The Life of a Bad Security Fix
(Saturday January 25, 2020)
In this blog we follow the journey of another bad security fix that passed repeated apparent review and was backported to several LTS kernels.
Weekly Update 175
(Saturday January 25, 2020)
. I've had heaps of dramas in the past with recordings being lost and
the first time I do a 3-person weekly update only 2 of them recorded
(mine being the exception). I
No big deal, Rogers, your internal source code and keys are only on the open web. Don't hurry to take it down
(Saturday January 25, 2020)
Everything you should know about the CurveBall Bug
(Saturday January 25, 2020)
I discovered a small bug in a local elementary school web application which reveals confidential PDFs. How should I proceed? More in details
(Saturday January 25, 2020)
Technical Report of the Bezos Phone Hack
(Friday January 24, 2020)
New Social Engineering Event to Train Business Pros on Human Hacking
(Friday January 24, 2020)
ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates
(Friday January 24, 2020)
'CardPlanet' Operator Pleads Guilty in Federal Court
(Friday January 24, 2020)
Russian national faced multiple charges in connection with operating
the marketplace for stolen credit-card credentials, and a forum for
VIP criminals to offer their services.
New York wants to ban paying ransomware demands
(Friday January 24, 2020)
Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
(Friday January 24, 2020)
VirusTotal is not an Incident Responder
(Friday January 24, 2020)
Tool Release - Enumerating Docker Registries with go-pillage-registries
(Friday January 24, 2020)
Containerization solutions are becoming increasingly common throughout the industry due to their vast applications in logically separating and packaging processes to run consistently across environments. Docker represents these processes as images by packaging a base filesystem and initialization instructions for the runtime environment. Developers can use common base images and instruct Docker to execute a…
7 Steps to IoT Security in 2020
(Friday January 24, 2020)
New Bill Proposes NSA Surveillance Reforms
(Friday January 24, 2020)
TestSSL 3.0
(Friday January 24, 2020)
Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards
(Friday January 24, 2020)
Debian Security Advisory 4609-1
(Friday January 24, 2020)
OLK Web Store 2020 Cross Site Request Forgery
(Friday January 24, 2020)
OLK Web Store 2020 suffers from a cross site request forgery
vulnerability.
WebKitGTK+ / WPE WebKit Code Execution
(Friday January 24, 2020)
WebKitGTK+ and WPE WebKit suffer from multiple memory handling
vulnerabilities that can result in arbitrary code execution. Versions
affected include WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3.
Webtareas 2.0 SQL Injection
(Friday January 24, 2020)
TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot
(Friday January 24, 2020)
TP-Link TP-SG105E version 1.0.0 suffers from an unauthenticated remote
reboot vulnerability.
Genexis Platinum-4410 2.1 Authentication Bypass
(Friday January 24, 2020)
Genexis Platinum-4410 version 2.1 suffers from an authentication
bypass vulnerability.
Does Your Domain Have a Registry Lock?
(Friday January 24, 2020)
If you're running a business online, few things can be as disruptive
or destructive to your brand as someone stealing your company's domain
name and doing whatever they wish with it. Even so, most major Web
site owners aren't taking full advantage of the security tools
available to protect their domains from being hijacked. Here's the
story of one recent victim who was doing almost everything possible to
avoid such a situation and still had a key domain stolen by scammers.
Google finds privacy holes in Safari’s ITP anti-tracking system
(Friday January 24, 2020)
We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw
(Friday January 24, 2020)
Want your photo removed from our facial recognition database? Just send us your photo and government-issued ID…
(Friday January 24, 2020)
5 Resume Basics for a Budding Cybersecurity Career
(Friday January 24, 2020)
You'll need to add resume tactician to your skill set in order to
climb up the next rung on the security job ladder. Here's how.
Another WordPress site management plugin (wpCentral) is vulnerable to authentication issues.
(Friday January 24, 2020)
Online Employment Scams on the Rise, Says FBI
(Friday January 24, 2020)
Looking to change jobs? Watch out for fraudsters who use legitimate
job services, slick websites, and an interview process to convince
applicants to part with sensitive personal details.
Fake Smart Factory Honeypot Highlights New Attack Threats
(Friday January 24, 2020)
The honeypot demonstrates the various security concerns plaguing
vulnerable industrial control systems.
