Security Pop Quiz! q480.mp3

News

Packet Storm Security

• Instagram Asks Researchers To Check Out Checkout Feature
• Researcher Publishes Second Steam Zero Day
• Capital One Hacker Requests Release From Jail
• Google And Mozilla Move To Stop Kazakhstan Snooping
• First Half Of 2019 Sees 4,000 Data Breaches Exposing 4B Records

Security Affairs

• A new Zero-Day in Steam client impacts over 96 million Windows users
• DoS attacks against most used default Tor bridges could be very cheap
• Romania is going to exclude Huawei from its 5G Network
• China-linked APT41 group targets US-Based Research University
• The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Looking Glass Cyber

• Solving Today’s Cybersecurity Challenges with a Cybersecurity Fabric
• The Mitre ATT&CK Conference
• Afraid of the Dark: Cyber Threats to the Energy Sector (Part Two)
• FS-ISAC Fall Summit
• CIA Tech Expo

securingtomorrow.mcafee.com

• Data Residency: A Concept Not Found In The GDPR
• Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks
• Chris Young and Ken McCray Recognized on CRN’s 2019 Top 100 Executives List
• The Cybersecurity Playbook: Why I Wrote a Cybersecurity Book
• ST07: Protecting IP in Healthcare with Andrew Lancashire and Sumit Sehgal

Quick Heal

• Phishers using custom 404 Not Found error page to steal Microsoft credentials
• Alert! 27 apps found on Google Play Store that prompt you to install Fake Google Play Store
• Alert! Income tax refund SMS – Newest way of conducting bank fraud by cyber criminals
• Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners
• MegaCortex Returns…

Threat Post

• Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban
• The Texas Ransomware Attacks: A Gamechanger for Cybercriminals
• Cisco Patches Six Critical Bugs in UCS Gear and Switches
• Backdoor Found in Utility for Linux, Unix Servers
• Adult Content Site Exposed Personal Data of 1M Users

Naked Security

• S2 Ep5: Phishing, eavesdropping voice assistants and quick fire questions – Naked Security Podcast
• Facebook delivers ‘clear history’ tool that doesn’t ‘clear’ anything
• Update now! Microsoft patches its Android RDP app to fix flaw
• Massive MoviePass database found exposed on public server
• The Silence hacking crew grows louder

ESET

• First‑of‑its‑kind spyware sneaks into Google Play
• Education and privacy legislation at ChannelCon
• Ransomware wave hits 23 towns in Texas
• Week in security with Tony Anscombe
• AI: Artificial Ignorance

CIS

• Top 10 Malware July 2019 Tue, 20 Aug 2019 12:00:05 +0000
  

  The identified malware variants remain mostly consistent with June 2019, with the exception of the return of Cerber and Brambul activity. Top 10 malware activity accounted for 66% of total malware activity, a 3% increase over June. The proportion of top 10 malware to total malware remains above 60% since April 2019. This indicates a […]

  The post Top 10 Malware July 2019 appeared first on CIS.

Malware Patrol

• Infosec Articles (7/28/19 – 8/10/19)
• MineMeld Configuration Guide

SecList

• Agent 1433: remote attack on Microsoft SQL Server
  One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to workstations through less-than-strong administrator password.

MySonicWall

Critical Infrastructure

• Instituting Security in IoT Networks to Prepare for Massive 5G Rollouts
• Two Teens Jump Fence at Nuclear Reactor Facility
• Stepping Up Security for Transit Riders

• Port of Indiana – Burns Harbor Awarded Funds for Security Services
• Port of Baltimore Receives Federal Grant to Strengthen Security
• Ian Bramson Named Global Head of Cyber Security for ABS

• Dean Stecklair Named 2018 Amtrak Police Department Officer of the Year
• Bay Area Rapid Transit Receives $1.7 Million Federal Grant for Police Patrols
• Senate Bill Would Create a National Supply Chain Security Center

Case Studies

• Safeguarding Security and Loss Prevention at Gap Inc.
• When Physical Intrusions Lead to Digital Breaches
• How Unified Device Management Is Critical to BYOD Enterprises

• Collecting Insights and Metrics with Guard Tour Software
• Florida-based Company Protects Government Buildings with Window Film
• Simplify Connected Campus Security

Tools

• Clam AntiVirus Toolkit 0.101.4
• TOR Virtual Network Tunneling Tool 0.4.1.5
• Haveged 1.9.5 Alpha
• Mandos Encrypted File System Unattended Reboot Utility 1.8.8
• Nmap Port Scanner 7.80

• How to Fix Outlook PST and OST Problem with these Solutions
• Three Key Ways Attack Simulations Can Help Tighten Enterprise Security

Exploits

• KBPublisher 6.0.2.1 SQL Injection
• Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
• Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure
• LibreOffice Macro Python Code Execution
• Webmin 1.920 Remote Root
• CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change
• CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop
• CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration
• WordPress Add Mime Types 2.2.1 Cross Site Request Forgery
• Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass

