Security Pop Quiz! q113.mp3

News

Packet Storm Security

* Just About Every Windows And Linux Device Vulnerable To New LogoFAIL Firmware Attack
* Nissan Restoring Systems After Cyberattack
* Future CPUs Vulnerable To New SLAM Attack
* Meta Begins Rolling Out End-To-End Encryption
* Governments Spying On Apple, Google Users Through Push Notifications

Security Affairs

* Russia-linked APT8 exploited Outlook zero-day to target European NATO members
* UK and US expose Russia Callisto Group's activity and sanction members
* A cyber attack hit Nissan Oceania
* New Krasue Linux RAT targets telecom companies in Thailand
* Atlassian addressed four new RCE flaws in its products

Looking Glass Cyber

securingtomorrow.mcafee.com

Quick Heal

* Update: Quick Heal Products are Compatible with Windows 11 Version23H2
* How to Secure your WiFi
* MedusaLocker Ransomware: An In-Depth Technical Analysis and Prevention Strategies
* Why Your Privacy Score Matters More than Ever
* How can Your Security Score Help You Protect your Digital World Better

Threat Post

* Student Loan Breach Exposes 2.5M Records
* Watering Hole Attacks Push ScanBox Keylogger
* Tentacles of '0ktapus' Threat Group Victimize 130 Firms
* Ransomware Attacks are on the Rise
* Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Naked Security

ESET

* Navigating privacy: Should we put the brakes on car tracking?
* Teaching appropriate use of AI tech - Week in security with Tony Anscombe
* Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
* Very precisely lost - GPS jamming
* Executives behaving badly: 5 ways to manage the executive cyberthreat

CIS

• Top 10 Malware Q3 2023 Tue, 05 Dec 2023 22:23:00 Z
  The Top 10 Malware in Q3 2023 saw some significant shifts from the previous quarter. Here's what the CTI team at the MS-ISAC® observed.

Malware Patrol

* InfoSec Articles (11/28/23 - 12/05/23)
* InfoSec Articles (11/21/23 - 11/28/23)

SecList

• New macOS Trojan-Proxy piggybacking on cracked software
  A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address.

MySonicWall

Critical Infrastructure

* 90% of global energy companies experienced a third-party data breach
* Critical infrastructure workers more likely to detect, report phishing
* Fill out the Security Benchmark Survey for 2023

* Cadisha Miceli | Women in Security 2023
* CISA MTS Guide may enhance critical infrastructure resilience
* DNV appoints Anette Roll Richardsen as Director of Cybersecurity

* 47% of organizations monitored supply chain risks monthly or more
* 3 ways AI can handle third-party vendor and supplier risk challenges
* The 2023 Security Benchmark Leaders - Materion

Case Studies

* Häfele recovers from ransomware attack with new SASE platform
* Ride-hailing company, inDrive, uses new platform to prevent fraud
* The Old Spaghetti Factory restaurant chain ups network & physical security

* Italian police department updates video surveillance system
* New Jersey's largest school district adopts AI gun detection
* One of England's oldest boarding schools upgrades security system

Tools

* Simple Universal Fortigate Fuzzer Extension Script
* Nikto Web Scanner 2.5.0
* Proxmark3 4.17511 Custom Firmware
* Web-Based Firewall Logging Tool 1.1.3
* Wireshark Analyzer 4.2.0

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* ConQuest Dicom Server 1.5.0d Remote Command Execution
* WinterCMS 1.2.3 Cross Site Scripting
* Docker cgroups Container Escape
* Winter CMS 1.2.2 / 1.2.3 Server-Side Template Injection
* CE Phoenixcart 1.0.8.20 Shell Upload
* FortiWeb VM 7.4.0 build577 CLI Crash
* TinyDir 1.2.5 Buffer Overflow
* PHPJabbers Appointment Scheduler 3.0 CSV Injection
* PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting
* PHPJabbers Appointment Scheduler 3.0 Cross Site Scripting

