Security Pop Quiz! q490.mp3

News

Packet Storm Security

* Indonesia Bars Financial Institutions From Offering Crypto Services
* Let's Encrypt To Revoke About 2 Million HTTPS Certificates In Two Days
* DeepDotWeb Operator Sentenced To Eight Years Behind Bars
* Apple Fixes 2 Zero-Day Security Bugs, One Exploited In the Wild
* Kentucky Hospital Reports Network Outage, Care Delays Amid Cyberattack

Security Affairs

* Microsoft mitigated a 3.47 Tbps DDoS attack, the largest one to date
* Lockbit ransomware gang claims to have hacked Ministry of Justice of France
* A new highly evasive technique used to deliver the AsyncRAT Malware
* Experts analyze first LockBit ransomware for Linux and VMware ESXi
* Apple fixed the first two zero-day vulnerabilities of 2022

Looking Glass Cyber

securingtomorrow.mcafee.com

* Passwords are Like Toothbrushes – Not to Be Shared!!
* Can Apple Macs get Viruses?
* Cyberbullying: Words do Hurt When it Comes to Social Media
* How to Protect Your Social Media Accounts
* McAfee Wins Product of the Year for Best Online Protection

Quick Heal

* CVE-2021-44228: New Apache Log4j 'Log4Shell' Zero-Day Being Exploited in the Wild
* Anydesk Software Exploited to Spread Babuk Ransomware
* Quick Heal Supports Windows 10 November 2021 Update (version 21H2)
* Stay Alert - Malware Authors Deploy ELF as Windows Loaders to Exploit WSL feature
* Multi-Staged JSOutProx RAT Targets Indian Co-operative Banks and Finance Companies

Threat Post

* BotenaGo Botnet Code Leaked to GitHub
* Shipment-Delivery Scams Become the Favored Way to Spread Malware
* How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution
* TrickBot Crashes Security Researchers' Browsers in Latest Upgrade
* Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

Naked Security

* S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
* Apple patches Safari data leak (oh, and a zero-day) - patch now!
* "PwnKit" security bug gets you root on most Linux distros - what to do
* Tax scam emails are alive and well as US tax season starts
* Alleged carder gang mastermind and three acolytes under arrest in Russia

ESET

* Every breath you take, every move you make: Do fitness trackers pose privacy risks?
* Watering hole deploys new macOS malware, DazzleSpy, in Asia
* How I hacked my friend's PayPal account
* Week in security with Tony Anscombe
* How to know if your email has been hacked

CIS

• Protecting Privacy Using the CIS Controls Privacy Guide Thu, 27 Jan 2022 17:19:23 +0000
  

  The CIS Controls Privacy Guide provides best practices and guidance for implementing the CIS Critical Security Controls (CIS Controls) while considering the privacy impacts on the workforce, customers, and third-party organizations such as contractors. The Privacy Guide supports the objectives of the CIS Controls by aligning privacy principles and highlighting potential privacy concerns that may […]

  The post Protecting Privacy Using the CIS Controls Privacy Guide appeared first on CIS.

Malware Patrol

* InfoSec Articles (01/04/2022 - 01/17/2022)
* InfoSec Articles (12/21/2021 - 01-04-2022)

SecList

• MoonBounce: the dark side of UEFI firmware
  At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

MySonicWall

Critical Infrastructure

* Cybersecurity considerations for electric vehicle chargers
* 3 types of national security risk to monitor
* Emergency-proofing critical infrastructure: The role of consultants

* Perth Airport adds security screening technology
* Port of Palm Beach joins human trafficking prevention program
* University of Arizona and Emirates Group Security launch online degree program

* Cybersecurity considerations for electric vehicle chargers
* Improving worker safety and security on the plant floor
* Swiss transit authority uses AI monitoring to secure rails

Case Studies

* Cybersecurity institute trains Texas cyber talent
* Metropolitan school system blocks threats with cybersecurity platform
* Minnesota IT Services bolsters cloud security

* Virtual security operations center protects gaming company assets
* Massachusetts soup kitchen bolsters surveillance system
* Swiss transit authority uses AI monitoring to secure rails

Tools

* Zeek 4.2.0
* American Fuzzy Lop plus plus 4.00c
* Lynis Auditing Tool 3.0.7
* Logwatch 7.6
* GRAudit Grep Auditing Tool 3.3

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* WordPress RegistrationMagic V 5.0.1.5 SQL Injection
* WordPress Modern Events Calendar 6.1 SQL Injection
* PolicyKit-1 0.105-31 Privilege Escalation
* Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion
* WordPress Mortgage Calculators WP 1.52 Cross Site Scripting
* Linux Kernel Slab Out-Of-Bounds Write
* Linux Kernel Slab Out-Of-Bounds Write
* Polkit pkexec CVE-2021-4034 Local Root
* Polkit pkexec CVE-2021-4034 Proof Of Concept
* Backdoor.Win32.WinShell.50 Weak Hardcoded Password

