Security Pop Quiz! q417.mp3

News

Packet Storm Security

* Data Leak Makes Peloton's Horrible, No-Good, Really Bad Day Even Worse
* Americans Turn To VPNs To Prevent Online Fraud And Hacking
* Scammer Used Fake Court Order To Take Over Dark Web Drug Market Directory
* Qualys Puts 21 Nails Into Exim Mail Server
* Dell Patches Vulnerable Driver For Over A Decade Of Products

Security Affairs

* UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware
* Cyber Defense Magazine - May 2021 has arrived. Enjoy it!
* Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager
* A massive DDoS knocked offline Belgian government websites
* Most of Exim email servers could be hacked by exploiting 21Nails flaws

Looking Glass Cyber

* Global Strategist H.P. Goldfield Joins LookingGlass Advisory Board
* LookingGlass Hires Norm Laudermilch as First Chief Cyber Officer
* Former DARPA Director Coleman Joins LookingGlass Advisory Board
* Cybersecurity Leader Gus Hunt Joins LookingGlass Advisory Board
* Cybersecurity Expert Melissa Hathaway Joins LookingGlass Advisory Board

securingtomorrow.mcafee.com

* McAfee Proactive Security Proves Effective in Recent MITRE ATT&CK™
* Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
* How to Stop the Popups
* Steps to Discover Hidden Threat from Phishing Email
* World Password Day: Make Passwords the Strongest Link in Your Online Security

Quick Heal

* Alert! Wormable Android malware is spreading through social media applications
* Malicious malware impacting reviews and ratings of application
* Cyber threats against Macs are increasing! Are you prepared?
* The risks of downloading apps from unauthorized app stores
* Zloader: Entailing Different Office Files

Threat Post

* New Crypto-Stealer 'Panda' Spread via Discord
* Anti-Spam WordPress Plugin Could Expose Website User Data
* Raft of Exim Security Holes Allow Linux Mail Server Takeovers
* Peloton's Leaky API Spilled Riders' Private Data
* Feds Shut Down Fake COVID-19 Vaccine Phishing Website

Naked Security

* Dell fixes exploitable holes in its own firmware update driver - patch now!
* Apple products hit by fourfecta of zero-day exploits - patch now!
* Naked Security Live - Beware 'Flubot': the home delivery scam with a difference
* PHP community sidesteps its third supply chain attack in three years
* S3 Ep30: AirDrop worries, Linux pests and ransomware truths [Podcast]

ESET

* Ousaban: Private photo collection hidden in a CABinet
* Microsoft will soon remove Flash Player from Windows 10 devices
* INTERPOL aims to deal a blow to digital piracy
* Week in security with Tony Anscombe
* FBI teams up with 'Have I Been Pwned' to alert Emotet victims

CIS

• CIS Controls v8 at (Virtual) RSA Conference 2021! Tue, 04 May 2021 20:13:57 +0000
  

  The Center for Internet Security (CIS) is excited to be part of RSA Conference 2021 – the world’s leading information security conference and exposition. In fact, we’ll be launching CIS Controls Version 8 during the conference, and there are many opportunities to learn more about the updates. Due to the ongoing pandemic, this year’s RSA […]

  The post CIS Controls v8 at (Virtual) RSA Conference 2021! appeared first on CIS.

Malware Patrol

* InfoSec Articles (04/12/21 - 04/26/21)
* InfoSec Articles (03/29/21 - 04/12/21)

SecList

• Spam and phishing in Q1 2021
  In terms of spam and phishing, in Q1 2021, we largely saw a continuation of the 2020 trends: exploitation of COVID-19 theme, hunting corporate account credentials and spoofing of online store websites.

