Security Pop Quiz! q143.mp3

News

Packet Storm Security

* China Trying To Export Its Great Firewall And Governance Model
* Attackers Actively Target Windows Installer Zero-Day
* Cybercriminals Continue Using Zelle To Scam Victims
* Tolkien Estate Blocks JRR Token Crypto Currency
* Apple Sues 'Amoral 21st Century Mercenaries' NSO For Infecting iPhones With Pegasus Malware

Security Affairs

* Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware
* Threat actors target crypto and NFT communities with Babadeda crypter
* Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
* APT C-23 group targets Middle East with an enhanced Android spyware variant
* New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Looking Glass Cyber

securingtomorrow.mcafee.com

* McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities
* My email has been hacked! What should I do next?
* Global Technology Provider Looks to MVISION Unified Cloud Edge
* McAfee Enterprise Continues to be a Leader in CASB and Cloud Security
* Zero Care About Zero Days

Quick Heal

* Anydesk Software Exploited to Spread Babuk Ransomware
* Quick Heal Supports Windows 10 November 2021 Update (version 21H2)
* Stay Alert - Malware Authors Deploy ELF as Windows Loaders to Exploit WSL feature
* Multi-Staged JSOutProx RAT Targets Indian Co-operative Banks and Finance Companies
* CetaRAT APT Group - Targeting the Government Agencies

Threat Post

* New Twists on Gift-Card Scams Flourish on Black Friday
* 9.3M+ Androids Running 'Malicious' Games from Huawei AppGallery
* GoDaddy Breach Widens to Include Reseller Subsidiaries
* Apple's NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker
* Attackers Actively Target Windows Installer Zero-Day

Naked Security

* Cloud Security: Don't wait until your next bill to find out about an attack!
* S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]
* US government securities watchdog spoofed by investment scammers - don't fall for it!
* Check your patches - public exploit now out for critical Exchange bug
* GoDaddy admits to password breach: check your Managed WordPress site!

ESET

* The triangle of holiday shopping: Scams, social media and supply chain woes
* Avoiding the shopping blues: How to shop online safely this holiday season
* FBI, CISA urge organizations to be on guard for attacks during holidays
* What to do if you receive a data breach notice
* Week in security with Tony Anscombe

CIS

• Authentication and Authorization Using Single Sign-On Wed, 24 Nov 2021 15:13:05 +0000
  

  By: Kathleen M. Moriarty, CIS Chief Technology Officer In order to prevent credential theft from phishing attacks, there is a push for multi-factor authentication (MFA). This is a very important step and should be considered if your organization has not yet made the transition. While MFA adds important protections, how you implement single sign-on, authorization, […]

  The post Authentication and Authorization Using Single Sign-On appeared first on CIS.

Malware Patrol

* InfoSec Articles (11/8/2021 - 11/22/2021)
* Avoiding Black Friday Phishing Scam

SecList

• IT threat evolution in Q3 2021. Mobile statistics
  In Q3 2021, 9,599,519 malware, adware and riskware attacks on mobile devices were prevented.

MySonicWall

Critical Infrastructure

* 4 key lessons from Hurricane Ida and what they mean for emergency planning
* US water and wastewater systems targeted by cybercrime
* Video surveillance secures Welsh natural gas facility

* 93% of TSA employees in compliance with vaccine mandate
* AI tracks illegal wildlife trafficking at Heathrow
* 73% of airline passengers interested in biometrics replacing passports

* The three C's of supply chain risk
* Congress passes DHS software supply chain bill
* FTA seeks industry input on transit safety

Case Studies

* Metropolitan school system blocks threats with cybersecurity platform
* Minnesota IT Services bolsters cloud security
* Data access strategy helps hotels on- and offboard employees

* Access control secures Ohio homeless shelter
* Are you paying for private security with crypto?
* Indianapolis Symphony Orchestra adds contactless access control system

Tools

* GNU Privacy Guard 2.2.33
* Wireshark Analyzer 3.6.0
* OpenStego Free Steganography Solution 0.8.1
* Hashcat Advanced Password Recovery 6.2.5 Source Code
* Hashcat Advanced Password Recovery 6.2.5 Binary Release

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory
* HTTPDebuggerPro 9.11 Unquoted Service Path
* CMSimple 5.4 Local File Inclusion / Remote Code Execution
* Serva 4.4.0 TFTP Remote Buffer Overflow
* WordPress WP Guppy 1.1 Information Disclosure
* Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation
* Webrun 3.6.0.42 SQL Injection
* FLEX 1085 Web 1.6.0 HTML Injection
* GNU gdbserver 9.2 Remote Command Execution
* Samsung NPU (Neural Processing Unit) Memory Corruption

Last 20 Website Defacements - Zone-h

* https://www.maumoonoffice.gov.mv/er.php
* http://perpusmari.ptun-denpasar.go.id/cok.txt
* https://zahidmgu.gov.ua/zz.html
* https://lvivvet.gov.ua/zz.html
* https://uriangato.gob.mx/1.php
* http://visitauriangato.gob.mx/1.php
* https://difuriangato.gob.mx/1.php
* https://smapau.gob.mx/1.php
* http://imd.ncmdit.gov.iq/public/site/images/adminojs/kingskrupellos.jpg
* https://imaginaires.univ-reims.fr/public/site/images/adminw/kingskrupellos.jpg
* http://vesta.univ-lemans.fr/public/site/images/adminojs/kingskrupellos.jpg
* https://esesuroriental.gov.co/er.php
* http://kpminerals.gov.pk/er.php
* https://www.rioverde.go.gov.br/er.php
* https://louveira.sp.gov.br/er.php
* https://dharavandhoo.gov.mv
* http://taliri.go.tz/er.php
* https://prisec.gov.af/er.php
* https://pa-ambarawa.go.id
* http://cawadi.gov.ph/s0u1.html

Press Play to hear the answer!