Last 20 Website Defacements - Zone-h

* https://warudoyong.sukabumikota.go.id/readme.html
* https://bpbj.sukabumikota.go.id/readme.html
* https://elitbang.sukabumikota.go.id/readme.html
* https://inppas.sukabumikota.go.id/readme.html
* https://municipiocayambe.gob.ec/sell.txt
* http://simundu.jogjaprov.go.id/exz.txt
* https://loogroup.princeton.edu
* https://valorizandoservidor.saquarema.rj.gov.br
* https://holodeck.nyu.edu
* https://icite.od.nih.gov/covid19/help
* https://rits.hosting.nyu.edu
* http://guda.ap.gov.in/exz.txt
* https://portal.lomboktimurkab.go.id/exz.txt
* http://newt.dap.gov.iq/exz.txt
* https://disnaker.bone.go.id/remove.html
* http://www.sehat-jiwa.kemkes.go.id/remove.html
* http://policiadearagua.gob.ve
* http://nonsaat.go.th/19.html
* http://www.cultura.ba.gov.br
* https://kenduruan.tubankab.go.id/app/readme.html

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-5247-1 Thu, 27 Jan 2022 14:57:18 GMT
  Ubuntu Security Notice 5247-1 - It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 21.10. It was discovered that vim incorrectly handled memory when opening and searching the contents of certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10.
• Gentoo Linux Security Advisory 202201-01 Thu, 27 Jan 2022 14:50:56 GMT
  Gentoo Linux Security Advisory 202201-1 - A vulnerability in polkit could lead to local root privilege escalation. Versions less than 0.120-r2 are affected.
• SAP Enterprise Portal XSLT Injection Thu, 27 Jan 2022 14:48:35 GMT
  SAP Enterprise Portal with ENGINEAPI versions 7.10, 7.30, 7.31, 7.40, and 7.50 suffers from an XSLT injection vulnerability.
• Red Hat Security Advisory 2022-0181-05 Thu, 27 Jan 2022 14:47:51 GMT
  Red Hat Security Advisory 2022-0181-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.54. Issues addressed include a code execution vulnerability.
• SAP CommonCryptoLib Null Pointer Dereference Thu, 27 Jan 2022 14:46:14 GMT
  SAP CommonCryptoLib suffers from a null pointer dereference vulnerability. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error causing the system to crash and remain unavailable.
• SAP Enterprise Portal Open Redirect Thu, 27 Jan 2022 14:44:33 GMT
  SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from an open redirection vulnerability.
• Red Hat Security Advisory 2022-0303-02 Thu, 27 Jan 2022 14:43:52 GMT
  Red Hat Security Advisory 2022-0303-02 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2022-0288-02 Thu, 27 Jan 2022 14:41:16 GMT
  Red Hat Security Advisory 2022-0288-02 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2022-0289-04 Thu, 27 Jan 2022 14:40:52 GMT
  Red Hat Security Advisory 2022-0289-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
• SAP Enterprise Portal iviewCatcherEditor Server-Side Request Forgery Thu, 27 Jan 2022 14:38:59 GMT
  SAP Enterprise Portal with EP-RUNTIME component versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 suffer from a iviewCatcherEditor server-side request forgery vulnerability.
• Red Hat Security Advisory 2022-0291-04 Thu, 27 Jan 2022 14:36:31 GMT
  Red Hat Security Advisory 2022-0291-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
• SAP Enterprise Portal RunContentCreation Cross Site Scripting Thu, 27 Jan 2022 14:34:49 GMT
  SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from a RunContentCreation cross site scripting vulnerability.
• Red Hat Security Advisory 2022-0294-04 Thu, 27 Jan 2022 14:32:12 GMT
  Red Hat Security Advisory 2022-0294-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
• SAP Enterprise Portal NavigationReporter Cross Site Scripting Thu, 27 Jan 2022 14:28:54 GMT
  SAP Enterprise Portal with EP-RUNTIME component versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 suffer from a NavigationReporter cross site scripting vulnerability.
• Red Hat Security Advisory 2022-0290-06 Thu, 27 Jan 2022 14:25:55 GMT
  Red Hat Security Advisory 2022-0290-06 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2022-0296-03 Thu, 27 Jan 2022 14:23:56 GMT
  Red Hat Security Advisory 2022-0296-03 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
• Red Hat Security Advisory 2022-0297-01 Thu, 27 Jan 2022 14:23:31 GMT
  Red Hat Security Advisory 2022-0297-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.12.0 serves as an update to Red Hat Decision Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
• Polkit pkexec Local Privilege Escalation Wed, 26 Jan 2022 15:11:49 GMT
  Qualys discovered a local privilege escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution.
• Ubuntu Security Notice USN-5193-2 Wed, 26 Jan 2022 15:09:34 GMT
  Ubuntu Security Notice 5193-2 - USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
• Red Hat Security Advisory 2022-0268-03 Wed, 26 Jan 2022 15:08:08 GMT
  Red Hat Security Advisory 2022-0268-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2022-0274-03 Wed, 26 Jan 2022 15:08:01 GMT
  Red Hat Security Advisory 2022-0274-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2022-0273-02 Wed, 26 Jan 2022 15:07:52 GMT
  Red Hat Security Advisory 2022-0273-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2022-0265-03 Wed, 26 Jan 2022 15:07:41 GMT
  Red Hat Security Advisory 2022-0265-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2022-0270-02 Wed, 26 Jan 2022 15:07:34 GMT
  Red Hat Security Advisory 2022-0270-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2022-0272-02 Wed, 26 Jan 2022 15:07:27 GMT
  Red Hat Security Advisory 2022-0272-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.