News

• Ten-Year Hacktivisit Fugitive Commander X Arrested In Mexico
• Sideloading Apps Would Destroy iOS Security And Privacy
• Why Cyber Gangs Won't Worry About US-Russia Talks
• Millions Of Connected Cameras Open To Eavesdropping
• Digital Ad Industry Accused Of Huge Data Breach
• Peloton Bike+ Was Vulnerable To Remote Hacking, Researchers Find
• Police Bust Major Ransomware Gang Cl0p
• Nasty Linux systemd Root Level Security Bug Revealed And Patched
• Facebook Awards $30,000 Bounty For Exploit Exposing Private Instagram Content
• Digital Artists Targeted In RedLine Infostealer Campaign
• Utilities Concerningly At Risk From Active Exploits
• Apple Hurries Patches For Safari Bugs Under Active Attack
• Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched
• TimeCache Aims To Block Side-Channel Cache Attacks
• Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers
• WhatsApp Boss Decries Attacks On Encryption As Orwellian
• Irish Police To Be Given Powers Over Passwords
• Russia Told To Tackle Cyber Criminals Operating From Within
• How Hackers Used Slack To Break Into EA Games
• STEM Audio Table Rife With Business Threatening Bugs
• McDonald's Operations In South Korea And Taiwan Hit By Data Breach
• US Retailer Carter Leaks PII With URL Shortener
• Hackers Force Iowa College To Cancel Classes For Four Days
• Cops Are Using Facebook To Target Pipeline Protest Leaders
• Intel Plugs 29 Holes In CPUs, Bluetooth, Security

• What You Need to Know About Hybrid Cloud Environments Thu, 17 Jun 2021 15:32:06 +0000
  

  What does your cloud configuration look like? In many organizations, moving workloads to the cloud creates a more elastic technology infrastructure. That’s why hybrid cloud environments are a popular solution. A hybrid cloud computing environment requires orchestration between two types of platforms: On-premises, private cloud: Computing services offered to select users over the internet or […]

  The post What You Need to Know About Hybrid Cloud Environments appeared first on CIS.

Looking Glass Cyber

Malware Patrol

• Three Types of Cyber Threat Intelligence
• InfoSec Articles (05/24/21 – 06/07/21)

SecList

• Black Kingdom ransomware
  Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065).

securingtomorrow.mcafee.com

• Testing to Ensure Your Security Posture Never Slouches
• Father’s Day Gift Ideas: Protecting the Tech You Give to Dad
• The Rise of the Dark Web Gig Economy
• Why Security is Now the Foundation of Good Customer Experience
• A New Program for Your Peloton – Whether You Like It or Not
• Is Your Peloton Spinning Up Malware?
• McAfee Named a 2021 Gartner Peer Insights Customers’ Choice for SWG
• How to Prepare for Your Child’s First Smartphone
• McAfee a Leader in The Forrester Wave™ Unstructured Data Security Platforms
• Finding Success at Each Stage of Your Threat Intelligence Journey
• The Executive Order – Improving the Nation’s Cyber Security

Quick Heal

• Breaches and Incidents: Top 5 Cyber-attacks in Quarter 1 – 2021
• Google Play store applications laced with Joker malware yet again
• Cobalt Strike 2021 – Analysis of Malicious PowerShell Attack Framework
• LinkedIn Phishing Scam: Hackers target users with fake job offers
• Quick Heal announces SHA-1 deprecation for its products
• Quick Heal Supports Windows 10 May 2021 Update (Version 21H1)
• Beware of Fake Oximeter Apps: They Can Steal Your Banking Credentials
• Can I keep using WhatsApp without accepting their privacy policies?
• Ficker – An Info-Stealer Malware that tricks people to get their passwords
• Beware! Hackers target users with fake COVID-19 vaccine registration app

Threat Post

• What’s Making Your Company a Ransomware Sitting Duck
• Carnival Cruise Cyber-Torpedoed by Cyberattack
• Insider Versus Outsider: Navigating Top Data Loss Threats
• ‘Oddball’ Malware Blocks Access to Pirated Software
• Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors
• Clop Raid: A Big Win in the War on Ransomware?
• Cisco Smart Switches Riddled with Severe Security Holes
• Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes
• CVS Health Records for 1.1 Billion Customers Exposed
• Threat Actors Use Google Docs to Host Phishing Attacks

Naked Security

• Can *YOU* blow a PC speaker using only a Linux kernel driver?
• S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast]
• How to hack a bicycle – Peloton Bike+ rooting bug patched
• Clop ransomware suspects busted in Ukraine, money and motors seized
• “Face of Anonymous” suspect deported from Mexico to face US hacking charges
• ALPACA – the wacky TLS security vulnerability with a funky name
• S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast]
• Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now!
• How could the FBI recover BTC from Colonial’s ransomware payment?
• Latvian woman charged with writing malware for the Trickbot Group

