Security Pop Quiz! q104.mp3

News

Packet Storm Security

• Mozilla Patches Eleven Vulnerabilities In Firefox 71 And ESR 68.3
• Facebook Alleges Company Infiltrated Thousands For Ad Fraud
• New Ransomware Targets Your NAS, Backup Storage
• New Vuln Lets Attackers Sniff Or Hijack VPN Connections
• US Charges Russian Nationals Over Evil Corp Hacking Attacks

Security Affairs

• SEC Xtractor – Experts released an open-source hardware analysis tool
• Security Affairs newsletter Round 243
• US authorities charged Dridex gang members for stealing over $100 Million
• Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks
• Russia-linked Gamaredon group targets Ukraine officials

Looking Glass Cyber

• Secure Your Social Media Presence
• Project Tweetbox: Investigating China’s Cyber Influence Operations
• Monitoring for Compromised Cards on the Deep and Dark Web
• Cyber Threats to the Financial Sector
• FS-ISAC Fall Summit Speaking Engagement

securingtomorrow.mcafee.com

• Cloud Security and Artificial Intelligence in the Financial Sector
• Analysis of LooCipher, a New Ransomware Family Observed This Year
• Here’s What You Need to Know About Your Data Privacy in 2020
• McAfee Labs 2020 Threats Predictions Report
• Endpoint Security 301: When Products, Policies, and People Break Down the Lines of Communication

Quick Heal

• Pegasus like spyware could be snooping on you right now!!
• Quick Heal Supports Windows 10 November 2019 Update
• This Children’s Day, pledge the online security of your kids!
• Think loud! Can the regular delivery boy at your office launch a malware?
• BlueKeep Attacks seen in the wild!

Threat Post

• Email Voted a Weak Link for Election Security, with DMARC Lagging
• Feds Crack Down on Money Mules, Warn of BEC Scams
• News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules
• Linux Bug Opens Most VPNs to Hijacking
• Facebook Alleges Company Infiltrated User Accounts for Ad Fraud

Naked Security

• Mac users targetted by Lazarus ‘fileless’ Trojan
• US parents file class action against TikTok over children’s privacy
• Instagram trying to protect kids by getting dates of birth from new users
• OpenBSD devs patch authentication bypass bug
• S2 Ep19: One of us just prevented a ransomware attack – Naked Security Podcast

ESET

• Week in security with Tony Anscombe
• How to spot if your child is a victim of cyberbullying
• 80% of all Android apps encrypt traffic by default
• Face scanning – privacy concern or identity protection?
• Notorious spy tool taken down in global operation

CIS

• End-of-Support Software Report List Thu, 05 Dec 2019 14:34:45 +0000
  

  The importance of replacing software before its End-of-Support (EOS) is critical. EOS occurs when software updates, patches, and other forms of support are no longer offered, resulting in software becoming prone to future security vulnerabilities. Using unsupported software and firmware/hardware, puts organizations at risk in the following ways: Subsequent vulnerability disclosures place your organization at […]

  The post End-of-Support Software Report List appeared first on CIS.

Malware Patrol

• InfoSec Articles (11/8/19 – 11/22/19)
• InfoSec Articles (10/24/19 – 11/7/19)

SecList

• APT review: what the world’s threat actors got up to in 2019
  What were the most interesting developments in terms of APT activity during the year and what can we learn from them?

MySonicWall

Critical Infrastructure

• Instituting Security in IoT Networks to Prepare for Massive 5G Rollouts
• Two Teens Jump Fence at Nuclear Reactor Facility
• Stepping Up Security for Transit Riders

• Port of Seattle to Replace Air and Sea Travel Documents with Facial Recognition
• Bill Would Improve Border Security Through Enhanced Detection Technology
• New Global Treaty Aims to Tackle Unruly Airline Passengers

• House Transportation and Infrastructure Committee Approves Bills to Improve Transportation Safety
• Study Shows Hours When Security Officers are Most Often Attacked
• The 2019 Security 500 Rankings

Case Studies

• Safeguarding Security and Loss Prevention at Gap Inc.
• When Physical Intrusions Lead to Digital Breaches
• How Unified Device Management Is Critical to BYOD Enterprises

• 3M™ Window Film Adds Time, Increased Protection Against Active Shooters
• Collecting Insights and Metrics with Guard Tour Software
• Florida-based Company Protects Government Buildings with Window Film

Tools

• Wireshark Analyzer 3.0.7
• I2P 0.9.44
• SQLMAP - Automatic SQL Injection Tool 1.3.12
• Packet Fence 9.2.0
• GNU Privacy Guard 2.2.18

• Best 5 Ways to Track an iPhone Remotely
• Antivirus vs VPN: Which is Better at Preventing Hacking Attacks?

Exploits

• OkayCMS 2.3.4 Remote Code Execution
• SiteVision 4.x / 5.x Remote Code Execution
• SiteVision 4.x / 5.x Insufficient Module Access Control
• Yachtcontrol 2019-10-06 Remote Code Execution
• Trend Micro Deep Security Agent 11 Arbitrary File Overwrite
• Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow
• Verot 2.0.3 Remote Code Execution
• Microsoft Skype For Business DNS Query
• Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution
• Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation

Last 20 Website Defacements - Zone-h

• http://mowr.gov.iq
• http://mti.gov.vn
• http://pa-denpasar.go.id
• http://www.pmd.gov.pk/Pwned.html
• http://www.health.gov.mw/o.htm
• http://ambaguio.gov.ph/o.htm
• http://www.smd.gov.pk/index.html
• http://www.bienestardigitalyuc.gob.mx
• http://hrhb.gov.et
• http://www.recyt.mercosur.int/kurd.html
• http://www2.mincyt.gob.ar/kurd.html
• http://provincegitega.gov.bi/kurd.html
• http://www.recyt.mincyt.gov.ar/kurd.html
• http://perhubungan.lomboktengahkab.go.id
• https://mimikakab.go.id
• https://muniorganos.gob.pe/galau.htm
• https://balrada.gov.ua/kurd.html
• https://uob-tdps.gob.bo/zx.htm
• http://comites.igam.mg.gov.br/zxc.htm
• http://www.matd.gov.mg/2012/06/Hacked

Press Play to hear the answer!

Advisories

• Symantec Endpoint Protection Information Disclosure / Privilege Escalation Fri, 06 Dec 2019 16:32:22 GMT
  A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.
• BeeGFS 7.1.3 Privilege Escalation Thu, 05 Dec 2019 21:11:34 GMT
  BeeGFS versions 7.1.3 and below suffer from a privilege escalation vulnerability.
• Red Hat Security Advisory 2019-4111-01 Thu, 05 Dec 2019 21:05:33 GMT
  Red Hat Security Advisory 2019-4111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
• Red Hat Security Advisory 2019-4107-01 Thu, 05 Dec 2019 21:05:24 GMT
  Red Hat Security Advisory 2019-4107-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
• Red Hat Security Advisory 2019-4108-01 Thu, 05 Dec 2019 21:05:15 GMT
  Red Hat Security Advisory 2019-4108-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-4214-1 Thu, 05 Dec 2019 21:04:41 GMT
  Ubuntu Security Notice 4214-1 - It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
• Red Hat Security Advisory 2019-4109-01 Thu, 05 Dec 2019 21:04:35 GMT
  Red Hat Security Advisory 2019-4109-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP55. Issues addressed include deserialization and null pointer vulnerabilities.
• Red Hat Security Advisory 2019-4110-01 Thu, 05 Dec 2019 21:04:21 GMT
  Red Hat Security Advisory 2019-4110-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP55. Issues addressed include deserialization and null pointer vulnerabilities.
• Ubuntu Security Notice USN-4213-1 Wed, 04 Dec 2019 23:13:35 GMT
  Ubuntu Security Notice 4213-1 - Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. Jeriko One discovered that Squid incorrectly handed URN responses. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4212-1 Wed, 04 Dec 2019 23:13:24 GMT
  Ubuntu Security Notice 4212-1 - Tim D
• Red Hat Security Advisory 2019-4082-01 Wed, 04 Dec 2019 23:12:37 GMT
  Red Hat Security Advisory 2019-4082-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory includes ose-cluster-authentication-operator-container, ose-cluster-config-operator-container, and ose-cluster-kube-apiserver-operator-container, which have been updated with the a fix to address a secret disclosure issue.
• Red Hat Security Advisory 2019-4081-01 Wed, 04 Dec 2019 23:11:54 GMT
  Red Hat Security Advisory 2019-4081-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A secret disclosure issue was addressed.
• Slackware Security Advisory - mozilla-firefox Updates Wed, 04 Dec 2019 23:11:46 GMT
  Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
• Ubuntu Security Notice USN-4182-3 Wed, 04 Dec 2019 23:11:39 GMT
  Ubuntu Security Notice 4182-3 - USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. Various other issues were also addressed.
• Ubuntu Security Notice USN-4182-4 Wed, 04 Dec 2019 23:11:33 GMT
  Ubuntu Security Notice 4182-4 - USN-4182-2 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. Various other issues were also addressed.
• Red Hat Security Advisory 2019-4075-01 Wed, 04 Dec 2019 23:10:36 GMT
  Red Hat Security Advisory 2019-4075-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the ose-cluster-kube-apiserver-operator-container and ose-cluster-kube-scheduler-operator-container images for Red Hat OpenShift Container Platform 4.2.9. These images have been rebuilt with an updated version of openshift/library-go to address a data sanitization issue.
• Red Hat Security Advisory 2019-4074-01 Wed, 04 Dec 2019 23:10:28 GMT
  Red Hat Security Advisory 2019-4074-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the runc RPM package for Red Hat OpenShift Container Platform 4.2.9. The runC tool is a lightweight, portable implementation of the Open Container Format that provides a container runtime. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-4194-2 Wed, 04 Dec 2019 23:10:20 GMT
  Ubuntu Security Notice 4194-2 - USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
• Ubuntu Security Notice USN-4207-1 Tue, 03 Dec 2019 18:22:22 GMT
  Ubuntu Security Notice 4207-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
• Ubuntu Security Notice USN-4206-1 Tue, 03 Dec 2019 15:22:22 GMT
  Ubuntu Security Notice 4206-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service.
• Red Hat Security Advisory 2019-4057-01 Tue, 03 Dec 2019 14:44:44 GMT
  Red Hat Security Advisory 2019-4057-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-4210-1 Tue, 03 Dec 2019 14:22:22 GMT
  Ubuntu Security Notice 4210-1 - It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4211-1 Tue, 03 Dec 2019 14:22:22 GMT
  Ubuntu Security Notice 4211-1 - Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
• Red Hat Security Advisory 2019-4056-01 Tue, 03 Dec 2019 13:33:33 GMT
  Red Hat Security Advisory 2019-4056-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Side channel attacks and memory corruption vulnerabilities have been addressed.
• Red Hat Security Advisory 2019-4058-01 Tue, 03 Dec 2019 13:02:22 GMT
  Red Hat Security Advisory 2019-4058-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.