Security Pop Quiz! q136.mp3

News

Packet Storm Security

* Sony Reintroduced A PS4 Bug On PS5 Which Could Have Led To A Jailbreak
* Apparently Europol Is Hoarding Personal Data
* Insider Threats Play A Larger Role In Security Incidents
* Hackathon Finds Dozens Of Ukrainian Refugees Trafficked Online
* Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data

Security Affairs

* Attackers impersonate CircleCI platform to compromise GitHub accounts
* OpIran: Anonymous declares war on Teheran amid Mahsa Amini's death
* Security Affairs newsletter Round 385
* ISC fixed high-severity flaws in the BIND DNS software
* Ukraine: SSU dismantled cyber gang that stole 30 million accounts

Looking Glass Cyber

securingtomorrow.mcafee.com

* How Often Should You Change Your Passwords?
* Steer Clear of the “Pay Yourself Scam” That’s T
* Watch Out for These 3 Online Job Scams
* What You Do Now To Protect Your Child From Cyberbullying
* #WSPD Creating hope through action with The Jordan Legacy

Quick Heal

* Quick Heal Supports Windows 11 version 22H2
* Indian Power Sector targeted with latest LockBit 3.0 Variant
* PowerShell: An Attacker's Paradise
* Auto-launching HiddAd on Google Play Store found in more than 6 million downloads
* Is the shift to 5G threatening the world of IoT Security?

Threat Post

* Student Loan Breach Exposes 2.5M Records
* Watering Hole Attacks Push ScanBox Keylogger
* Tentacles of '0ktapus' Threat Group Victimize 130 Firms
* Ransomware Attacks are on the Rise
* Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Naked Security

* Uber and Rockstar - has a LAPSUS$ linchpin just been busted (again)?
* Morgan Stanley fined millions for selling off devices full of customer PII
* S3 Ep101: Uber and LastPass breaches - is 2FA all it's cracked up to be? [Audio + Text]
* Interested in cybersecurity? Join us for Security SOS Week 2022!
* LastPass source code breach - incident response report released

ESET

* What to consider before disposing of personal data - Week in security with Tony Anscombe
* 5 tips to help children navigate the internet safely
* Hey WeLiveSecurity, how does biometric authentication work?
* Can your iPhone be hacked? What to know about iOS security
* Rising to the challenges of secure coding - Week in security with Tony Anscombe

CIS

• SATAn Targets Air-Gapped Computers with Data Theft, Spying Thu, 22 Sep 2022 09:31:00 -0400
  Malicious actors can use a "SATAn" attack involving the SATA interface to target air-gapped computers with data theft and extortion.

Malware Patrol

* InfoSec Articles (08/29/2022 - 09/12/2022)
* Malware Hashes and Hash Functions

SecList

• Mass email campaign with a pinch of targeted spam
  Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users.

MySonicWall

Critical Infrastructure

* Allan Moore - Most Influential People in Security 2022
* Julie Bowen - Most Influential People in Security 2022
* Body worn cameras: The missing piece of critical infrastructure security

* $59 million in DOT grants to improve U.S. commuter rail safety
* Applications open for rail transit safety grants worth up to $20,000
* US holiday travel returns to pre-pandemic levels

* $59 million in DOT grants to improve U.S. commuter rail safety
* Albuquerque connects bus surveillance feeds directly to police
* Applications open for rail transit safety grants worth up to $20,000

Case Studies

* Electric company uses SAP monitoring to bolster cybersecurity
* Pharmaceutical company secures network with AppSec compliance tools
* Tech university stops cyberattack with AI

* Miami Marlins up parking lot security with mobile payment system
* Video surveillance helps secure World Poker Tour tournament
* Simulated flight video bolsters defense contractor pilot training

Tools

* American Fuzzy Lop plus plus 4.03c
* Zeek 5.0.2
* Packet Fence 12.0.0
* Faraday 4.1.0
* Wireshark Analyzer 3.6.8

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting
* WordPress WP-UserOnline 2.88.0 Cross Site Scripting
* Teleport 10.1.1 Remote Code Execution
* Feehi CMS 2.1.1 Remote Code Execution
* Testa 3.5.1 Cross Site Scripting
* TP-Link Tapo c200 1.1.15 Remote Code Execution
* Bitbucket Git Command Injection
* Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition
* WorkOrder CMS 0.1.0 Cross Site Scripting
* WorkOrder CMS 0.1.0 SQL Injection

Last 20 Website Defacements - Zone-h

* https://munimanuelantoniomesonesmuro.gob.pe/1kurd.html
* http://dkwera.bimakab.go.id/z.html
* http://dklambitu.bimakab.go.id/z.html
* https://bintankab.go.id/read.html
* https://dishut.sulbarprov.go.id/indexx.php
* https://healthdesk.go.ug
* https://sipp.pn-kualakapuas.go.id/hallo.txt
* https://pn-kualakapuas.go.id/hallo.txt
* http://dinsos.sulbarprov.go.id/milf.php
* http://dispar.sulbarprov.go.id/milf.php
* http://dishub.sulbarprov.go.id/milf.php
* http://disnaker.sulbarprov.go.id/milf.php
* http://dkp.sulbarprov.go.id/milf.php
* https://perumkin.sulbarprov.go.id
* https://bappeda.sulbarprov.go.id
* https://bumper.sulbarprov.go.id
* https://sipakon.blorakab.go.id/bdkr.html
* https://licencias.sistemasmlh.gob.ar/bdkr.html
* https://lawyers.gov.iq/vz.txt
* https://talaudkab.go.id/krd.htm