BrandPost: Integrating Smart Systems: From Connected Cars to Security
(Friday January 24, 2020)
There is probably no better example of the potential for digital
innovation, and the challenges we will need to overcome to get there,
than the .
Over the past several years, cars have become increasingly
sophisticated. Safety systems include back-up cameras and alarms, side
traffic indicators, lane deviation warnings and correction, and
automatic all-wheel drive based on real-time assessments of road
conditions. The list goes on, including automatic tire pressure
gauges, GPS navigation, radar-enhanced cruise control, and even
assisted parking and driving. The potential of fully...
Security In 5: Episode 666 - Tools, Tips and Tricks - WizTree
(Friday January 24, 2020)
This week's tools, tips and tricks talks about a lightweight, fast storage analyzer called WizTree. Be aware, be safe. Become A Patron! *** Support the podcast with a cup of coffee *** - —————— Where you can find Security In Five —————— - , , , , , Email -
Sonos backtracks (a little) over its software updates fustercluck
(Friday January 24, 2020)
The maker of wireless home sound systems got itself into hot water
after it announced that if you had a mixture of new and old Sonos
hardware in your home then *none* of it would be receiving software
updates after May.
Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now
(Friday January 24, 2020)
Someone at LastPass must be feeling 5!ck as a p4rr0t right now, after
human error meant that its browser extension was accidentally deleted
from the Chrome web store.
Although an embarrassing goof, it’s something of a storm in a teacup
security-wise.
Protestors petition equity firm over .org buyout
(Friday January 24, 2020)
The street outside ICANN's offices in Playa Vista, California, is
likely a little more crowded than normal.
9th Methbot suspect arrested in massive clickfraud ring
(Friday January 24, 2020)
Over 3 Million Buchbinder Car Renter Customers Information Exposed
(Friday January 24, 2020)
U.S. Government Agency have been Hit with New Malware Dropper
(Friday January 24, 2020)
A new malware called CARROTBALL, used as a second-stage payload in
targeted attacks, was distributed in phishing email attachments
delivered to a U.S. government agency and non-US foreign nationals
professionally affiliated with current activities in North Korea.
Source: Bleeping Computer
The post U.S. Government Agency have been Hit with New Malware Dropper
[https://www.itsecurityguru.org/2020/01/24/u-s-government-agency-have-been-hit-with-new-malware-dropper/]
appeared first on IT Security Guru [https://www.itsecurityguru.org].
250M customer support records exposed by Microsoft database misconfiguration
(Friday January 24, 2020)
Malaysia site blocked under online falsehoods law by Singapore orders
(Friday January 24, 2020)
Operated by Lawyers for Liberty, the website appears to have been
blocked in Singapore following an order issued after the human rights
group failed to comply with a previous correction directive. The group
has sued the Singapore government over the order. Source: ZD Net
The post Malaysia site blocked under online falsehoods law by
Singapore orders
[https://www.itsecurityguru.org/2020/01/24/malaysia-site-blocked-under-online-falsehoods-law-by-singapore-orders/]
appeared first on IT Security Guru [https://www.itsecurityguru.org].
Privacy watchdog throws wider net to protect children online
(Friday January 24, 2020)
A new, comprehensive code will compel online services to put
children's health and safety before data-collecting profits.
Mac users are getting bombarded by laughably unsophisticated malware
(Friday January 24, 2020)
For malware so trite and crude, Shlayer is surprisingly prolific.
A collection of UNIX hacking tips & tricks curated by THC
(Friday January 24, 2020)
Jeff Bezos phone hack shows hackers are winning in the 'arms race' between governments and tech firms according to a cybersecurity expert
(Friday January 24, 2020)
Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack
(Friday January 24, 2020)
Created a simple credential finder -- currently uses github, but will add more things like bitbucket, gitlab maybe even google dorks too
(Friday January 24, 2020)
Find leaked credentials on Github. Contribute to filtration/pullit development by creating an account on GitHub.
Red Hat Security Advisory 2020-0222-01
(Friday January 24, 2020)
Red Hat Security Advisory 2020-0222-01 - The Ghostscript suite
contains utilities for rendering PostScript and PDF documents.