Advisories

• Red Hat Security Advisory 2021-4837-02 Wed, 24 Nov 2021 16:44:01 GMT
  Red Hat Security Advisory 2021-4837-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
• Red Hat Security Advisory 2021-4838-02 Wed, 24 Nov 2021 16:40:23 GMT
  Red Hat Security Advisory 2021-4838-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
• Red Hat Security Advisory 2021-4839-02 Wed, 24 Nov 2021 16:40:16 GMT
  Red Hat Security Advisory 2021-4839-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
• Red Hat Security Advisory 2021-4826-02 Wed, 24 Nov 2021 16:37:44 GMT
  Red Hat Security Advisory 2021-4826-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
• Red Hat Security Advisory 2021-4774-02 Wed, 24 Nov 2021 16:37:38 GMT
  Red Hat Security Advisory 2021-4774-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2021-4788-02 Wed, 24 Nov 2021 16:37:30 GMT
  Red Hat Security Advisory 2021-4788-02 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include a null pointer vulnerability.
• Red Hat Security Advisory 2021-4798-02 Wed, 24 Nov 2021 16:35:16 GMT
  Red Hat Security Advisory 2021-4798-02 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2021-4773-03 Wed, 24 Nov 2021 16:35:09 GMT
  Red Hat Security Advisory 2021-4773-03 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
• Ubuntu Security Notice USN-5155-1 Wed, 24 Nov 2021 16:35:03 GMT
  Ubuntu Security Notice 5155-1 - It was discovered that BlueZ incorrectly handled the Discoverable status when a device is powered down. This could result in devices being powered up discoverable, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. It was discovered that BlueZ incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause BlueZ to consume resources, leading to a denial of service. Various other issues were also addressed.
• Red Hat Security Advisory 2021-4782-01 Wed, 24 Nov 2021 16:32:59 GMT
  Red Hat Security Advisory 2021-4782-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2021-4785-01 Wed, 24 Nov 2021 16:32:47 GMT
  Red Hat Security Advisory 2021-4785-01 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2021-4777-01 Wed, 24 Nov 2021 16:29:37 GMT
  Red Hat Security Advisory 2021-4777-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2021-4779-01 Wed, 24 Nov 2021 16:29:25 GMT
  Red Hat Security Advisory 2021-4779-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
• Ubuntu Security Notice USN-5154-1 Tue, 23 Nov 2021 17:16:21 GMT
  Ubuntu Security Notice 5154-1 - It was discovered that FreeRDP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. It was discovered that FreeRDP incorrectly handled certain connections. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
• Red Hat Security Advisory 2021-4765-03 Tue, 23 Nov 2021 17:16:15 GMT
  Red Hat Security Advisory 2021-4765-03 - Red Hat OpenShift Serverless Client kn 1.19.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.19.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
• Red Hat Security Advisory 2021-4766-01 Tue, 23 Nov 2021 17:10:05 GMT
  Red Hat Security Advisory 2021-4766-01 - Red Hat OpenShift Serverless release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8 and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.
• Red Hat Security Advisory 2021-4767-01 Tue, 23 Nov 2021 17:09:50 GMT
  Red Hat Security Advisory 2021-4767-01 - This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, deserialization, information leakage, resource exhaustion, and server-side request forgery vulnerabilities.
• Red Hat Security Advisory 2021-4768-01 Tue, 23 Nov 2021 17:05:56 GMT
  Red Hat Security Advisory 2021-4768-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2021-4771-01 Tue, 23 Nov 2021 17:05:42 GMT
  Red Hat Security Advisory 2021-4771-01 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2012-4770-01 Tue, 23 Nov 2021 17:05:25 GMT
  Red Hat Security Advisory 2012-4770-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
• Ubuntu Security Notice USN-5153-1 Mon, 22 Nov 2021 17:41:08 GMT
  Ubuntu Security Notice 5153-1 - It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations.
• KVM SVM Out-Of-Bounds Read/Write Mon, 22 Nov 2021 17:27:57 GMT
  A KVM guest using SEV-ES (Secure Encrypted Virtualization - Encrypted State) can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT using the exit reason SVM_EXIT_IOIO.
• Red Hat Security Advisory 2021-4750-01 Sat, 20 Nov 2021 19:22:22 GMT
  Red Hat Security Advisory 2021-4750-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
• Ubuntu Security Notice USN-5152-1 Fri, 19 Nov 2021 16:41:08 GMT
  Ubuntu Security Notice 5152-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.
• Red Hat Security Advisory 2021-4743-03 Fri, 19 Nov 2021 16:40:59 GMT
  Red Hat Security Advisory 2021-4743-03 - LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.