Security Pop Quiz! q107.mp3

News

Packet Storm Security

• U.S. Intelligence Says Huawei Funded By Chinese State Security
• Marcus Hutchins Pleads Guilty To Two Counts Of Banking Malware Creation
• Ransomware Ravages Municipalities Nationwide This Week
• Facebook Fights To Shield Zuckerberg In US Privacy Probe
• Weather Channel Knocked Off-Air In Dangerous Precedent

Security Affairs

• Marcus Hutchins pleads guilty to two counts of banking malware creation
• Avast, Avira, Sophos and other antivirus solutions show problems after
• Google is going to block logins from embedded browsers against MitM phishing attacks
• Hacker broke into super secure French Government’s Messaging App Tchap hours after release
• Facebook admitted to have stored millions of Instagram users’ passwords in plaintext

Looking Glass Cyber

• CACAO: A Future for Collaborative Cybersecurity Course of Action
• Uniting On The Cybersecurity Battleground: The Status of Cyber Threat Information Sharing
• How Ghost Army Tactics Can Help Federal Agencies Win the War on Hackers
• Watch Your BEC This Tax Season
• 10 Hottest Threat Intelligence Platforms In 2019

securingtomorrow.mcafee.com

Quick Heal

• 5 ways to instantly detect a phishing email and save yourself from phishing attack
• PCs fail to boot up / Freeze after receiving Microsoft Windows 9-April-2019 updates and rebooting the PC
• JCry – A Ransomware written in Golang!
• This summer vacation let your kids explore the internet with safety of parental control
• 3059 android malware detected per day in 2018 – Are you still counting on free android antivirus for protection?

Threat Post

• Microsoft’s Latest Patch Hoses Some Antivirus Software
• Three-Fourths of Consumers Don’t Trust Facebook, Threatpost Poll Finds
• Insecure Ride App Database Leaks Data of 300K Iranian Drivers
• Weather Channel Knocked Off-Air in Dangerous Precedent
• Shopify Flaw Exposed Thousands of Merchants’ Revenue, Traffic Numbers

Naked Security

• Facebook: we logged 100x more Instagram plaintext passwords than we thought
• Serious Security: Ransomware you’ll never find – and how to stop it
• Facebook user data used as bargaining chip, according to leaked docs
• Google plays Whack-A-Mole with naughty Android developers
• Chrome flaw on iOS leads to 500 million unwanted pop-up ads

ESET

• Embracing creativity to improve cyber-readiness
• Bug in EA’s Origin client left gamers open to attacks
• Your Android phone can now double as a security key
• Microsoft reveals breach affecting webmail users
• Hackers crack university defenses in just two hours

CIS

• Configuration Security for Remote Endpoints with CIS-CAT Pro Tue, 16 Apr 2019 14:10:42 +0000
  

  Configuration management can be challenging. IT teams can become overwhelmed between various standards, compliance requirements, and security options. As the popularity of remote work grows, so does the complexity of implementing secure configurations. Thankfully, there are consensus-developed security recommendations and tools available to help automate the process. Why do secure configurations matter? Many servers, operating […]

  The post Configuration Security for Remote Endpoints with CIS-CAT Pro appeared first on CIS.

Malware Patrol

• Tips for Establishing Your Security Program
• Infosec Articles (3/15/19 – 3/29/19)

SecList

• New zero-day vulnerability CVE-2019-0859 in win32k.sys
  In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys

MySonicWall

Critical Infrastructure

• Natural Disasters Cost the U.S. $91 Billion in 2018
• Study on Electric Grid Resiliency Finds Urgent Need for Cybersecurity Investments
• Senators Introduce Legislation to Protect Electric Grid from Cyber Attack

• TSA Launches Awareness Campaign for New ID Requirements
• Cargo Theft Numbers Decline
• IATA Releases 2018 Airline Safety Performance

• Chicago Metra Launches ‘COPS’ Crime-Reporting App
• Defense Industry Companies Launch Supply Chain Cybersecurity Task Force
• Cargo Theft Numbers Decline

Case Studies

• When Physical Intrusions Lead to Digital Breaches
• How Unified Device Management Is Critical to BYOD Enterprises
• Security Implications of the Electric Smart Grid

• Collecting Insights and Metrics with Guard Tour Software
• Florida-based Company Protects Government Buildings with Window Film
• Simplify Connected Campus Security

Tools

• OpenSSH 8.0p1
• Raptor WAF 0.6
• Mandos Encrypted File System Unattended Reboot Utility 1.8.4
• Stegano 0.9.3
• GNUnet P2P Framework 0.11.0

• Wipro Invaders Targeted Other Major IT Organization
• Hacker Hijacks a Microsoft Service Using Loophole in Azure Cloud

Exploits

• Oracle Business Intelligence Directory Traversal
• Oracle Business Intelligence And XML Publisher XML Injection
• QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service
• SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
• Atlassian Confluence Widget Connector Macro Velocity Template Injection
• Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference
• ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
• Evernote 7.9 Path Traversal / Code Execution
• LibreOffice Macro Code Execution
• Oracle Java Runtime Environment GlyphIterator::setCurrGlyphID Heap Corruption

Last 20 Website Defacements - Zone-h

• https://ananas.to.leg.br
• https://novaolinda.to.leg.br
• http://paudarco.to.leg.br
• https://dianopolis.to.leg.br
• https://coutodemagalhaes.to.leg.br
• https://itacaja.to.leg.br
• https://itaporadotocantins.to.leg.br
• https://palmeirante.to.leg.br
• https://colinasdotocantins.to.leg.br
• https://bandeirantesdotocantins.to.leg.br
• https://barradoouro.to.leg.br
• https://arapoema.to.leg.br
• http://bantham.go.th/vz.txt
• http://bnda.gov.gh/vz.txt
• http://kema.gov.gh/vz.txt
• http://diasporaaffairs.gov.gh/vz.txt
• http://lekma.gov.gh/vz.txt
• http://www.mwh.gov.gh/vz.txt
• http://effutuma.gov.gh/vz.txt
• http://tma.gov.gh/vz.txt

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-3950-1 Thu, 18 Apr 2019 21:26:20 GMT
  Ubuntu Security Notice 3950-1 - It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Slackware Security Advisory - libpng Updates Thu, 18 Apr 2019 13:08:16 GMT
  Slackware Security Advisory - New libpng packages are available for Slackware 14.2 and -current to fix security issues.
• Gentoo Linux Security Advisory 201904-19 Wed, 17 Apr 2019 23:19:57 GMT
  Gentoo Linux Security Advisory 201904-19 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Versions less than 2.3.5.1 are affected.
• Red Hat Security Advisory 2019-0782-01 Wed, 17 Apr 2019 23:19:43 GMT
  Red Hat Security Advisory 2019-0782-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include code execution and deserialization vulnerabilities.
• Gentoo Linux Security Advisory 201904-18 Wed, 17 Apr 2019 23:19:33 GMT
  Gentoo Linux Security Advisory 201904-18 - A vulnerability in libseccomp allows for privilege escalation. Versions less than 2.4.0 are affected.
• Ubuntu Security Notice USN-3914-2 Wed, 17 Apr 2019 23:19:21 GMT
  Ubuntu Security Notice 3914-2 - USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Various other issues were also addressed.
• Gentoo Linux Security Advisory 201904-17 Wed, 17 Apr 2019 23:19:14 GMT
  Gentoo Linux Security Advisory 201904-17 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the execution of arbitrary code. Versions less than 2.7.6-r3 are affected.
• Red Hat Security Advisory 2019-0778-01 Wed, 17 Apr 2019 17:35:11 GMT
  Red Hat Security Advisory 2019-0778-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a slow conversion of BigDecimal to long.
• Red Hat Security Advisory 2019-0775-01 Wed, 17 Apr 2019 17:34:07 GMT
  Red Hat Security Advisory 2019-0775-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.
• Red Hat Security Advisory 2019-0774-01 Wed, 17 Apr 2019 17:26:59 GMT
  Red Hat Security Advisory 2019-0774-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.
• Debian Security Advisory 4433-1 Wed, 17 Apr 2019 17:26:49 GMT
  Debian Linux Security Advisory 4433-1 - Several vulnerabilities have been discovered in the Rubygems included in the interpreter for the Ruby language, which may result in denial of service or the execution of arbitrary code.
• Debian Security Advisory 4432-1 Wed, 17 Apr 2019 17:25:59 GMT
  Debian Linux Security Advisory 4432-1 - Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.
• Ubuntu Security Notice USN-3918-4 Wed, 17 Apr 2019 17:25:49 GMT
  Ubuntu Security Notice 3918-4 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
• Ubuntu Security Notice USN-3949-1 Tue, 16 Apr 2019 23:52:56 GMT
  Ubuntu Security Notice 3949-1 - It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.
• Ubuntu Security Notice USN-3948-1 Tue, 16 Apr 2019 23:52:51 GMT
  Ubuntu Security Notice 3948-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
• Red Hat Security Advisory 2019-0766-01 Tue, 16 Apr 2019 23:52:42 GMT
  Red Hat Security Advisory 2019-0766-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2019-0765-01 Tue, 16 Apr 2019 22:23:26 GMT
  Red Hat Security Advisory 2019-0765-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
• Gentoo Linux Security Advisory 201904-15 Tue, 16 Apr 2019 22:22:59 GMT
  Gentoo Linux Security Advisory 201904-15 - A vulnerability in libTIFF could lead to a Denial of Service condition. Versions less than 4.0.10 are affected.
• Ubuntu Security Notice USN-3947-2 Tue, 16 Apr 2019 22:22:47 GMT
  Ubuntu Security Notice 3947-2 - USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
• Gentoo Linux Security Advisory 201904-16 Mon, 15 Apr 2019 23:23:23 GMT
  Gentoo Linux Security Advisory 201904-16 - Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could result in the arbitrary execution of code. Versions less than 4.8.4 are affected.
• Ubuntu Security Notice USN-3947-1 Mon, 15 Apr 2019 18:32:22 GMT
  Ubuntu Security Notice 3947-1 - It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information.
• Debian Security Advisory 4431-1 Mon, 15 Apr 2019 16:33:02 GMT
  Debian Linux Security Advisory 4431-1 - Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code.
• Gentoo Linux Security Advisory 201904-14 Mon, 15 Apr 2019 12:12:12 GMT
  Gentoo Linux Security Advisory 201904-14 - Multiple vulnerabilities have been found in GnuTLS, the worst of which could result in a Denial of Service condition. Versions less than 3.6.7 are affected.
• Ubuntu Security Notice USN-3945-1 Fri, 12 Apr 2019 15:21:31 GMT
  Ubuntu Security Notice 3945-1 - It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
• Ubuntu Security Notice USN-3946-1 Fri, 12 Apr 2019 15:21:06 GMT
  Ubuntu Security Notice 3946-1 - It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands.