Security Pop Quiz! q472.mp3

News

Packet Storm Security

* Go Malware Is Now Common, Having Been Adopted By Both APT And E-Crime Groups
* Old Foe Or New Enemy? Here's How Researchers Handle APT Attribution
* Oxford Lab With COVID-19 Research Links Targeted By Hackers
* Round Two Coming In Congressional Grilling Over SolarWinds
* Npower App Attack Exposed Customers' Bank Details

Security Affairs

* Experts found a critical authentication bypass flaw in Rockwell Automation software
* Hotarus Corp gang hacked Ecuador's Ministry of Finance and Banco Pichincha
* T-Mobile customers were hit with SIM swapping attacks
* New Ryuk ransomware implements self-spreading capabilities
* Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Looking Glass Cyber

* Cybersecurity Leader Gus Hunt Joins LookingGlass Advisory Board
* Cybersecurity Expert Melissa Hathaway Joins LookingGlass Advisory Board
* Former FBI Cyber Division Chief James Trainor Joins LookingGlass Advisory Board
* Military Intelligence Leader Lt. Gen. James Clapper Joins LookingGlass Advisory Board
* LookingGlass Welcomes Business Executive Dana Mariano as Chief Financial Officer

securingtomorrow.mcafee.com

* 6 Steps to Help Your Family Restore Digital Balance in Stressful Times
* SOC Health Check: Prescribing XDR for Enterprises 
* Babuk Ransomware
* Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use
* How 2020 Has Shaped The Way We Live Our Lives

Quick Heal

* Five tips to stay away from UPI frauds
* Ransomware attacks erupt via Cyberpunk 2077
* Five tips to ensure you're not a victim of an online romance scam this Valentine's Day
* Spear Phishing targets Microsoft to amass large numbers of credentials
* Stay Alert, Joker still making its way on Google Play Store!

Threat Post

* Amazon Dismisses Claims Alexa 'Skills' Can Bypass Security Vetting Process
* Stalkerware Volumes Remain Concerningly High, Despite Bans
* Lazarus Targets Defense Companies with ThreatNeedle Malware
* Yeezy Fans Face Sneaker-Bot Armies for Boost 'Sun' Release  
* Malware Gangs Partner Up in Double-Punch Security Threat

Naked Security

* S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast]
* Keybase secure messaging fixes photo-leaking bug - patch now!
* Nvidia announces official "anti-cryptomining" software drivers
* Naked Security Live - How to calculate important things using a computer
* The massive coronavirus IT blunder with a funny side

ESET

* Week in security with Tony Anscombe
* Oxford University COVID‑19 lab hacked
* Safeguarding children against cyberbullying in the age of COVID‑19
* Championing worthy causes: How ESET gives a helping hand
* Facebook ramps up fight against child abuse content

CIS

• Secure Cloud Products and Services with New CIS Benchmarks Thu, 25 Feb 2021 15:24:40 +0000
  

  The cloud continues to expand with new products and services constantly introduced by cloud service providers (CSPs). The Center for Internet Security (CIS) responded with more resources to help secure these capabilities in the cloud. The Beginner’s Guide to Secure Cloud Configurations describes how users can secure public cloud accounts, products, services, and more. New […]

  The post Secure Cloud Products and Services with New CIS Benchmarks appeared first on CIS.

Malware Patrol

* InfoSec Articles (01/31/21 - 02/14/21)
* InfoSec Articles (01/16/21 - 01/30/21)

SecList

• The state of stalkerware in 2020
  The 2020 data shows that the stalkerware situation has not improved much: the number of affected people is still high. A total of 53,870 unique users were affected globally by stalkerware in 2020.

MySonicWall

Critical Infrastructure

* CISA and AVANGRID conduct virtual exercise to improve emergency response and recovery plans
* 5 minutes with Mike Hamilton - The biggest threats to the critical infrastructure
* Protecting critical infrastructure and distributed organizations in an era of chronic cybersecurity r

* Burlington Airport to use portion of $14.5 federal grant to upgrade security
* TSA to hire 6K security officers in anticipation of summer travel
* Iberia airlines trialing biometrics at Madrid airport

* Reliable asset tracking: The importance of IoT, battery life and location accuracy
* Why cybercriminals target manufacturers - and what to do about it
* San Diego MTA hires Al Stiehler as Director of Transit Security and Passenger Safety

Case Studies

* Notorious cybersecurity attacks in history and how to prevent them
* Disinformation: Companies in the crosshairs
* A first-hand account of ransomware: To pay or not to pay

* Milwaukee-based Potawatomi Hotel & Casino implements touchless screening for guests
* Neiman Marcus Group implements cloud-based access management software solution
* Iberia airlines trialing biometrics at Madrid airport

Tools

* Global Socket 1.4.25
* jSQL Injection 0.84
* Zeek 3.2.4
* OpenDNSSEC 2.1.8
* Global Socket 1.4.24

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* Package Control Arbitrary File Write
* Microsoft DirectWrite fsg_ExecuteGlyph Buffer Overflow
* Chrome DataElement Out-Of-Bounds Read
* Trojan-Proxy.Win32.Delf.ai Buffer Overflow
* Doctor Appointment System 1.0 Cross Site Scripting
* Trojan-Dropper.Win32.Daws.etlm Unauthenticated Reboot
* Online Catering Reservation System 1.0 SQL Injection
* VisualWare MyConnection Server 11.x Remote Code Execution
* Triconsole 3.75 Cross Site Scripting
* Zenphoto CMS 1.5.7 Shell Upload