MySonicWall

Critical Infrastructure

* Iceland's financial services backbone overhauls security infrastructure
* The threat landscape for the water industry
* The inside threat posed by the transition of power

* Seattle-Tacoma International Airport tests reservation tech for TSA
* Port of Oakland upgrades critical operations management with video wall
* The inside threat posed by the transition of power

* California Transportation Agency to deploy mobile video surveillance for entire bus fleet
* Baltic beverage manufacturer deploys security upgrades to protect employees and assets
* The inside threat posed by the transition of power

Case Studies

* Notorious cybersecurity attacks in history and how to prevent them
* Disinformation: Companies in the crosshairs
* A first-hand account of ransomware: To pay or not to pay

* Port of Oakland upgrades critical operations management with video wall
* California Transportation Agency to deploy mobile video surveillance for entire bus fleet
* Iceland's financial services backbone overhauls security infrastructure

Tools

* jSQL Injection 0.85
* OpenDNSSEC 2.1.9
* OATH Toolkit 2.6.7
* SQLMAP - Automatic SQL Injection Tool 1.5.5
* GRAudit Grep Auditing Tool 3.0

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* Xmind 2020 Cross Site Scripting / Code Execution
* Tagstoo 2.0.1 Cross Site Scripting / Code Execution
* Marky 0.0.1 Cross Site Scripting / Code Execution
* StudyMD 0.3.2 Cross Site Scripting / Code Execution
* SnipCommand 0.1.0 Cross Site Scripting / Code Execution
* Moeditor 0.2.0 Cross Site Scripting / Code Execution
* Markdownify 1.2.0 Cross Site Scripting / Code Execution
* Freeter 1.2.1 Cross Site Scripting / Code Execution
* Markdown-Explorer 0.1.1 Cross Site Scripting / Code Execution
* Markright 1.0 Cross Site Scripting / Code Execution

Last 20 Website Defacements - Zone-h

* http://saae.boaesperanca.mg.gov.br/Team_Ti74N5.php
* https://cabanatuancity.gov.ph/very-un-secured-website.txt
* http://www.sylhetbetar.gov.bd
* https://pa-pangkalpinang.go.id/images/krz.txt
* http://www3.ibatiba.es.gov.br/arquivo/
* http://www3.prodnorte.es.gov.br/arquivo/
* http://www3.laranjadaterra.es.gov.br/arquivo/
* http://www3.camarasooretama.es.gov.br/arquivo/
* http://legislacao.camarairupi.es.gov.br/arquivo/
* http://camarasempapel.cmsandre.sp.gov.br/arquivo/
* http://www.pahuatlan.gob.mx/images/vuln.txt
* https://seer.ufs.br/public/site/images/ksa/Ksa.gif
* http://jurnal.lapan.go.id/public/site/images/ksa/Ksa.gif
* http://ejournal-balitbang.kkp.go.id/public/site/images/ksa/Ksa.gif
* https://periodicos.unifesp.br/public/site/images/ksa/Ksa.gif
* https://revistafitos.far.fiocruz.br/public/site/images/ksa/ksa.gif
* https://www.revistageminis.ufscar.br/public/site/images/ksa/Ksa.gif
* http://www.ensaiospedagogicos.ufscar.br/public/site/images/ksa/Ksa.gif
* https://periodicos.ufba.br/public/site/images/ksa/Ksa.gif
* http://vipro.marica.rj.gov.br

Press Play to hear the answer!

