security Advisory 2021-2417-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
• SAP XMII Remote Code Execution Tue, 15 Jun 2021 15:43:56 GMT
  By abusing a code injection vulnerability in SAP MII, an authenticated user with SAP XMII developer privileges could execute code (including OS commands) on the server. Versions affected include XMII 15.1 lower than SP006 PL 000062, XMII 15.2 lower than SP003 PL 000038, XMII 15.3 lower than SP001 PL 000022, and XMII 15.4 lower than SP001 PL 000007.
• SAP Solution Manager 7.2 Missing Authorization Tue, 15 Jun 2021 15:34:47 GMT
  Any authenticated user of the SAP Solution Manager version 7.2 is able to craft, upload, and execute EEM scripts on the SMDAgents affecting its integrity, confidentiality and availability.
• SAP Solution Manager 7.2 File Disclosure / Denial Of Service Tue, 15 Jun 2021 15:32:58 GMT
  The End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager version 7.2, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive OS files and affect the availability of the EEM robots connected to the SolMan.
• SAP Wily Introscope Enterprise Default Hard-Coded Credentials Tue, 15 Jun 2021 15:23:02 GMT
  SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from having default hard-coded credentials.
• Red Hat Security Advisory 2021-2420-01 Tue, 15 Jun 2021 15:18:36 GMT
  Red Hat Security Advisory 2021-2420-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• SAP Wily Introscope Enterprise OS Command Injection Tue, 15 Jun 2021 15:04:10 GMT
  SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.
• Ubuntu Security Notice USN-4988-1 Tue, 15 Jun 2021 15:01:25 GMT
  Ubuntu Security Notice 4988-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
• Red Hat Security Advisory 2021-2419-01 Tue, 15 Jun 2021 15:01:13 GMT
  Red Hat Security Advisory 2021-2419-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-2286-01 Tue, 15 Jun 2021 14:59:25 GMT
  Red Hat Security Advisory 2021-2286-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. Issues addressed include a remote shell upload vulnerability.
• Red Hat Security Advisory 2021-2422-01 Tue, 15 Jun 2021 14:53:19 GMT
  Red Hat Security Advisory 2021-2422-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
• SAP Hybris eCommerce Information Disclosure Tue, 15 Jun 2021 14:51:38 GMT
  SAP Hybris eCommerce versions 1808, 1811, 1905, and 2005 suffer from a vulnerability that allows for exposure of sensitive information.
• Red Hat Security Advisory 2021-2416-01 Tue, 15 Jun 2021 14:51:01 GMT
  Red Hat Security Advisory 2021-2416-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-2414-01 Tue, 15 Jun 2021 14:50:28 GMT
  Red Hat Security Advisory 2021-2414-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• SAP Hybris eCommerce Server-Side Request Forgery Tue, 15 Jun 2021 14:47:54 GMT
  An unauthenticated server-side request forgery vulnerability exists in SAP Hybris acceleratorservices. This means that anyone accessing this extension is able to use it to make arbitrary HTTP requests, bypassing network restrictions. Versions affected include 1808, 1811, 1905, and 2005.
• Red Hat Security Advisory 2021-2415-01 Tue, 15 Jun 2021 14:44:42 GMT
  Red Hat Security Advisory 2021-2415-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-2418-01 Tue, 15 Jun 2021 14:41:42 GMT
  Red Hat Security Advisory 2021-2418-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-2374-01 Mon, 14 Jun 2021 15:54:54 GMT
  Red Hat Security Advisory 2021-2374-01 - Openshift Logging Bug Fix Release (5.0.5) addresses a lack of index validation in plugin/unmarshal/unmarshal.go .
• Chrome SandboxedUnpacker Unsafe Shared Memory Use Mon, 14 Jun 2021 15:50:50 GMT
  SandboxedUnpacker in Chrome uses shared memory in an unsafe fashion.
• Red Hat Security Advisory 2021-2405-01 Mon, 14 Jun 2021 15:49:07 GMT
  Red Hat Security Advisory 2021-2405-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-2397-01 Mon, 14 Jun 2021 15:46:39 GMT
  Red Hat Security Advisory 2021-2397-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.
• Red Hat Security Advisory 2021-2396-01 Mon, 14 Jun 2021 15:44:57 GMT
  Red Hat Security Advisory 2021-2396-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.
• Red Hat Security Advisory 2021-2394-01 Mon, 14 Jun 2021 15:43:20 GMT
  Red Hat Security Advisory 2021-2394-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.