Security Pop Quiz! q136.mp3

News

Packet Storm Security

* Leaked FinCEN Files Expose Poor Data Security
* Microsoft Overhauls Patch Tuesday Security Update Guide
* OldGremlin Ransomware Group Bedevils Russian Orgs
* The Fight Over The Fight For California's Privacy Future
* Massive Dark Web Bust Seizes $6.5 Million From 179 Drug Dealers

Security Affairs

* Alien Android banking Trojan, the powerful successor of the Cerberus malware
* Instagram RCE gave hackers remote access to your device
* Hackers are using Zerologon exploits in attacks in the wild
* Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns
* Data for 600K customers of U.S. fitness chains Town Sports leaked online

Looking Glass Cyber

* LookingGlass Cyber Solutions Announces Engagement with Defense Innovation Unit
* Need a (SMB)Ghost Buster? How CloudShield Eclipse Handles SMB Exploits
* Making Cybersecurity Policy Work For You: Tunable Security Mitigation At Attack Speed
* Elevating Security Orchestration with CACAO
* LookingGlass Cyber Solutions Announces Plans to Relaunch the Cyveillance Brand

securingtomorrow.mcafee.com

Quick Heal

* How social media is used to commit financial fraud
* The Biggest Cyberattacks of 2020…so far
* If your smartphone is your life, here's how you can keep it safe
* Your guide to new-age cybersecurity terms
* Parental Control - Here's how you can regulate your child's computer habits

Threat Post

* Free Apple iPhone 12? Chatbot Scam Spreads Via Texts
* Alien Android Banking Trojan Sidesteps 2FA
* Zerologon Patches Roll Out Beyond Microsoft
* Gamer Credentials Now a Booming, Juicy Target for Hackers
* Critical Industrial Flaws Pose Patching Headache For Manufacturers

Naked Security

* SMS phishing scam pretends to be Apple "chatbot" - don't fall for it!
* Naked Security Live - "The Zerologon hole: are you at risk?"
* A real-life Maze ransomware attack - "If at first you don't succeed…"
* Zerologon - hacking Windows servers with a bunch of zeros
* Naked Security Live - "Should you worry about your wallpaper?"

ESET

* 179 arrested in massive dark web bust
* New tool helps companies assess why employees click on phishing emails
* Mozilla fixes flaw that let attackers hijack Firefox for Android via Wi‑Fi
* Week in security with Tony Anscombe
* 5 ways cybercriminals can try to extort you

CIS

• Protecting Organizations From Today’s Top Cyber Threats Mon, 21 Sep 2020 20:45:22 +0000
  

  Cyber threats are constantly evolving. As recently as 2016, Trojan malware accounted for nearly 50% of all breaches. Today, they are responsible for less than seven percent. That’s not to say that Trojans are any less harmful. According to the 2020 Verizon Data Breach Investigations Report (DBIR), their backdoor and remote-control capabilities are still used […]

  The post Protecting Organizations From Today’s Top Cyber Threats appeared first on CIS.

Malware Patrol

* InfoSec Articles (09/03/20 - 09/17/20)
* InfoSec Articles (08/19/20 - 09/02/20)

SecList

• Threat landscape for industrial automation systems. H1 2020 highlights
  Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. The internet, removable media and email continue to be the main sources of threats in the ICS environment.

MySonicWall

Critical Infrastructure

* New research indicates positive perceptions about cybersecurity professionals
* Chinese Ministry of State Security-affiliated cyber threat actor activity targeting US agencies
* Portland passes strict facial recognition technology ban

* The International Association of Behaviour Detection & Analysis aims to advance standards and best pr
* New research indicates positive perceptions about cybersecurity professionals
* Gatwick airport implements UV cleaning system for security trays

* New research indicates positive perceptions about cybersecurity professionals
* Rapid growth across container and kubernetes adoption, security incidents, and DevSecOps initiatives
* City of New Orleans uses video surveillance to tackle illegal dumping

Case Studies

* Eliminating vulnerabilities early in the SDLC for Société Française du Radiotele
* DefenTec deploys KeeperMSP to defend from cyberattacks
* EL AL Airlines: Integrating Security into CI/CD with Seeker IAST from Synopsys

* Singapore announces first government use of facial verification tech for national identity program
* Balancing customer relationships and security
* Texas Window Film Company Working to Provide More Emergency Response Times in Schools

Tools

* OpenSSL Toolkit 1.1.1h
* nfstream 6.1.3
* nfstream 6.1.2
* nfstream 6.1.1
* TOR Virtual Network Tunneling Tool 0.4.4.5

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* Online Food Ordering System 1.0 Remote Code Execution
* Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
* Jenkins 2.56 CLI Deserialization / Code Execution
* Visitor Management System In PHP 1.0 Cross Site Scripting
* Visitor Management System In PHP 1.0 SQL Injection
* Seat Reservation System 1.0 SQL Injection
* GoogleCloudPlatform OSConfig Privilege Escalation
* Flatpress Add Blog 1.0.3 Cross Site Scripting
* Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution
* Seat Reservation System 1.0 Shell Upload