Last 20 Website Defacements - Zone-h

* http://sidehu.midena.gob.ec
* https://dpks.sumenepkab.go.id
* https://kec-manding.sumenepkab.go.id/id.html
* https://sumenepkab.go.id/info.php
* http://environmentmanipur.gov.in/r4s.html
* http://munipunchana.gob.pe/aex.html
* https://www.rukwabasin.go.tz
* https://www.tnbc.go.tz
* https://www.atf.go.tz
* https://diskan.sumenepkab.go.id
* http://dpr-papua.go.id/vz.txt
* http://dofps.gov.bt/vz.txt
* http://inhukab.go.id/readme.txt
* https://wheelwright.gob.ar/noname.html
* https://kupangkota.go.id
* http://sg.starrett.com/dms/index.html
* http://au.starrett.com/dms/index.html
* https://ojs.cnmp.mp.br/public/site/images/adminj/kingskrupellos.jpg
* https://atcr.kra.go.ke/ojs//public/site/images/adminj/kingskrupellos.jpg
* http://et.ippt.gov.pl/public/site/images/adminj/kingskrupellos.jpg

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-4754-2 Fri, 26 Feb 2021 16:11:09 GMT
  Ubuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.
• Ubuntu Security Notice USN-4754-1 Fri, 26 Feb 2021 16:11:03 GMT
  Ubuntu Security Notice 4754-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.
• Ubuntu Security Notice USN-4755-1 Fri, 26 Feb 2021 16:10:57 GMT
  Ubuntu Security Notice 4755-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
• Ubuntu Security Notice USN-4752-1 Thu, 25 Feb 2021 15:31:12 GMT
  Ubuntu Security Notice 4752-1 - Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4751-1 Thu, 25 Feb 2021 15:31:02 GMT
  Ubuntu Security Notice 4751-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4753-1 Thu, 25 Feb 2021 15:30:54 GMT
  Ubuntu Security Notice 4753-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
• Ubuntu Security Notice USN-4750-1 Thu, 25 Feb 2021 15:30:47 GMT
  Ubuntu Security Notice 4750-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4749-1 Thu, 25 Feb 2021 15:30:40 GMT
  Ubuntu Security Notice 4749-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4748-1 Thu, 25 Feb 2021 15:30:28 GMT
  Ubuntu Security Notice 4748-1 - It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed.
• Ubuntu Security Notice USN-4747-2 Thu, 25 Feb 2021 15:30:21 GMT
  Ubuntu Security Notice 4747-2 - USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
• Red Hat Security Advisory 2021-0100-01 Thu, 25 Feb 2021 15:30:14 GMT
  Red Hat Security Advisory 2021-0100-01 - The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Issues addressed include denial of service and integer overflow vulnerabilities.
• Red Hat Security Advisory 2020-5364-01 Thu, 25 Feb 2021 15:30:03 GMT
  Red Hat Security Advisory 2020-5364-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.7. Issues addressed include denial of service and integer overflow vulnerabilities.
• Red Hat Security Advisory 2021-0664-01 Thu, 25 Feb 2021 15:29:45 GMT
  Red Hat Security Advisory 2021-0664-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
• Red Hat Security Advisory 2020-5633-01 Thu, 25 Feb 2021 15:29:25 GMT
  Red Hat Security Advisory 2020-5633-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. Issues addressed include bypass, denial of service, integer overflow, man-in-the-middle, and memory leak vulnerabilities.
• Red Hat Security Advisory 2021-0661-01 Thu, 25 Feb 2021 15:28:34 GMT
  Red Hat Security Advisory 2021-0661-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0.
• Red Hat Security Advisory 2021-0659-01 Thu, 25 Feb 2021 15:28:26 GMT
  Red Hat Security Advisory 2021-0659-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
• Red Hat Security Advisory 2020-5634-01 Thu, 25 Feb 2021 15:28:18 GMT
  Red Hat Security Advisory 2020-5634-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0.
• Red Hat Security Advisory 2021-0662-01 Thu, 25 Feb 2021 15:28:10 GMT
  Red Hat Security Advisory 2021-0662-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0.
• Red Hat Security Advisory 2021-0658-01 Thu, 25 Feb 2021 15:28:03 GMT
  Red Hat Security Advisory 2021-0658-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0.
• Red Hat Security Advisory 2021-0656-01 Thu, 25 Feb 2021 15:27:56 GMT
  Red Hat Security Advisory 2021-0656-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
• Red Hat Security Advisory 2021-0660-01 Thu, 25 Feb 2021 15:27:49 GMT
  Red Hat Security Advisory 2021-0660-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
• Red Hat Security Advisory 2021-0655-01 Thu, 25 Feb 2021 15:27:39 GMT
  Red Hat Security Advisory 2021-0655-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
• Red Hat Security Advisory 2021-0657-01 Thu, 25 Feb 2021 15:27:28 GMT
  Red Hat Security Advisory 2021-0657-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0.
• Red Hat Security Advisory 2020-5635-01 Thu, 25 Feb 2021 15:26:54 GMT
  Red Hat Security Advisory 2020-5635-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Ubuntu Security Notice USN-4698-2 Thu, 25 Feb 2021 15:26:41 GMT
  Ubuntu Security Notice 4698-2 - USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.