Ghostscript translates PostScript code to common bitmap formats so
that the code can be displayed or printed.
PoC (DoS) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE
(Thursday January 23, 2020)
PoC (DoS + scanner) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE - ollypwn/BlueGate
Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus | ZDNet
(Thursday January 23, 2020)
The Annoying MacOS Threat That Won't Go Away
(Thursday January 23, 2020)
Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes
(Thursday January 23, 2020)
DHS Warns of Increasing Emotet Risk
(Thursday January 23, 2020)
NSA Offers Guidance on Mitigating Cloud Flaws
(Thursday January 23, 2020)
Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices
(Thursday January 23, 2020)
Ubuntu Security Notice USN-4230-2
(Thursday January 23, 2020)
Ubuntu Security Notice 4230-2 - USN-4230-1 fixed a vulnerability in
ClamAV. This update provides the corresponding update for Ubuntu 12.04
ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly
handled certain MIME messages. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service.
Various other issues were also addressed.
Ubuntu Security Notice USN-4233-2
(Thursday January 23, 2020)
Ubuntu Security Notice 4233-2 - USN-4233-1 disabled SHA1 being used
for digital signature operations in GnuTLS. In certain network
environments, certificates using SHA1 may still be in use. This update
adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1
priority strings that can be used to temporarily re-enable SHA1 until
certificates can be replaced with a stronger algorithm. Various other
issues were also addressed.
Red Hat Security Advisory 2020-0215-01
(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0215-01 - Ansible is a simple
model-driven configuration management, multi-node deployment, and
remote-task execution system. Ansible works over SSH and does not
require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred
to managed machines automatically.
Red Hat Security Advisory 2020-0218-01
(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0218-01 - Ansible is a simple
model-driven configuration management, multi-node deployment, and
remote-task execution system. Ansible works over SSH and does not
require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred
to managed machines automatically.
Red Hat Security Advisory 2020-0216-01
(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0216-01 - Ansible is a simple
model-driven configuration management, multi-node deployment, and
remote-task execution system. Ansible works over SSH and does not
require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred
to managed machines automatically.
Red Hat Security Advisory 2020-0217-01
(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0217-01 - Ansible is a simple
model-driven configuration management, multi-node deployment, and
remote-task execution system. Ansible works over SSH and does not
require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred
to managed machines automatically.
Ubuntu Security Notice USN-4247-3
(Thursday January 23, 2020)
Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several
vulnerabilities in python-apt. This update provides the corresponding
updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered
that python-apt would still use MD5 hashes to validate certain
downloaded packages. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to
install altered packages. Various other issues were also addressed.
U.S. Gov Agency Targeted With Malware-Laced Emails
(Thursday January 23, 2020)
The malicious email campaign included a never-before-seen malware
downloader called Carrotball, and may be linked to the Konni Group
APT.
Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
(Thursday January 23, 2020)
The malware uses thousands of partner websites to spread malvertising
code.
Deconstructing Web Cache Deception Attacks: They're Bad; Now What?
(Thursday January 23, 2020)
Expect cache attacks to get worse before they get better. The problem
is that we don't yet have a good solution.
Severe Vulnerabilities Discovered in GE Medical Devices
(Thursday January 23, 2020)
CISA has released an advisory for six high-severity CVEs for GE
Carescape patient monitors, Apex Pro, and Clinical Information Center
systems.
Insecure configurations expose GE Healthcare devices to attacks
(Thursday January 23, 2020)
Researchers have found insecure configurations of the remote access
and administration features present in several patient monitoring
devices and servers made by GE Healthcare that are used in clinics and
hospitals around the world. The identified issues involve the use of
shared hard-coded credentials or no credentials at all for remote
management features, as well as the use of outdated applications with
known vulnerabilities.
[ Learn . ]
These types of issues have plagued embedded devices for many years and
are the result of old product design practices that focused more on
usability and...
Anatomy of a Facebook-Hosted Phishing Attack
(Thursday January 23, 2020)
Securing Bare Metal with Service Mesh
(Thursday January 23, 2020)
A step-by-step guide on how to use HashiCorp Consul to create a service mesh and secure data in motion between physical hosts and services.
Creating a world-class communications organization (and having fun along the way!)
