Security Pop Quiz! q486.mp3

News

Packet Storm Security

* Black Hat 2020: Using Botnets To Manipulate Energy Markets For Big Profits
* Ex-NSA Hacker Finds A Way To Hack Mac Users Via Microsoft Office
* Twitter Hack: Hearing Zoombombed With Porn
* Arrested Pen Testers Push For Good Samaritan Law
* FBI Issues Warning Over Windows 7 End Of Life

Security Affairs

* Intel investigates security breach after the leak of 20GB of internal documents
* Google Threat Analysis Group took down ten influence operations in Q2 2020
* Netwalker ransomware operators claim to have stolen data from Forsee Power
* FBI is warning of cyber attacks against Windows 7 systems that reached end-of-life
* Hackers can abuse Microsoft Teams updater to deliver malicious payloads

Looking Glass Cyber

* Need a (SMB)Ghost Buster?
* Making Cybersecurity Policy Work for You: Tunable security mitigation at attack speed
* Elevating Security Orchestration with CACAO
* LookingGlass Cyber Solutions Announces Plans to Relaunch the Cyveillance Brand
* Social Engineering - Ever Present, Often Overlooked

securingtomorrow.mcafee.com

Quick Heal

* Quick Heal Total Security certified as Top Product by AV-TEST
* Do antivirus software impact gaming performance?
* Why is smartphone security so important?
* Is your router exposed to cyber threats? Here's how to safeguard it
* Are you being tracked by websites you visit?

Threat Post

* Hackers Dump 20GB of Intel's Confidential Data Online
* Augmenting AWS Security Controls
* Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem
* Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
* Canon Admits Ransomware Attack in Employee Note, Report

Naked Security

* Business Email Compromise - fighting back with machine learning
* Porn blast disrupts bail hearing of alleged Twitter hacker
* GandCrab ransomware hacker arrested in Belarus
* Monday review - our recent stories revisited
* Twitter hack - three suspects charged in the US

ESET

* Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
* Blackbaud data breach: What you should know
* NSA shares advice on how to limit location tracking
* FBI warns of surge in online shopping scams
* How much is your personal data worth on the dark web?

CIS

• Why TikTok is the Latest Security Threat Thu, 06 Aug 2020 14:30:48 +0000
  

  TikTok is a widely-popular social media platform owned by the Chinese technology company ByteDance. Though its stated intention is to share short dance and lip-sync videos, it has become a substantial player in the targeted advertising business in recent years. TikTok and Data Collection TikTok gained an edge through its ability to collect sensitive data […]

  The post Why TikTok is the Latest Security Threat appeared first on CIS.

Malware Patrol

* InfoSec Articles (07/20/20 - 08/03/20)
* InfoSec Articles (07/05/20 - 07/19/20)

SecList

• Spam and phishing in Q2 2020
  In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points from the previous reporting period.

MySonicWall

Critical Infrastructure

* US Senate passes bill to extend CFATS
* PG&E offers personalized emergency plan tool for customers
* Protecting Industrial IoT devices

* Port of Baltimore receives Federal security funding
* Good Security News from Guerrilla Mask Movement
* Passengers can now text cleaning and safety questions directly to United Airlines

* MBTA names Ronald Ester Chief Safety Officer
* Amtrak promotes new technology, safety measures
* AI-enabled customer interactions more than double since 2018

Case Studies

* EL AL Airlines: Integrating Security into CI/CD with Seeker IAST from Synopsys
* Cybersecurity at Val Verde ISD
* Safeguarding Security and Loss Prevention at Gap Inc.

* Texas Window Film Company Working to Provide More Emergency Response Times in Schools
* 3M™ Window Film Adds Time, Increased Protection Against Active Shooters
* Collecting Insights and Metrics with Guard Tour Software

Tools

* SQLMAP - Automatic SQL Injection Tool 1.4.8
* Sifter 9.2
* Sifter 9.1
* Samhain File Integrity Checker 4.4.2
* Sifter 9.01

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* Docker Privileged Container Escape
* Victor CMS 1.0 SQL Injection
* Online Shopping Alphaware 1.0 Unauthorized Administrative Access
* Online Shopping Alphaware 1.0 Arbitrary File Upload
* Online Shopping Alphaware 1.0 Cross Site Request Forgery
* Daily Expenses Management System 1.0 SQL Injection
* Daily Expenses Management System 1.0 Cross SIte Request Forgery
* Daily Expenses Management System 1.0 Cross Site Scripting
* Curfew e-Pass Management System 1.0 SQL Injection
* QlikView 12.50.20000.0 Denial Of Service