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-6540-1 Thu, 07 Dec 2023 14:25:54 GMT
  Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.
• Ubuntu Security Notice USN-6539-1 Thu, 07 Dec 2023 14:18:28 GMT
  Ubuntu Security Notice 6539-1 - It was discovered that the python-cryptography Cipher.update_into function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that python-cryptography incorrectly handled loading certain PKCS7 certificates. A remote attacker could possibly use this issue to cause python-cryptography to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
• Ubuntu Security Notice USN-6538-1 Thu, 07 Dec 2023 14:18:13 GMT
  Ubuntu Security Notice 6538-1 - Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations.
• Ubuntu Security Notice USN-6537-1 Thu, 07 Dec 2023 14:16:49 GMT
  Ubuntu Security Notice 6537-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
• Ubuntu Security Notice USN-6536-1 Thu, 07 Dec 2023 14:12:02 GMT
  Ubuntu Security Notice 6536-1 - Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-6463-2 Thu, 07 Dec 2023 14:11:00 GMT
  Ubuntu Security Notice 6463-2 - USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges.
• Ubuntu Security Notice USN-6535-1 Thu, 07 Dec 2023 14:10:48 GMT
  Ubuntu Security Notice 6535-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. Maksymilian Arciemowicz discovered that curl incorrectly handled long file names when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.
• Red Hat Security Advisory 2023-7695-03 Thu, 07 Dec 2023 14:02:49 GMT
  Red Hat Security Advisory 2023-7695-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7694-03 Thu, 07 Dec 2023 14:02:42 GMT
  Red Hat Security Advisory 2023-7694-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7678-03 Thu, 07 Dec 2023 14:01:21 GMT
  Red Hat Security Advisory 2023-7678-03 - Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Issues addressed include XML injection, bypass, and open redirection vulnerabilities.
• Red Hat Security Advisory 2023-7676-03 Thu, 07 Dec 2023 14:01:12 GMT
  Red Hat Security Advisory 2023-7676-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a man-in-the-middle vulnerability.
• Red Hat Security Advisory 2023-7672-03 Thu, 07 Dec 2023 14:01:05 GMT
  Red Hat Security Advisory 2023-7672-03 - Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2023-7670-03 Thu, 07 Dec 2023 14:00:57 GMT
  Red Hat Security Advisory 2023-7670-03 - Migration Toolkit for Runtimes 1.2.3 release.
• Red Hat Security Advisory 2023-7669-03 Thu, 07 Dec 2023 14:00:49 GMT
  Red Hat Security Advisory 2023-7669-03 - New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available.
• Red Hat Security Advisory 2023-7668-03 Thu, 07 Dec 2023 14:00:40 GMT
  Red Hat Security Advisory 2023-7668-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2023-7667-03 Thu, 07 Dec 2023 14:00:29 GMT
  Red Hat Security Advisory 2023-7667-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7666-03 Thu, 07 Dec 2023 14:00:17 GMT
  Red Hat Security Advisory 2023-7666-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7665-03 Thu, 07 Dec 2023 14:00:05 GMT
  Red Hat Security Advisory 2023-7665-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an information leakage vulnerability.
• Red Hat Security Advisory 2023-7610-03 Thu, 07 Dec 2023 13:59:56 GMT
  Red Hat Security Advisory 2023-7610-03 - Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2023-7608-03 Thu, 07 Dec 2023 13:59:44 GMT
  Red Hat Security Advisory 2023-7608-03 - Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements.
• Red Hat Security Advisory 2023-7607-03 Thu, 07 Dec 2023 13:59:29 GMT
  Red Hat Security Advisory 2023-7607-03 - Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs.
• Ubuntu Security Notice USN-6533-1 Wed, 06 Dec 2023 14:59:36 GMT
  Ubuntu Security Notice 6533-1 - Tom Dohrmann discovered that the Secure Encrypted Virtualization implementation for AMD processors in the Linux kernel contained a race condition when accessing MMIO registers. A local attacker in a SEV guest VM could possibly use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the io_uring subsystem in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-6532-1 Wed, 06 Dec 2023 14:59:18 GMT
  Ubuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-6534-1 Wed, 06 Dec 2023 14:59:03 GMT
  Ubuntu Security Notice 6534-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
• Ubuntu Security Notice USN-6531-1 Wed, 06 Dec 2023 14:58:43 GMT
  Ubuntu Security Notice 6531-1 - Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash.