Security Pop Quiz! q414.mp3

News

Packet Storm Security

* Lockheed Martin's Army Cyber Training Platform Goes Civilian
* SF Votes To Give Cop Robots Permission To Kill
* How Secure A Twitter Replacement Is Mastodon?
* It Took Nearly 500 Years For Researchers To Crack Charles V's Secret Code
* Crypto Firm BlockFi Files For Bankruptcy After FTX Collapse

Security Affairs

* North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea
* Lastpass discloses the second security breach this year
* Google links three exploitation frameworks to Spanish commercial spyware vendor Variston
* Attackers abused the popular TikTok Invisible Challenge to spread info-stealer
* China-linked UNC4191 APT relies on USB Devices in attacks against entities in the Philippines

Looking Glass Cyber

securingtomorrow.mcafee.com

* Fake Security App Found Abuses Japanese Payment System
* What Are Tailgating Attacks and How to Protect Yourself From Them
* McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life
* What is Antivirus and What Does It Really Protect?
* “This Connection Is Not Private” - What it Means and How to Prote

Quick Heal

* Your Data and Devices are safe with Quick Heal
* Quick Heal Launches an all new version 23 - Smart, Secure and Sustainable
* QBOT - A HTML Smuggling technique to target victims
* Are Malware operators using NSIS Installers to bombard Stealers and avoid detection?
* A DEEP DIVE INTO NEW 64 BIT EMOTET MODULES

Threat Post

* Student Loan Breach Exposes 2.5M Records
* Watering Hole Attacks Push ScanBox Keylogger
* Tentacles of '0ktapus' Threat Group Victimize 130 Firms
* Ransomware Attacks are on the Rise
* Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Naked Security

* Serious Security: MD5 considered harmful - to the tune of $600,000
* TikTok "Invisible Challenge" porn malware puts us all at risk
* Chrome fixes 8th zero-day of 2022 - check your version now (Edge too!)
* Voice-scamming site "iSpoof" seized, 100s arrested in massive crackdown
* S3 Ep110: Spotlight on cyberthreats - an expert speaks [Audio + Text]

ESET

* Who's swimming in South Korean waters? Meet ScarCruft's Dolphin
* RansomBoggs: New ransomware targeting Ukraine
* Spyware posing as VPN apps - Week in security with Tony Anscombe
* Know your payment options: How to shop and pay safely this holiday season
* 10 tips to avoid Black Friday and Cyber Monday scams

CIS

• CTA "mud" Actively Leaking K-12 Directories on Breach Forums Tue, 29 Nov 2022 08:28:00 -0500
  A cyber threat actor (CTA) on “Breach Forums” who's employing the username “Mud” is actively leaking K-12 entities’ student/faculty directories.

Malware Patrol

* New OSINT Feeds ‣ High Risk IPs ‣ Risk Indicators ‣ Tor Exit Nodes
* InfoSec Articles (11/08/2022 - 11/22/2022)

SecList

• Kaspersky Security Bulletin 2022. Statistics
  Key statistics for 2022: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT.

MySonicWall

Critical Infrastructure

* Building tailored cyber resilience for critical infrastructure
* Stuck in the cybersecurity talent chasm? Here's how industrial organizations can climb out
* A case for market-driven cybersecurity in critical infrastructure

* Building tailored cyber resilience for critical infrastructure
* Enhance security at mass transit hubs with radio frequency technology
* 75% of air travelers prefer biometric identification over passports

* Building tailored cyber resilience for critical infrastructure
* Enhance security at mass transit hubs with radio frequency technology
* Risk mitigation tactics for modern distribution centers

Case Studies

* The Old Spaghetti Factory restaurant chain ups network & physical security
* K-8 students learn cybersecurity through gamification
* Electric company uses SAP monitoring to bolster cybersecurity

* Soccer stadiums in Mexico add biometrics to ticketing process
* How security technology can support prison systems
* License plate recognition boosts efficiency at Sonny's The CarWash Factory

Tools

* Clam AntiVirus Toolkit 1.0.0
* Suricata IDPE 6.0.9
* Falco 0.33.1
* Zeek 5.0.4
* Packet Fence 12.1.0

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* perfSONAR 4.4.5 Cross Site Request Forgery
* perfSONAR 4.4.4 Open Proxy / Relay
* Microsoft Exchange ProxyNotShell Remote Code Execution
* OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
* Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
* Remote Control Collection Remote Code Execution
* Concrete CMS 9.1.3 XPATH Injection
* vBulletin 5.5.2 PHP Object Injection
* Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential
* Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw

Last 20 Website Defacements - Zone-h

* http://plataforma.senasa.gob.hn/0x.html
* http://viaticos.senasa.gob.hn/0x.html
* http://consulta-gestion.congresogto.gob.mx/0x.html
* https://birohukum.jogjaprov.go.id/0x.html
* https://orindiuva.sp.gov.br
* https://hrdac-cerrodepasco.gob.pe/kurd.html
* https://bp3kelistrikan.dpupesdm.jogjaprov.go.id/0x.html
* https://bp3pertambangan.dpupesdm.jogjaprov.go.id/0x.html
* https://alpha.westsussex.gov.uk
* https://pkmnagrak.cianjurkab.go.id/nagrak/storage/app/public/artikel/0fw6Dp37yysIQLAKUL1Yo8eEDea6L07M
* https://pkmcianjurkota.cianjurkab.go.id/pkmkota/storage/app/public/artikel/JdniaJ5uH4Wtxvwn4wYU7vWAxJ
* https://pkmmuka.cianjurkab.go.id/muka/storage/app/public/artikel/mZch2b7o1Pwk5RYuVsEvnD5p1gteaZKGPgGt
* http://b2bwebapp5uat.microsoft.com/o.txt
* http://nexusdev.microsoft.com/awokawok.php
* http://kituat.one.microsoft.com/o.txt
* http://api.eduhub.microsoft.com
* http://perpustakaan.kemenkopmk.go.id/perpus/perpus/repository/hck.txt
* https://www.e-perpus.kejari-cirebonkab.go.id/repository/hck.txt
* https://inspektorat.balangankab.go.id/hbd.php
* https://pupr.balangankab.go.id/hbd.php

Press Play to hear the answer!

Advisories

• Intel Data Center Manager 4.1.1.45749 Authentication Bypass / Spoofing Wed, 30 Nov 2022 20:48:27 GMT
  Intel Data Center Manager versions 4.1.1.45749 and below suffer from an authentication bypass vulnerability via spoofing.
• Ubuntu Security Notice USN-5718-2 Wed, 30 Nov 2022 20:39:52 GMT
  Ubuntu Security Notice 5718-2 - USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-5750-1 Wed, 30 Nov 2022 20:39:38 GMT
  Ubuntu Security Notice 5750-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service.
• Ubuntu Security Notice USN-5749-1 Wed, 30 Nov 2022 20:39:29 GMT
  Ubuntu Security Notice 5749-1 - Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash.
• Ubuntu Security Notice USN-5728-3 Wed, 30 Nov 2022 20:39:15 GMT
  Ubuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Red Hat Security Advisory 2022-8669-01 Wed, 30 Nov 2022 20:39:00 GMT
  Red Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
• Red Hat Security Advisory 2022-8679-01 Wed, 30 Nov 2022 20:38:53 GMT
  Red Hat Security Advisory 2022-8679-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.
• Red Hat Security Advisory 2022-8673-01 Wed, 30 Nov 2022 20:38:47 GMT
  Red Hat Security Advisory 2022-8673-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
• Red Hat Security Advisory 2022-8680-01 Wed, 30 Nov 2022 20:38:42 GMT
  Red Hat Security Advisory 2022-8680-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.
• Ubuntu Security Notice USN-5745-2 Wed, 30 Nov 2022 20:38:24 GMT
  Ubuntu Security Notice 5745-2 - USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation.
• Ubuntu Security Notice USN-5748-1 Wed, 30 Nov 2022 20:38:02 GMT
  Ubuntu Security Notice 5748-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2022-8686-01 Wed, 30 Nov 2022 20:37:02 GMT
  Red Hat Security Advisory 2022-8686-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
• Red Hat Security Advisory 2022-8685-01 Wed, 30 Nov 2022 20:36:49 GMT
  Red Hat Security Advisory 2022-8685-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a memory leak vulnerability.
• Ubuntu Security Notice USN-5689-2 Wed, 30 Nov 2022 20:35:49 GMT
  Ubuntu Security Notice 5689-2 - USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification.
• Red Hat Security Advisory 2022-8662-01 Tue, 29 Nov 2022 16:05:16 GMT
  Red Hat Security Advisory 2022-8662-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
• Red Hat Security Advisory 2022-8663-01 Tue, 29 Nov 2022 16:05:05 GMT
  Red Hat Security Advisory 2022-8663-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
• Ubuntu Security Notice USN-5747-1 Tue, 29 Nov 2022 16:04:20 GMT
  Ubuntu Security Notice 5747-1 - It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources, leading to a denial of service. It was discovered that Bind incorrectly handled large zone data size received via AXFR response. A remote authenticated attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS.
• Red Hat Security Advisory 2022-8626-01 Tue, 29 Nov 2022 16:04:11 GMT
  Red Hat Security Advisory 2022-8626-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. Issues addressed include a denial of service vulnerability.
• Ubuntu Security Notice USN-5746-1 Tue, 29 Nov 2022 16:03:54 GMT
  Ubuntu Security Notice 5746-1 - Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service.
• Debian Security Advisory 5291-1 Tue, 29 Nov 2022 16:03:27 GMT
  Debian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.
• Red Hat Security Advisory 2022-8652-01 Tue, 29 Nov 2022 16:03:19 GMT
  Red Hat Security Advisory 2022-8652-01 - This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.
• Ubuntu Security Notice USN-5745-1 Mon, 28 Nov 2022 15:46:38 GMT
  Ubuntu Security Notice 5745-1 - Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization.
• Red Hat Security Advisory 2022-8639-01 Mon, 28 Nov 2022 15:46:20 GMT
  Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
• Red Hat Security Advisory 2022-8638-01 Mon, 28 Nov 2022 15:46:10 GMT
  Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
• Red Hat Security Advisory 2022-8643-01 Mon, 28 Nov 2022 15:46:00 GMT
  Red Hat Security Advisory 2022-8643-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.