Advisories

• Red Hat Security Advisory 2021-1509-01 Thu, 06 May 2021 01:15:36 GMT
  Red Hat Security Advisory 2021-1509-01 - Jetty is a 100% Java HTTP Server and Servlet Container. Issues addressed include a resource exhaustion vulnerability.
• Red Hat Security Advisory 2021-1429-01 Thu, 06 May 2021 01:15:29 GMT
  Red Hat Security Advisory 2021-1429-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an XML injection vulnerability.
• Red Hat Security Advisory 2021-1499-01 Thu, 06 May 2021 01:15:18 GMT
  Red Hat Security Advisory 2021-1499-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include code execution and denial of service vulnerabilities.
• Red Hat Security Advisory 2021-1366-01 Thu, 06 May 2021 01:14:39 GMT
  Red Hat Security Advisory 2021-1366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.9. Issues addressed include a denial of service vulnerability.
• Gentoo Linux Security Advisory 202105-01 Thu, 06 May 2021 01:14:30 GMT
  Gentoo Linux Security Advisory 202105-1 - Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.94.2 are affected.
• Ubuntu Security Notice USN-4935-1 Tue, 04 May 2021 19:16:18 GMT
  Ubuntu Security Notice 4935-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed access control. A local attacker could use this issue to cause a denial of service, expose sensitive information, or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed reference counting. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.
• Apple Security Advisory 2021-05-03-3 Tue, 04 May 2021 19:16:10 GMT
  Apple Security Advisory 2021-05-03-3 - watchOS 7.4.1 addresses a code execution vulnerability.
• Apple Security Advisory 2021-05-03-4 Tue, 04 May 2021 16:23:57 GMT
  Apple Security Advisory 2021-05-03-4 - macOS Big Sur 11.3.1 addresses code execution and integer overflow vulnerabilities.
• Apple Security Advisory 2021-05-03-1 Tue, 04 May 2021 16:23:46 GMT
  Apple Security Advisory 2021-05-03-1 - iOS 14.5.1 and iPadOS 14.5.1 addresses code execution and integer overflow vulnerabilities.
• Apple Security Advisory 2021-05-03-2 Tue, 04 May 2021 16:23:31 GMT
  Apple Security Advisory 2021-05-03-2 - iOS 12.5.3 addresses buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-4934-1 Tue, 04 May 2021 16:23:23 GMT
  Ubuntu Security Notice 4934-1 - It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges.
• Ubuntu Security Notice USN-4932-1 Tue, 04 May 2021 16:23:12 GMT
  Ubuntu Security Notice 4932-1 - It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.
• Ubuntu Security Notice USN-4933-1 Tue, 04 May 2021 16:21:27 GMT
  Ubuntu Security Notice 4933-1 - It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that OpenVPN incorrectly handled deferred authentication. When a server is configured to use deferred authentication, a remote attacker could possibly use this issue to bypass authentication and access control channel data. Various other issues were also addressed.
• Ubuntu Security Notice USN-4918-3 Tue, 04 May 2021 16:21:20 GMT
  Ubuntu Security Notice 4918-3 - USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4931-1 Tue, 04 May 2021 16:21:11 GMT
  Ubuntu Security Notice 4931-1 - Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. Various other issues were also addressed.
• Kernel Live Patch Security Notice LSN-0076-1 Mon, 03 May 2021 20:47:52 GMT
  It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
• Red Hat Security Advisory 2021-1478-01 Mon, 03 May 2021 20:26:27 GMT
  Red Hat Security Advisory 2021-1478-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
• Red Hat Security Advisory 2021-1477-01 Mon, 03 May 2021 20:26:19 GMT
  Red Hat Security Advisory 2021-1477-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
• Red Hat Security Advisory 2021-1479-01 Mon, 03 May 2021 20:26:11 GMT
  Red Hat Security Advisory 2021-1479-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
• Red Hat Security Advisory 2021-1475-01 Mon, 03 May 2021 20:26:04 GMT
  Red Hat Security Advisory 2021-1475-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
• Red Hat Security Advisory 2021-1476-01 Mon, 03 May 2021 20:25:55 GMT
  Red Hat Security Advisory 2021-1476-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
• Gentoo Linux Security Advisory 202104-10 Mon, 03 May 2021 20:25:46 GMT
  Gentoo Linux Security Advisory 202104-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 88.0 are affected.
• Gentoo Linux Security Advisory 202104-09 Mon, 03 May 2021 20:25:39 GMT
  Gentoo Linux Security Advisory 202104-9 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.10.0 are affected.
• Gentoo Linux Security Advisory 202104-08 Mon, 03 May 2021 20:25:29 GMT
  Gentoo Linux Security Advisory 202104-8 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 90.0.4430.93 are affected.
• Gentoo Linux Security Advisory 202104-07 Mon, 03 May 2021 20:25:20 GMT
  Gentoo Linux Security Advisory 202104-7 - A vulnerability in ClamAV could lead to a Denial of Service condition. Versions less than 0.103.2 are affected.