Security Pop Quiz! q66.mp3

News

Packet Storm Security

* Insurers Defend Covering Ransomware Payments
* 23 Million Gamer Records Exposed In VIPGames Leak
* Apple Patches Three Actively Exploited Zero Days
* Emotet Botnet Disrupted By International Police Operation
* Former LulzSec Hacker Releases SonicWall VPN Zero-Day

Security Affairs

* Law enforcement announced global action against NetWalker Ransomware
* Emotet Botnet dismantled in a joint international operation
* Pwn2Own 2021, more than $1,500,000 in cash and prizes for contestants
* Maritime port cybersecurity
* Apple addresses three iOS zero-day flaws exploited in the wild

Looking Glass Cyber

* How A Federal Law Enforcement Agency Tackles Cyber Attribution
* Concern mounts over government cyber agency's struggle to respond to hack fallout
* How Can the U.S. Rebuild After Shocking Series of Cyber Breaches
* SolarWinds hack: What we must do to avoid the next attack
* Washington's Cyber Reckoning

securingtomorrow.mcafee.com

Quick Heal

* Stay Alert, Joker still making its way on Google Play Store!
* Cyberattackers breaking in through COVID-19 vaccination data
* What does WhatsApp's new privacy policy mean for you?
* You might get hacked before getting vaccinated
* E-wallets are becoming prominent targets for cyberattacks!

Threat Post

* TeamTNT Cloaks Malware With Open-Source Tool
* NetWalker Ransomware Suspect Charged: Tor Site Seized
* Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
* Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
* ADT Security Camera Flaws Open Homes to Eavesdropping

Naked Security

* Apple critical patches fix in-the-wild iPhone exploits - update now!
* Ghost hack - criminals use deceased employee's account to wreak havoc
* Ready to take the red pill? Catch up with Keren Elazari at Sophos Evolve
* Naked Security Live - Don't let digital jokes turn into digital disasters
* US administration adds "subliminal" ad to White House website

ESET

* Wormable Android malware spreads via WhatsApp messages
* Week in security with Tony Anscombe
* Why do we fall for SMS phishing scams so easily?
* Vadokrist: A wolf in sheep's clothing
* DNSpooq bugs expose millions of devices to DNS cache poisoning

CIS

• 20 Years of Creating Confidence in the Connected World Fri, 15 Jan 2021 21:59:08 +0000
  

  The Center for Internet Security (CIS) recently celebrated its 20th year of creating confidence in the connected world. In preparation for our 20th anniversary, I reached out to the people who founded CIS, some of its first employees, and a handful of the very first volunteers. This outreach was a lot of fun as it […]

  The post 20 Years of Creating Confidence in the Connected World appeared first on CIS.

Malware Patrol

* InfoSec Articles (01/01/21 - 01/15/21)
* InfoSec Articles (12/17/20 - 12/31/20)

SecList

• Sunburst backdoor – code overlaps with Kazuar
  While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

MySonicWall

Critical Infrastructure

* Protecting critical infrastructure and distributed organizations in an era of chronic cybersecurity r
* Extremism in the United States in 2021: What's out there and where are the risks?
* Six steps to control a rogue drone incident

* Orlando International Airport deploys crowd analytics solution to help amid COVID-19
* The risk landscape over the next five years: key trends
* Step-by-step strategy for the CISO

* Reliable asset tracking: The importance of IoT, battery life and location accuracy
* Why cybercriminals target manufacturers - and what to do about it
* San Diego MTA hires Al Stiehler as Director of Transit Security and Passenger Safety

Case Studies

* Notorious cybersecurity attacks in history and how to prevent them
* Disinformation: Companies in the crosshairs
* A first-hand account of ransomware: To pay or not to pay

* Orlando International Airport deploys crowd analytics solution to help amid COVID-19
* Hilton Surfer's Paradise Hotel & Residences implements smart door locks with mobile access
* Kankakee and North Chicago in Illinois deploy gunshot detection solution for patrol

Tools

* AIDE 0.17
* Logwatch 7.5.5
* OATH Toolkit 2.6.6
* Falco 0.27.0
* OpenStego Free Steganography Solution 0.8.0

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* Sudo Heap-Based Buffer Overflow
* STVS ProVision 5.9.10 Cross Site Request Forgery
* STVS ProVision 5.9.10 Cross Site Scripting
* STVS ProVision 5.9.10 File Disclosure
* Revive Adserver 5.1.0 Cross Site Scripting
* Constructor.Win32.SpyNet.a Remote Password Leak
* Backdoor.Win32.Wollf.14 Missing Authentication
* Backdoor.Win32.DarkKomet.apbb Insecure Permissions
* Openlitespeed Web Server 1.7.8 Command Injection
* Oracle WebLogic Server 12.2.1.0 Remote Code Execution

Last 20 Website Defacements - Zone-h

* http://phuong8quan8.gov.vn/galau.html
* https://nakoonyai.go.th/indonesia.htm
* http://www.reo11.go.th/indonesia.htm
* http://www.sirinhospital.go.th/indonesia.htm
* http://www.cmc.sc.gov.br
* http://rca.gov.om/ma.txt
* http://disdikpora.penajamkab.go.id/xixi.txt
* https://tosk.gov.mn/code.html
* https://korpri.pringsewukab.go.id
* http://rapemda.pringsewukab.go.id
* http://inspektorat.pringsewukab.go.id
* http://bpkad.pringsewukab.go.id
* https://dishub.pringsewukab.go.id
* http://disdukcapil.pringsewukab.go.id
* http://rsud.pringsewukab.go.id/root.php
* https://kesbangpol.pringsewukab.go.id
* https://dinkes.pringsewukab.go.id
* https://diskominfo.pringsewukab.go.id
* https://pringsewukab.go.id
* http://www.chaisatarn.go.th/Vz.txt

Press Play to hear the answer!

