Security Pop Quiz! q443.mp3

News

Packet Storm Security

• Amnesty Slams Facebook, Google Over Business Models
• New Roboto Botnet Emerges Targeting Linux Servers Running Webmin
• Popular Apps On Google Play Store Remain Unpatched
• Anonymous Hacker Gets 6 Years For Some Lame DDoS Attacks
• Official Monero Website Hacked, Delivers Backdoored Software

Security Affairs

• Payment solutions giant Edenred announces malware infection
• Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison
• T-Mobile discloses data breach affecting prepaid wireless customers
• AccorHotels subsidiary Gekko Group exposes hotels and travelers data in massive data leak
• ENISA publishes a Threat Landscape for 5G Networks

Looking Glass Cyber

• Monitoring for Compromised Cards on the Deep and Dark Web
• Cyber Threats to the Financial Sector
• FS-ISAC Fall Summit Speaking Engagement
• The Power of Intelligence-Driven Deception Networks
• Threat Brief: Cyber Threats to the Energy Sector

securingtomorrow.mcafee.com

• Threat Hunting or Efficiency: Pick Your EDR Path?
• It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Black Friday & Cyber Monday Purchases
• Sadfishing, Deepfakes & TikTok: Headlines You May Have Missed
• Spanish MSSP Targeted by BitPaymer Ransomware
• Veterans Day U.S. – A McAfee MoM’s Reflection

Quick Heal

• Pegasus like spyware could be snooping on you right now!!
• Quick Heal Supports Windows 10 November 2019 Update
• This Children’s Day, pledge the online security of your kids!
• Think loud! Can the regular delivery boy at your office launch a malware?
• BlueKeep Attacks seen in the wild!

Threat Post

• Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways
• News Wrap: Amazon Ring Risks, Stalkerware, and D-Link Router Flaws
• Google Will Award $1M-Plus to People Who Can Hack Titan M Security Chip
• Senators Demand Amazon Disclose Ring Privacy Policies
• Microsoft Outlook for Android Bug Opens Door to XSS

Naked Security

• Google plans to take Android back to ‘mainline’ Linux kernel
• Iran’s APT33 sharpens focus on industrial control systems
• Why do cryptocoin scams work, and how to avoid them?
• Convicted Nigerian fraudster keeps a-fraudin’ from behind bars
• DNS-over-HTTPS is coming to Windows 10

ESET

• Should cybersecurity be taught in schools?
• Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
• What does it take to attract top cybersecurity talent?
• Mispadu: Advertisement for a discounted Unhappy Meal
• Disney+ accounts hacked – How to protect yourself

CIS

• CIS is a Recipient of the 2019 Founders Award for National Cyber Defense Leadership Thu, 21 Nov 2019 13:38:43 +0000
  

  By Tony Sager, Senior Vice President and Chief Evangelist I recently returned from Minnesota’s CyberSecurity Summit, where I had the honor of representing CIS and accepting the “Founders Award for National Cyber Defense Leadership” – the first-ever organizational award presented at Minnesota’s annual event. This award, in large part, recognized the added value CIS has […]

  The post CIS is a Recipient of the 2019 Founders Award for National Cyber Defense Leadership appeared first on CIS.

Malware Patrol

• InfoSec Articles (10/24/19 – 11/07/19)
• Infosec Articles (10/9/19 – 10/23/19)

SecList

• 5G security and privacy for smart cities
  The security concerns of 5G are inescapable. It is an evolving and developing technology built on top of the previous infrastructure, from which it will inevitably inherit vulnerabilities and misconfigurations.

