Security Pop Quiz! q471.mp3

News

Packet Storm Security

* Ransomware Takes Down Network Of French IT Giant
* Russian Hackers Infiltrated Government Networks
* FDA Vuln Grading System Proves All Risk Not Created Equal
* Nvidia Tackles Code Execution, Data Leaks In GeForce Experience
* German Bundeswehr Starts Own Responsible Disclosure Program

Security Affairs

* Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users
* Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware
* US Treasury imposes sanctions on a Russian research institute behind Triton malware
* Sopra Steria hit by the Ryuk ransomware gang
* Iran-Linked Seedworm APT target orgs in the Middle East

Looking Glass Cyber

* LookingGlass Expands Executive Team Leading Company's Vision of Next-Generation Cybersecurity Product
* Cyveillance business unit acquired by ZeroFOX in groundbreaking partnership
* LookingGlass Cyber Solutions Announces Engagement with Defense Innovation Unit
* Need a (SMB)Ghost Buster? How CloudShield Eclipse Handles SMB Exploits
* Making Cybersecurity Policy Work For You: Tunable Security Mitigation At Attack Speed

securingtomorrow.mcafee.com

Quick Heal

* Quick Heal Supports Windows 10 October 2020 Update
* Want to stay safe and anonymous on the Internet? Consider using a VPN
* The Evergreen Make Utility: A cost-effective way of deployments on Cloud
* Answer these questions to find out how safe your social media profiles are
* Emotet Trojan is back as the world unlocks

Threat Post

* U.S. Levies Sanctions Against Russian Research Institution Linked to Triton Malware
* IoT Device Takeovers Surge 100 Percent in 2020
* Louisiana Calls Out National Guard to Fight Ransomware Surge
* Election Security: Beyond Mail-In Voting
* Georgia Election Data Hit in Ransomware Attack

Naked Security

* S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast]
* Time for a mobile privacy reset?
* Chrome zero-day in the wild - patch now!
* Russian "government hackers" charged with cybercrimes by the US
* Naked Security Live - Ping of Death: are you at risk?

ESET

* Week in security with Tony Anscombe
* Securing medical devices: Can a hacker break your heart?
* Fraudsters crave loyalty points amid COVID‑19
* Google patches Chrome zero‑day under attack
* How safe is your USB drive?

CIS

• September 2020 Top 10 Malware Tue, 20 Oct 2020 12:00:57 +0000
  

  In September 2020, we had 3 malware return to the Top 10: CoinMiner, CryptoWall, and Emotet. The Top 10 Malware variants composed 87% of Total Malware activity in September 2020, up from 78% in August 2020. This increase is largely due to the recent Shlayer campaign ramping up, as the education year begins for universities […]

  The post September 2020 Top 10 Malware appeared first on CIS.

Malware Patrol

* InfoSec Articles (10/03/20 - 10/17/20)
* InfoSec Articles (09/18/20 - 10/02/20)

SecList

• On the trail of the XMRig miner
  As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig.

MySonicWall

Critical Infrastructure

* Bolstering mental health to defend against burnout among security professionals
* Deploying drones to deliver defibrillators
* New research indicates positive perceptions about cybersecurity professionals

* Swissport announces pre-departure rapid testing at Heathrow Airport
* Bolstering mental health to defend against burnout among security professionals
* British Airways fined £20M for data breach

* LA Metropolitan Transportation Authority establishing public safety advisory committee; will explore
* Bolstering mental health to defend against burnout among security professionals
* Deploying drones to deliver defibrillators

Case Studies

* Eliminating vulnerabilities early in the SDLC for Société Française du Radiotele
* DefenTec deploys KeeperMSP to defend from cyberattacks
* EL AL Airlines: Integrating Security into CI/CD with Seeker IAST from Synopsys

* San Diego Unified Port District will develop Homeland Security Strategic Plan with help
* Singapore announces first government use of facial verification tech for national identity program
* Balancing customer relationships and security

Tools

* nfstream 6.2.0
* Sifter 10.4g
* GRR 3.4.2.4
* See-SURF 2.0
* Taken 1.0

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery
* Bludit 3.9.2 Bruteforce Mitigation Bypass
* Tiki Wiki CMS Groupware 21.1 Authentication Bypass
* Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery
* GOautodial 4.0 Shell Upload
* School Faculty Scheduling System 1.0 SQL Injection
* School Faculty Scheduling System 1.0 Cross Site Scripting
* Hrsale 2.0.0 Local File Inclusion
* Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
* WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting

Last 20 Website Defacements - Zone-h

* http://www.khoakanun.go.th
* https://nongtaphan.go.th
* http://pariwisata.florestimurkab.go.id/robots.txt
* http://petapariwisata.florestimurkab.go.id
* http://www.cfee.gob.ar/whops.html
* http://www.mairie-saint-marcel.fr
* http://pkpt.litbang.pu.go.id/perpustakaan/repository/logs.txt
* http://pn-raha.go.id/perpustakaan/repository/logs.txt
* http://pn-masamba.go.id/perpustakaan/repository/logs.txt
* http://perpus.pn-kasongan.go.id/repository/logs.txt
* https://iesloustauval.juntaextremadura.net/images/logs.txt
* https://cptrajano.juntaextremadura.net/images/logs.txt
* https://pn-lamongan.go.id/perpustakaan/repository/logs.txt
* https://observatorionacional.cnj.jus.br/observatorionacional/images/logs.txt
* https://pa-jember.go.id/perpustakaan/repository/logs.txt
* http://pn-kasongan.go.id/perpus/repository/logs.txt
* https://portaldoartesanato.jaboatao.pe.gov.br
* https://seplav.jaboatao.pe.gov.br
* http://e-sic.jaboatao.pe.gov.br
* https://educacao.jaboatao.pe.gov.br

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-4599-1 Fri, 23 Oct 2020 13:11:09 GMT
  Ubuntu Security Notice 4599-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.
• Gentoo Linux Security Advisory 202010-07 Fri, 23 Oct 2020 13:11:03 GMT
  Gentoo Linux Security Advisory 202010-7 - A buffer overflow in FreeType might allow remote attacker(s) to execute arbitrary code. Versions less than 2.10.3-r1 are affected.
• Ubuntu Security Notice USN-4601-1 Thu, 22 Oct 2020 23:56:16 GMT
  Ubuntu Security Notice 4601-1 - It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack.
• Red Hat Security Advisory 2020-4317-01 Thu, 22 Oct 2020 23:56:11 GMT
  Red Hat Security Advisory 2020-4317-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4316-01 Thu, 22 Oct 2020 23:56:03 GMT
  Red Hat Security Advisory 2020-4316-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Ubuntu Security Notice USN-4600-1 Thu, 22 Oct 2020 23:55:57 GMT
  Ubuntu Security Notice 4600-1 - It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information.
• Red Hat Security Advisory 2020-4315-01 Thu, 22 Oct 2020 23:55:51 GMT
  Red Hat Security Advisory 2020-4315-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4310-01 Thu, 22 Oct 2020 23:55:44 GMT
  Red Hat Security Advisory 2020-4310-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4312-01 Thu, 22 Oct 2020 17:19:48 GMT
  Red Hat Security Advisory 2020-4312-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include an XML injection vulnerability.
• Red Hat Security Advisory 2020-4311-01 Thu, 22 Oct 2020 17:19:42 GMT
  Red Hat Security Advisory 2020-4311-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4307-01 Thu, 22 Oct 2020 17:19:35 GMT
  Red Hat Security Advisory 2020-4307-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Ubuntu Security Notice USN-4598-1 Thu, 22 Oct 2020 17:19:28 GMT
  Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
• Ubuntu Security Notice USN-4597-1 Thu, 22 Oct 2020 17:18:38 GMT
  Ubuntu Security Notice 4597-1 - Fran
• Red Hat Security Advisory 2020-4304-01 Thu, 22 Oct 2020 17:18:18 GMT
  Red Hat Security Advisory 2020-4304-01 - RHACM 2.0.4 images Red Hat Advanced Cluster Management provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2020-4305-01 Thu, 22 Oct 2020 17:17:28 GMT
  Red Hat Security Advisory 2020-4305-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Red Hat Security Advisory 2020-4306-01 Thu, 22 Oct 2020 17:17:18 GMT
  Red Hat Security Advisory 2020-4306-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Red Hat Security Advisory 2020-4223-01 Thu, 22 Oct 2020 17:17:11 GMT
  Red Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
• Ubuntu Security Notice USN-4588-1 Wed, 21 Oct 2020 21:38:19 GMT
  Ubuntu Security Notice 4588-1 - It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.
• Ubuntu Security Notice USN-4586-1 Wed, 21 Oct 2020 21:38:14 GMT
  Ubuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.
• Ubuntu Security Notice USN-4587-1 Wed, 21 Oct 2020 21:38:07 GMT
  Ubuntu Security Notice 4587-1 - Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4596-1 Wed, 21 Oct 2020 15:52:39 GMT
  Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
• Red Hat Security Advisory 2020-4295-01 Wed, 21 Oct 2020 15:52:31 GMT
  Red Hat Security Advisory 2020-4295-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
• Red Hat Security Advisory 2020-4264-01 Wed, 21 Oct 2020 15:40:32 GMT
  Red Hat Security Advisory 2020-4264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Ubuntu Security Notice USN-4595-1 Wed, 21 Oct 2020 15:40:07 GMT
  Ubuntu Security Notice 4595-1 - It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code.
• Ubuntu Security Notice USN-4594-1 Wed, 21 Oct 2020 15:38:42 GMT
  Ubuntu Security Notice 4594-1 - It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service.