Advisories

• Gentoo Linux Security Advisory 202101-33 Wed, 27 Jan 2021 14:13:14 GMT
  Gentoo Linux Security Advisory 202101-33 - Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Versions less than 1.9.5_p2 are affected.
• Gentoo Linux Security Advisory 202101-32 Wed, 27 Jan 2021 14:12:38 GMT
  Gentoo Linux Security Advisory 202101-32 - A weakness was discovered in Mutt and NeoMutt's TLS handshake handling. Versions less than 2.0.2 are affected.
• Gentoo Linux Security Advisory 202101-31 Wed, 27 Jan 2021 14:12:31 GMT
  Gentoo Linux Security Advisory 202101-31 - A vulnerability in Cacti could lead to remote code execution. Versions less than 1.2.16-r1 are affected.
• Apple Security Advisory 2021-01-26-4 Wed, 27 Jan 2021 14:11:19 GMT
  Apple Security Advisory 2021-01-26-4 - Xcode 12.4 addresses a path handling issue.
• Apple Security Advisory 2021-01-26-3 Wed, 27 Jan 2021 14:09:51 GMT
  Apple Security Advisory 2021-01-26-3 - watchOS 7.3 addresses a race condition vulnerability.
• Apple Security Advisory 2021-01-26-2 Wed, 27 Jan 2021 14:08:57 GMT
  Apple Security Advisory 2021-01-26-2 - tvOS 14.4 addresses a race condition vulnerability.
• Apple Security Advisory 2021-01-26-1 Wed, 27 Jan 2021 14:07:26 GMT
  Apple Security Advisory 2021-01-26-1 - iOS 14.4 and iPadOS 14.4 address race condition and arbitrary code execution vulnerabilities.
• Red Hat Security Advisory 2021-0223-01 Wed, 27 Jan 2021 14:07:05 GMT
  Red Hat Security Advisory 2021-0223-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0222-01 Wed, 27 Jan 2021 14:06:54 GMT
  Red Hat Security Advisory 2021-0222-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0221-01 Wed, 27 Jan 2021 14:06:46 GMT
  Red Hat Security Advisory 2021-0221-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0224-01 Wed, 27 Jan 2021 14:06:37 GMT
  Red Hat Security Advisory 2021-0224-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0227-01 Wed, 27 Jan 2021 14:06:28 GMT
  Red Hat Security Advisory 2021-0227-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0219-01 Wed, 27 Jan 2021 14:06:20 GMT
  Red Hat Security Advisory 2021-0219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0225-01 Wed, 27 Jan 2021 14:06:12 GMT
  Red Hat Security Advisory 2021-0225-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0218-01 Wed, 27 Jan 2021 14:06:02 GMT
  Red Hat Security Advisory 2021-0218-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0220-01 Wed, 27 Jan 2021 14:05:54 GMT
  Red Hat Security Advisory 2021-0220-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-0226-01 Wed, 27 Jan 2021 14:05:42 GMT
  Red Hat Security Advisory 2021-0226-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
• Ubuntu Security Notice USN-4705-1 Wed, 27 Jan 2021 14:05:32 GMT
  Ubuntu Security Notice 4705-1 - It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. Various other issues were also addressed.
• Ubuntu Security Notice USN-4704-1 Wed, 27 Jan 2021 14:05:24 GMT
  Ubuntu Security Notice 4704-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. Various other issues were also addressed.
• Red Hat Security Advisory 2021-0258-01 Tue, 26 Jan 2021 14:27:47 GMT
  Red Hat Security Advisory 2021-0258-01 - The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. Issues addressed include an out of bounds write vulnerability.
• Gentoo Linux Security Advisory 202101-30 Tue, 26 Jan 2021 14:27:32 GMT
  Gentoo Linux Security Advisory 202101-30 - Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code. Versions less than 5.15.2 are affected.
• Gentoo Linux Security Advisory 202101-29 Tue, 26 Jan 2021 14:26:16 GMT
  Gentoo Linux Security Advisory 202101-29 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which could result in the arbitrary execution of code. Versions less than *:1 and 2.4.0:2 are affected.
• Red Hat Security Advisory 2021-0266-01 Tue, 26 Jan 2021 14:25:46 GMT
  Red Hat Security Advisory 2021-0266-01 - The gnome-settings-daemon packages contain a daemon to share settings from GNOME to other applications. It also handles global key bindings, as well as a number of desktop-wide settings.
• Red Hat Security Advisory 2021-0257-01 Tue, 26 Jan 2021 14:23:13 GMT
  Red Hat Security Advisory 2021-0257-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser.
• Gentoo Linux Security Advisory 202101-28 Tue, 26 Jan 2021 14:22:53 GMT
  Gentoo Linux Security Advisory 202101-28 - Multiple vulnerabilities have been found in ncurses, the worst of which could result in a Denial of Service condition. Versions less than 6.2 are affected.