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-5629-1 Fri, 23 Sep 2022 14:17:35 GMT
  Ubuntu Security Notice 5629-1 - It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic.
• Ubuntu Security Notice USN-5631-1 Fri, 23 Sep 2022 14:17:22 GMT
  Ubuntu Security Notice 5631-1 - It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain malformed jpeg files. An attacker could possibly use this issue to cause libjpeg-turbo to crash, resulting in a denial of service.
• Ubuntu Security Notice USN-5632-1 Fri, 23 Sep 2022 14:10:20 GMT
  Ubuntu Security Notice 5632-1 - Sebastian Chnelik discovered that OAuthLib incorrectly handled certain redirect uris. A remote attacker could possibly use this issue to cause OAuthLib to crash, resulting in a denial of service.
• Ubuntu Security Notice USN-5634-1 Fri, 23 Sep 2022 14:07:28 GMT
  Ubuntu Security Notice 5634-1 - Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.
• Ubuntu Security Notice USN-5633-1 Fri, 23 Sep 2022 14:05:56 GMT
  Ubuntu Security Notice 5633-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-5630-1 Fri, 23 Sep 2022 14:02:13 GMT
  Ubuntu Security Notice 5630-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
• Ubuntu Security Notice USN-5628-1 Thu, 22 Sep 2022 16:01:28 GMT
  Ubuntu Security Notice 5628-1 - It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that exists already. An attacker could possibly use this issue to obtain sensitive information. It was discovered that etcd incorrectly handled endpoint setup. An attacker could possibly use this issue to cause a denial of service.
• Ubuntu Security Notice USN-5627-1 Thu, 22 Sep 2022 16:01:16 GMT
  Ubuntu Security Notice 5627-1 - It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information.
• Red Hat Security Advisory 2022-6681-01 Thu, 22 Sep 2022 15:59:59 GMT
  Red Hat Security Advisory 2022-6681-01 - Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important.
• Ubuntu Security Notice USN-5626-2 Thu, 22 Sep 2022 15:51:33 GMT
  Ubuntu Security Notice 5626-2 - USN-5626-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service.
• Red Hat Security Advisory 2022-6535-01 Thu, 22 Sep 2022 15:51:03 GMT
  Red Hat Security Advisory 2022-6535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5.
• Red Hat Security Advisory 2022-6536-01 Thu, 22 Sep 2022 15:50:52 GMT
  Red Hat Security Advisory 2022-6536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.5.
• Red Hat Security Advisory 2022-6531-01 Thu, 22 Sep 2022 15:48:00 GMT
  Red Hat Security Advisory 2022-6531-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33.
• Ubuntu Security Notice USN-5625-1 Wed, 21 Sep 2022 13:52:05 GMT
  Ubuntu Security Notice 5625-1 - It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.
• Ubuntu Security Notice USN-5626-1 Wed, 21 Sep 2022 13:51:57 GMT
  Ubuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
• Ubuntu Security Notice USN-5623-1 Wed, 21 Sep 2022 13:51:46 GMT
  Ubuntu Security Notice 5623-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-5624-1 Wed, 21 Sep 2022 13:51:38 GMT
  Ubuntu Security Notice 5624-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-5622-1 Wed, 21 Sep 2022 13:51:31 GMT
  Ubuntu Security Notice 5622-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
• Ubuntu Security Notice USN-5621-1 Wed, 21 Sep 2022 13:51:20 GMT
  Ubuntu Security Notice 5621-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.
• Red Hat Security Advisory 2022-6580-01 Wed, 21 Sep 2022 13:51:12 GMT
  Red Hat Security Advisory 2022-6580-01 - The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one site at a time.
• Red Hat Security Advisory 2022-6592-01 Wed, 21 Sep 2022 13:51:01 GMT
  Red Hat Security Advisory 2022-6592-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.
• Red Hat Security Advisory 2022-6590-01 Wed, 21 Sep 2022 13:50:49 GMT
  Red Hat Security Advisory 2022-6590-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.
• Red Hat Security Advisory 2022-6582-01 Wed, 21 Sep 2022 13:50:36 GMT
  Red Hat Security Advisory 2022-6582-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and heap overflow vulnerabilities.
• Red Hat Security Advisory 2022-6585-01 Wed, 21 Sep 2022 13:50:28 GMT
  Red Hat Security Advisory 2022-6585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a double free vulnerability.
• Ubuntu Security Notice USN-5618-1 Wed, 21 Sep 2022 13:47:21 GMT
  Ubuntu Security Notice 5618-1 - It was discovered the Ghostscript incorrectly handled memory when processing certain inputs. By tricking a user into opening a specially crafted PDF file, an attacker could cause the program to crash.