Last 20 Website Defacements - Zone-h

• http://www3.cmlaranjadaterra.es.gov.br/Arquivo/pwn.htm
• http://www3.camarasantateresa.es.gov.br/Arquivo/pwn.htm
• http://www3.camaramunizfreire.es.gov.br/Arquivo/pwn.htm
• http://www3.pmbsf.es.gov.br/Arquivo/pwn.htm
• http://www3.camaraibiracu.es.gov.br/Arquivo/pwn.htm
• http://newwindsor-ny.gov
• https://www.co.henry.ga.us
• http://smab.kemdikbud.go.id/13.html
• https://ppid.birohukum.riau.go.id/L0z.php
• http://turismo.itumbiara.go.gov.br
• http://www3.cmg.es.gov.br/0.htm
• http://www3.camaraserra.es.gov.br/0.htm
• http://www3.cmmarataizes.es.gov.br/0.htm
• http://camaramuqui.es.gov.br
• http://www3.camaravilapavao.es.gov.br
• http://www3.cmguacui.es.gov.br/0.htm
• http://www3.cmcc.es.gov.br/0.htm
• http://www3.boaesperanca.es.gov.br
• http://camarasaovalentim.rs.gov.br
• http://tempus.unb.br

Press Play to hear the answer!

Advisories

• Red Hat Security Advisory 2019-2543-01 Wed, 21 Aug 2019 19:45:34 GMT
  Red Hat Security Advisory 2019-2543-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
• Red Hat Security Advisory 2019-2542-01 Wed, 21 Aug 2019 19:44:47 GMT
  Red Hat Security Advisory 2019-2542-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
• Red Hat Security Advisory 2019-2545-01 Wed, 21 Aug 2019 19:44:06 GMT
  Red Hat Security Advisory 2019-2545-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
• Red Hat Security Advisory 2019-2544-01 Wed, 21 Aug 2019 19:43:21 GMT
  Red Hat Security Advisory 2019-2544-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
• Ubuntu Security Notice USN-4109-1 Wed, 21 Aug 2019 19:43:14 GMT
  Ubuntu Security Notice 4109-1 - It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJPEG incorrectly handled certain PNM files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
• Red Hat Security Advisory 2019-2541-01 Wed, 21 Aug 2019 19:42:49 GMT
  Red Hat Security Advisory 2019-2541-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
• Ubuntu Security Notice USN-4108-1 Wed, 21 Aug 2019 19:38:23 GMT
  Ubuntu Security Notice 4108-1 - It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
• Red Hat Security Advisory 2019-2538-01 Wed, 21 Aug 2019 19:38:16 GMT
  Red Hat Security Advisory 2019-2538-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a bypass vulnerability.
• Debian Security Advisory 4504-1 Wed, 21 Aug 2019 19:35:50 GMT
  Debian Linux Security Advisory 4504-1 - Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.
• FreeBSD Security Advisory - FreeBSD-SA-19:24.mqueuefs Wed, 21 Aug 2019 19:35:29 GMT
  FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.
• FreeBSD Security Advisory - FreeBSD-SA-19:23.midi Wed, 21 Aug 2019 19:35:17 GMT
  FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.
• FreeBSD Security Advisory - FreeBSD-SA-19:22.mbuf Wed, 21 Aug 2019 19:34:21 GMT
  FreeBSD Security Advisory - Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller. Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS (denial-of-service) attack with certain Ethernet interfaces. At this point it is unknown if any other than the IPv6 code paths can trigger a similar condition.
• Red Hat Security Advisory 2019-2534-01 Wed, 21 Aug 2019 19:34:00 GMT
  Red Hat Security Advisory 2019-2534-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This release of Red Hat 3scale API Management 2.6.0 replaces Red Hat 3scale API Management 2.5.1.
• Ubuntu Security Notice USN-4107-1 Tue, 20 Aug 2019 22:04:25 GMT
  Ubuntu Security Notice 4107-1 - It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.
• Ubuntu Security Notice USN-4106-1 Tue, 20 Aug 2019 22:04:19 GMT
  Ubuntu Security Notice 4106-1 - Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem.
• Ubuntu Security Notice USN-4105-1 Tue, 20 Aug 2019 22:04:14 GMT
  Ubuntu Security Notice 4105-1 - Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server. Various other issues were also addressed.
• Ubuntu Security Notice USN-4104-1 Tue, 20 Aug 2019 22:04:08 GMT
  Ubuntu Security Notice 4104-1 - Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information.
• Ubuntu Security Notice USN-4103-2 Tue, 20 Aug 2019 22:04:02 GMT
  Ubuntu Security Notice 4103-2 - Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4103-1 Tue, 20 Aug 2019 22:03:56 GMT
  Ubuntu Security Notice 4103-1 - Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• MediaWiki OAuth2 Client 0.3 Cross Site Request Forgery Mon, 19 Aug 2019 15:09:50 GMT
  MediaWiki OAuth2 Client version 0.3 suffers from a cross site request forgery vulnerability.
• Ubuntu Security Notice USN-4078-2 Mon, 19 Aug 2019 15:08:21 GMT
  Ubuntu Security Notice 4078-2 - USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. Various other issues were also addressed.
• Ubuntu Security Notice USN-4102-1 Mon, 19 Aug 2019 15:08:16 GMT
  Ubuntu Security Notice 4102-1 - It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4100-1 Mon, 19 Aug 2019 15:08:05 GMT
  Ubuntu Security Notice 4100-1 - It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file.
• Red Hat Security Advisory 2019-2519-01 Mon, 19 Aug 2019 15:07:57 GMT
  Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.
• Debian Security Advisory 4503-1 Mon, 19 Aug 2019 15:07:50 GMT
  Debian Linux Security Advisory 4503-1 - Three vulnerabilities have been discovered in the Go programming language; "net/url" accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.