MySonicWall

Critical Infrastructure

• Instituting Security in IoT Networks to Prepare for Massive 5G Rollouts
• Two Teens Jump Fence at Nuclear Reactor Facility
• Stepping Up Security for Transit Riders

• Study Unveils 2020 Travel Risks & Country Medical/Safety Ratings
• Josh Ball: Prioritizing Partnerships
• Global Health Security Index Finds Gaps in Preparedness for Epidemics and Pandemics

• Study Shows Hours When Security Officers are Most Often Attacked
• The 2019 Security 500 Rankings
• Global Health Security Index Finds Gaps in Preparedness for Epidemics and Pandemics

Case Studies

• Safeguarding Security and Loss Prevention at Gap Inc.
• When Physical Intrusions Lead to Digital Breaches
• How Unified Device Management Is Critical to BYOD Enterprises

• Collecting Insights and Metrics with Guard Tour Software
• Florida-based Company Protects Government Buildings with Window Film
• Simplify Connected Campus Security

Tools

• Clam AntiVirus Toolkit 0.102.1
• Bing.com Hostname / IP Enumerator 1.0
• cryptmount Filesystem Manager 5.3.2
• XSSer Penetration Testing Tool 1.8-2
• Faraday 3.9.3

• Even Small Business Need Penetration Testing - Here’s Why
• Are there blind spots in your data compliance strategy?

Exploits

• Microsoft Internet Explorer Use-After-Free
• macOS update_dyld_shared_cache Privilege Escalation
• Network Management Card 6.2.0 Host Header Injection
• Pagekit CMS 1.0.17 Cross Site Request Forgery
• GNU Mailutils 3.7 Privilege Escalation
• TestLink 1.9.19 Cross Site Scripting
• ipPulse 1.92 Denial Of Service
• OpenNetAdmin 18.1.1 Remote Code Execution
• Windows Escalate UAC Protection Bypass Via Dot Net Profiler
• scadaApp For iOS 1.1.4.0 Denial Of Service

Last 20 Website Defacements - Zone-h

• http://bpks.go.id/index.php
• http://sipp.pa-majene.go.id/-_-.html
• http://updates.sipp.pa-majene.go.id/-_-.html
• http://volozhin.gov.by/images/fuck.txt
• http://pn-bitung.go.id/images/fuck.txt
• http://gastronomia.nutricao.ufrj.br/images/fuck.txt
• http://huehuetla.hidalgo.gob.mx/images/fuck.txt
• http://abangares.go.cr/images/fuck.txt
• http://www.liceoferminuoro.gov.it/Death.txt
• https://dikbud.tangerangselatankota.go.id/images/0x1998.txt
• http://www.dgm.gob.do/images/0x1998.txt
• http://banboek.lopburi.police.go.th
• http://www.justicia.sanluis.gov.ar/wp-content/X-m3n.html
• http://koonnapab.chiangmaihealth.go.th/gallery/X-m3n.html
• http://fiscalia-electoral.gob.pa/fiscalia_new/0wn.html
• http://member.wewb.gov.bd/wewbm/lungset.htm
• https://bkd.manadokota.go.id/security/lang.tmp
• http://nonthaburi.nfe.go.th//xampp/lang.tmp
• http://envirocenter.research.yale.edu
• http://cbey.research.yale.edu

Press Play to hear the answer!