Last 20 Website Defacements - Zone-h

* https://www.mos.gov.rs/xaad.html
* http://www.youth.gov.mw/z3ran.txt
* http://ubmttqvn.quangnam.gov.vn//QTIUpload/ma.css
* http://tammydong.nuithanh.gov.vn/QTIUpload/ma.css
* http://qoffice.thanhtra.quangnam.gov.vn/QTIUpload/ma.css
* http://dulich.tienphuoc.quangnam.gov.vn/QTIUpload/ma.css
* http://hscv.vpubnd.quangnam.gov.vn/QTIUpload/ma.css
* http://www.vpubnd.quangnam.gov.vn/QTIUpload/ma.css
* http://congan.quangnam.gov.vn/QTIUpload/ma.css
* http://qoffice.bandantoc.quangnam.gov.vn/QTIUpload/ma.css
* http://tienloc.tienphuoc.quangnam.gov.vn/QTIUpload/ma.css
* http://ntrt.nuithanh.quangnam.gov.vn/QTIUpload/ma.css
* http://ttnuithanh.nuithanh.gov.vn/QTIUpload/ma.css
* http://covid-19.kontum.gov.vn/QTIUpload/ma.css
* http://vava.quangnam.gov.vn/QTIUpload/ma.css
* http://cda.gov.pk
* https://dra.gov.pk
* http://www.sacgb.gov.pk
* http://www.pnac.gov.pk
* http://www.ioekp.gov.pk

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-4451-2 Thu, 06 Aug 2020 17:07:08 GMT
  Ubuntu Security Notice 4451-2 - USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Various other issues were also addressed.
• Red Hat Security Advisory 2020-3358-01 Thu, 06 Aug 2020 17:07:01 GMT
  Red Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
• Red Hat Security Advisory 2020-3345-01 Thu, 06 Aug 2020 17:06:54 GMT
  Red Hat Security Advisory 2020-3345-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-3344-01 Thu, 06 Aug 2020 17:06:47 GMT
  Red Hat Security Advisory 2020-3344-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-3341-01 Thu, 06 Aug 2020 17:06:39 GMT
  Red Hat Security Advisory 2020-3341-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-3342-01 Thu, 06 Aug 2020 17:06:31 GMT
  Red Hat Security Advisory 2020-3342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-3343-01 Thu, 06 Aug 2020 17:06:24 GMT
  Red Hat Security Advisory 2020-3343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
• Ubuntu Security Notice USN-4453-1 Thu, 06 Aug 2020 17:06:16 GMT
  Ubuntu Security Notice 4453-1 - Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals method. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
• Red Hat Security Advisory 2020-3328-01 Wed, 05 Aug 2020 15:24:34 GMT
  Red Hat Security Advisory 2020-3328-01 - Red Hat Ansible Tower 3.7.2-1 has addressed for security issues.
• Red Hat Security Advisory 2020-3329-01 Wed, 05 Aug 2020 15:22:32 GMT
  Red Hat Security Advisory 2020-3329-01 - Red Hat Ansible Tower has had multiple bug fixes addressed including a security issue.
• Ubuntu Security Notice USN-4441-2 Wed, 05 Aug 2020 15:21:26 GMT
  Ubuntu Security Notice 4441-2 - USN-4441-1 fixed vulnerabilities in MySQL. The new upstream version changed compiler options and caused a regression in certain scenarios. This update fixes the problem. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
• Red Hat Security Advisory 2020-3184-01 Wed, 05 Aug 2020 15:21:19 GMT
  Red Hat Security Advisory 2020-3184-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Red Hat Security Advisory 2020-3183-01 Wed, 05 Aug 2020 15:21:11 GMT
  Red Hat Security Advisory 2020-3183-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Ubuntu Security Notice USN-4432-2 Wed, 05 Aug 2020 15:21:04 GMT
  Ubuntu Security Notice 4432-2 - USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems , preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. Various other issues were also addressed.
• Ubuntu Security Notice USN-4452-1 Wed, 05 Aug 2020 15:20:55 GMT
  Ubuntu Security Notice 4452-1 - Trent Shea discovered that the libvirt package set incorrect permissions on the UNIX domain socket. A local attacker could use this issue to access libvirt and escalate privileges.
• Ubuntu Security Notice USN-4450-1 Wed, 05 Aug 2020 15:20:41 GMT
  Ubuntu Security Notice 4450-1 - Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4451-1 Wed, 05 Aug 2020 15:19:37 GMT
  Ubuntu Security Notice 4451-1 - Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code.
• Ubuntu Security Notice USN-4448-1 Wed, 05 Aug 2020 15:19:31 GMT
  Ubuntu Security Notice 4448-1 - It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Request Smuggling. Various other issues were also addressed.
• Ubuntu Security Notice USN-4449-1 Wed, 05 Aug 2020 15:19:24 GMT
  Ubuntu Security Notice 4449-1 - Ryota Shiga discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. Ryota Shiga discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4447-1 Wed, 05 Aug 2020 15:19:18 GMT
  Ubuntu Security Notice 4447-1 - It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.
• Red Hat Security Advisory 2020-3247-01 Tue, 04 Aug 2020 14:26:33 GMT
  Red Hat Security Advisory 2020-3247-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. Issues addressed include code execution and cross site scripting vulnerabilities.
• Red Hat Security Advisory 2020-3308-01 Tue, 04 Aug 2020 14:26:05 GMT
  Red Hat Security Advisory 2020-3308-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2020-3306-01 Tue, 04 Aug 2020 14:25:59 GMT
  Red Hat Security Advisory 2020-3306-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2020-3305-01 Tue, 04 Aug 2020 14:25:52 GMT
  Red Hat Security Advisory 2020-3305-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
• Red Hat Security Advisory 2020-3303-01 Tue, 04 Aug 2020 14:25:46 GMT
  Red Hat Security Advisory 2020-3303-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.