(Thursday January 23, 2020)
Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure
(Thursday January 23, 2020)
Microsoft and Zscaler help organizations implement the Zero Trust model
(Thursday January 23, 2020)
How to use OODA in #DFIR Series: Post 2 - Observe
(Thursday January 23, 2020)
In this post on applying OODA to the incident response process, you'll learn from expert Brian Carrier how to approach phase one: observe.
Falco 0.19.0
(Thursday January 23, 2020)
Sysdig falco is a behavioral activity monitoring agent that is open
source and comes with native support for containers. Falco lets you
define highly granular rules to check for activities involving file
and network activity, process execution, IPC, and much more, using a
flexible syntax. Falco will notify you when these rules are violated.
You can think about falco as a mix between snort, ossec and strace.
Ransomware: The average ransom payment has doubled in just three months
(Thursday January 23, 2020)
VirusTotal is not an Incident Responder - a tool that aids in analysis should not be a “one-stop-shop” in determining if content is malicious. Attackers can easily manipulate these results.
(Thursday January 23, 2020)
qdPM 9.1 Remote Code Execution
(Thursday January 23, 2020)
qdPM version 9.1 suffers from a remote code execution vulnerability.
Cisco Warns of Critical Network Security Tool Flaw
(Thursday January 23, 2020)
The critical flaw exists in Cisco's administrative management tool,
used with network security solutions like firewalls.
Traffic jams could be worse than normal, because of the Shitrix vulnerability
(Thursday January 23, 2020)
Your trip into work today might be delayed by slippery roads, dense
fog, and a Citrix vulnerability.
Umbraco CMS 8.2.2 Cross Site Request Forgery
(Thursday January 23, 2020)
Umbraco CMS version 8.2.2 suffers from cross site request forgery
vulnerabilities.
Red Hat Security Advisory 2020-0214-01
(Thursday January 23, 2020)
Red Hat Security Advisory 2020-0214-01 - Chromium is an open-source
web browser, powered by WebKit. This update upgrades Chromium to
version 79.0.3945.130. Issues addressed include a use-after-free
vulnerability.
Ubuntu Security Notice USN-4249-1
(Thursday January 23, 2020)
Ubuntu Security Notice 4249-1 - It was discovered that e2fsprogs
incorrectly handled certain ext4 partitions. An attacker could
possibly use this issue to execute arbitrary code.
Ubuntu Security Notice USN-4247-2
(Thursday January 23, 2020)
Ubuntu Security Notice 4247-2 - USN-4247-1 fixed vulnerabilities in
python-apt. The updated packages caused a regression when attempting
to upgrade to a new Ubuntu release. This update fixes the problem. It
was discovered that python-apt would still use MD5 hashes to validate
certain downloaded packages. If a remote attacker were able to perform
a man-in-the-middle attack, this flaw could potentially be used to
install altered packages. It was discovered that python-apt could
install packages from untrusted repositories, contrary to
expectations. Various other issues were also addressed.
Weathering the Privacy Storm from GDPR to CCPA & PDPA
(Thursday January 23, 2020)
A general approach to privacy, no matter the regulation, is the only
way companies can avoid a data protection disaster in 2020 and beyond.
Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says
(Thursday January 23, 2020)
Cryptomining Malware Vivin Uses Pirated Software as Attack Vector
(Thursday January 23, 2020)
Vivin, a cryptomining malware that likes munching on Monero, is one of
the many examples of such software roaming the dark corners of the
Internet. Security researchers have been tracking it for the last
couple of years, and it shows no sign of slowing down. Cryptomining
took a bit of a tumble as the cryptocurrency […]Pachev FTP Server 1.0 Path Traversal
(Thursday January 23, 2020)
Pachev FTP Server version 1.0 suffers from a path traversal
vulnerability.
Five Microsoft Elasticsearch Servers with Private Data for 250 Million People Found Unsecured Online
(Thursday January 23, 2020)
Security researchers found a total of 250 million Microsoft customer
records spread on five unsecured servers that could have been accessed
by anyone using just a web browser. Microsoft has since secured the
servers. Unsecured Elasticsearch servers seem to be all the rage, as
various companies leave them unsecured and accessible from the
Internet. While […]