Last 20 Website Defacements - Zone-h

* https://tobyhannatownshippa.gov/m6.htm
* https://www.agctz.go.tz
* http://www.lar.uff.br/tesla.htm
* http://revista.iec.gov.br/submit/public/site/images/zbi/zeb.gif
* https://revistas.ingemmet.gob.pe/public/site/images/zeb/zeb.gif
* https://ojs.supercias.gob.ec//public/site/images/zbi/zeb.gif
* https://srdb.gop.pk/journal/public/site/images/zbi/zeb.gif
* https://bpbd.jatengprov.go.id/wp-admin/m1F3Cg0.php
* http://www.jdih.magelangkab.go.id/read.txt
* https://www.pn-negara.go.id/read.txt
* https://filmingincyprus.gov.cy
* http://zi.pn-mungkid.go.id/read.txt
* http://sppt.pn-mungkid.go.id/read.txt
* http://pendaftaran.pn-mungkid.go.id/read.txt
* http://emediation.pn-mungkid.go.id/read.txt
* http://ppid.ptun-serang.go.id/read.txt
* http://valac.pa-klungkung.go.id/read.txt
* http://akta.pa-klungkung.go.id/read.txt
* http://newwebsite.pn-buntok.go.id/read.txt
* http://www.jdih.pn-langsa.go.id/read.txt

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-4534-1 Wed, 23 Sep 2020 14:58:03 GMT
  Ubuntu Security Notice 4534-1 - It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
• Red Hat Security Advisory 2020-3809-01 Wed, 23 Sep 2020 14:57:57 GMT
  Red Hat Security Advisory 2020-3809-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Red Hat Security Advisory 2020-3808-01 Wed, 23 Sep 2020 14:57:49 GMT
  Red Hat Security Advisory 2020-3808-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.
• Red Hat Security Advisory 2020-3817-01 Wed, 23 Sep 2020 14:57:38 GMT
  Red Hat Security Advisory 2020-3817-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a denial of service vulnerability.
• Ubuntu Security Notice USN-4533-1 Wed, 23 Sep 2020 14:57:31 GMT
  Ubuntu Security Notice 4533-1 - Veeti Veteläinen discovered that the LTSP Display Manager incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges.
• Ubuntu Security Notice USN-4532-1 Wed, 23 Sep 2020 14:57:25 GMT
  Ubuntu Security Notice 4532-1 - It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header that lacks a colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. Various other issues were also addressed.
• Framer Preview 12 Content Injection Tue, 22 Sep 2020 18:32:17 GMT
  Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the activity nor does it validate the given URL.
• Ubuntu Security Notice USN-4530-1 Tue, 22 Sep 2020 18:23:04 GMT
  Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
• Red Hat Security Advisory 2020-3810-01 Tue, 22 Sep 2020 18:22:59 GMT
  Red Hat Security Advisory 2020-3810-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
• Ubuntu Security Notice USN-4531-1 Tue, 22 Sep 2020 18:22:53 GMT
  Ubuntu Security Notice 4531-1 - It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications.
• Ubuntu Security Notice USN-4529-1 Tue, 22 Sep 2020 18:22:16 GMT
  Ubuntu Security Notice 4529-1 - It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. Various other issues were also addressed.
• Ubuntu Security Notice USN-4528-1 Tue, 22 Sep 2020 18:22:09 GMT
  Ubuntu Security Notice 4528-1 - Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to perform an HTTP header injection attack. Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
• Red Hat Security Advisory 2020-3803-01 Tue, 22 Sep 2020 18:22:03 GMT
  Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
• Red Hat Security Advisory 2020-3804-01 Tue, 22 Sep 2020 18:21:57 GMT
  Red Hat Security Advisory 2020-3804-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2020-3783-01 Tue, 22 Sep 2020 18:21:47 GMT
  Red Hat Security Advisory 2020-3783-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling.
• Ubuntu Security Notice USN-4526-1 Tue, 22 Sep 2020 18:21:40 GMT
  Ubuntu Security Notice 4526-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4527-1 Tue, 22 Sep 2020 18:21:34 GMT
  Ubuntu Security Notice 4527-1 - It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4525-1 Tue, 22 Sep 2020 18:21:25 GMT
  Ubuntu Security Notice 4525-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4524-1 Mon, 21 Sep 2020 23:43:35 GMT
  Ubuntu Security Notice 4524-1 - Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service.
• Ubuntu Security Notice USN-4523-1 Mon, 21 Sep 2020 23:43:30 GMT
  Ubuntu Security Notice 4523-1 - It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack.
• Red Hat Security Advisory 2020-3780-01 Mon, 21 Sep 2020 21:51:59 GMT
  Red Hat Security Advisory 2020-3780-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Ubuntu Security Notice USN-4522-1 Mon, 21 Sep 2020 21:51:53 GMT
  Ubuntu Security Notice 4522-1 - It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting attacks.
• Ubuntu Security Notice USN-4521-1 Mon, 21 Sep 2020 17:05:14 GMT
  Ubuntu Security Notice 4521-1 - It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information.
• Ubuntu Security Notice USN-4520-1 Mon, 21 Sep 2020 14:53:59 GMT
  Ubuntu Security Notice 4520-1 - It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code.
• Apple Security Advisory 2020-09-16-5 Fri, 18 Sep 2020 19:11:15 GMT
  Apple Security Advisory 2020-09-16-5 - Xcode 12.0 is now available and addresses a code execution vulnerability.