Advisories

• Asterisk Project Security Advisory - AST-2019-008 Thu, 21 Nov 2019 23:55:55 GMT
  Asterisk Project Security Advisory - If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur.
• Asterisk Project Security Advisory - AST-2019-007 Thu, 21 Nov 2019 23:30:33 GMT
  Asterisk Project Security Advisory - A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
• Asterisk Project Security Advisory - AST-2019-006 Thu, 21 Nov 2019 23:02:22 GMT
  Asterisk Project Security Advisory - A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result.
• Ubuntu Security Notice USN-4198-1 Thu, 21 Nov 2019 21:36:53 GMT
  Ubuntu Security Notice 4198-1 - It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-4197-1 Thu, 21 Nov 2019 15:12:10 GMT
  Ubuntu Security Notice 4197-1 - It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service.
• Red Hat Security Advisory 2019-3942-01 Thu, 21 Nov 2019 15:11:12 GMT
  Red Hat Security Advisory 2019-3942-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift container images for Red Hat OpenShift Container Platform 4.1.24. A weak permission vulnerability was addressed.
• Slackware Security Advisory - bind Updates Thu, 21 Nov 2019 15:09:45 GMT
  Slackware Security Advisory - New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
• Red Hat Security Advisory 2019-3941-01 Thu, 21 Nov 2019 15:06:23 GMT
  Red Hat Security Advisory 2019-3941-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS. Issues addressed include bypass and denial of service vulnerabilities.
• Red Hat Security Advisory 2019-3940-01 Thu, 21 Nov 2019 15:06:05 GMT
  Red Hat Security Advisory 2019-3940-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the runC container image for Red Hat OpenShift Container Platform 4.1.24. The runC tool is a lightweight, portable implementation of the Open Container Format that provides a container runtime. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-4195-2 Wed, 20 Nov 2019 23:55:55 GMT
  Ubuntu Security Notice 4195-2 - USN-4195-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2974 in MariaDB 10.1 and CVE-2019-2938, CVE-2019-2974 for MariaDB 10.3. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.43. Ubuntu 19.04 and 19.10 has been updated to MariaDB 10.3.20. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
• Jalios JCMS 10 Backdoor Account / Authentication Bypass Wed, 20 Nov 2019 23:03:33 GMT
  Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password.
• Red Hat Security Advisory 2019-3935-01 Wed, 20 Nov 2019 23:02:22 GMT
  Red Hat Security Advisory 2019-3935-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
• Red Hat Security Advisory 2019-3936-01 Wed, 20 Nov 2019 22:22:22 GMT
  Red Hat Security Advisory 2019-3936-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
• Red Hat Security Advisory 2019-3932-01 Wed, 20 Nov 2019 21:11:11 GMT
  Red Hat Security Advisory 2019-3932-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
• Red Hat Security Advisory 2019-3933-01 Wed, 20 Nov 2019 20:55:55 GMT
  Red Hat Security Advisory 2019-3933-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
• Red Hat Security Advisory 2019-3929-01 Wed, 20 Nov 2019 20:44:44 GMT
  Red Hat Security Advisory 2019-3929-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a cross site scripting vulnerability.
• Red Hat Security Advisory 2019-3931-01 Wed, 20 Nov 2019 20:32:22 GMT
  Red Hat Security Advisory 2019-3931-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include cross site scripting and denial of service vulnerabilities.
• Red Hat Security Advisory 2019-3926-01 Wed, 20 Nov 2019 15:15:31 GMT
  Red Hat Security Advisory 2019-3926-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
• Red Hat Security Advisory 2019-3927-01 Wed, 20 Nov 2019 15:14:50 GMT
  Red Hat Security Advisory 2019-3927-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
• Red Hat Security Advisory 2019-3928-01 Wed, 20 Nov 2019 15:12:40 GMT
  Red Hat Security Advisory 2019-3928-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
• Red Hat Security Advisory 2019-3925-01 Wed, 20 Nov 2019 15:12:31 GMT
  Red Hat Security Advisory 2019-3925-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A sensitive data leak was addressed.
• Debian Security Advisory 4574-1 Wed, 20 Nov 2019 15:12:20 GMT
  Debian Linux Security Advisory 4574-1 - Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting.
• Red Hat Security Advisory 2019-3916-01 Tue, 19 Nov 2019 19:57:08 GMT
  Red Hat Security Advisory 2019-3916-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS. Issues addressed include bypass and denial of service vulnerabilities.
• Debian Security Advisory 4573-1 Tue, 19 Nov 2019 15:26:09 GMT
  Debian Linux Security Advisory 4573-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
• Red Hat Security Advisory 2019-3908-01 Tue, 19 Nov 2019 15:24:53 GMT
  Red Hat Security Advisory 2019-3908-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An issue where Intel GPU blitter manipulation can allow for arbitrary kernel memory write was addressed.