Security Affairs

• This bug can permanently break iPhone WiFi connectivity
• Security Affairs newsletter Round 319
• North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI
• RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec
• Vigilante malware stops victims from visiting piracy websites
• US supermarket chain Wegmans discloses data breach
• Expert found multiple flaws in Cisco Small Business 220 series
• Cruise operator Carnival discloses a security breach
• Akamai outage was caused by an issue with its Prolexic DDoS protection service
• The return of TA402 Molerats APT after a short pause

Security Awareness Tips of the week

• Dark Web
• Use Caution Opening Email Attachments
• Phone Call Attacks
• Email and Emotions
• Ransomware

Exploits

• Windows Kerberos AppContainer Enterprise Authentication Capability Bypass
• Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
• Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution
• Dup Scout 13.5.28 Unquoted Service Path
• Trojan.Win32.Alien.erf Buffer Overflow
• Unified Office Total Connect Now 1.0 SQL Injection
• Samsung NPU npu_session_format Out-Of-Bounds Write
• VeryFitPro 3.2.8 Insecure Transit
• VX Search 13.5.28 Unquoted Service Path
• Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration
• Trojan.Win32.Alien.erf Denial Of Service
• Workspace ONE Intelligent Hub 20.3.8.0 Unquoted Service Path
• Online Shopping Portal 3.1 Shell Upload
• Email-Worm.Win32.Kipis.a Code Execution
• OpenEMR 5.0.1.3 Authentication Bypass
• Sync Breeze 13.6.18 Sync Breeze 13.6.18 Unquoted Service Path
• Disk Savvy 13.6.14 Unquoted Service Path
• Cotonti Siena 0.9.19 Cross Site Scripting
• CKEditor 3 Server-Side Request Forgery
• Teachers Record Management System 1.0 SQL Injection
• Teachers Record Management System 1.0 Cross Site Scripting
• Disk Sorter Server 13.6.12 Unquoted Service Path
• DiskPulse 13.6.14 Unquoted Service Path
• SAP Netweaver JAVA 7.50 Missing Authorization
• Client Management System 1.1 SQL Injection

• [webapps] Node.JS - 'node-serialize' Remote Code Execution (3)
• [remote] Dlink DSL2750U - 'Reboot' Command Injection
• [webapps] ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
• [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
• [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
• [webapps] Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)
• [local] Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
• [webapps] Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
• [local] VX Search 13.5.28 - 'Multiple' Unquoted Service Path
• [local] Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
• [local] Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
• [local] Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
• [webapps] Unified Office Total Connect Now 1.0 - 'data' SQL Injection
• [webapps] CKEditor 3 - Server-Side Request Forgery (SSRF)
• [webapps] Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)
• [webapps] Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authenticated)
• [webapps] OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass
• [webapps] Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
• [local] Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path
• [local] DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path
• [local] Polkit 0.105-26 0.117-2 - Local Privilege Escalation
• [local] Brother BRAgent 1.38 - 'WBA_Agent_Client' Unquoted Service Path
• [local] SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path
• [webapps] Client Management System 1.1 - 'Search' SQL Injection
• [webapps] Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)
• [local] Brother BRPrint Auditor - 'Multiple' Unquoted Service Path
• [local] Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
• [dos] Notex the best notes 6.4 - Denial of Service (PoC)
• [dos] Post-it 5.0.1 - Denial of Service (PoC)
• [dos] Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
• [local] WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
• [webapps] OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)
• [local] Spy Emergency 25.0.650 - 'Multiple' Unquoted Service Path
• [webapps] TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
• [webapps] Small CRM 3.0 - 'Authentication Bypass' SQL Injection
• [webapps] Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)
• [webapps] COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)
• [webapps] GLPI 9.4.5 - Remote Code Execution (RCE)
• [webapps] Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)
• [webapps] Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)
• [webapps] WoWonder Social Network Platform 3.1 - Authentication Bypass
• [webapps] Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)
• [webapps] Solar-Log 500 2.8.2 - Unprotected Storage of Credentials
• [webapps] Solar-Log 500 2.8.2 - Incorrect Access Control
• [webapps] Grocery crud 1.6.4 - 'order_by' SQL Injection
• [webapps] WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF

Last 20 Website Defacements - Zone-h

• https://mamujutengahkab.go.id/root.php
• https://munae.gob.gt/Ir.html
• https://ppid.sukabumikota.go.id
• http://mtsc.gov.bd/dz.txt
• http://dnprg15.dnp.go.th
• https://dishub.nttprov.go.id/yoloo.php
• https://diskominfo.nttprov.go.id/yoloo.php
• https://biropp.nttprov.go.id/yoloo.php
• http://armp.gouv.km
• https://jemberkab.go.id
• http://www.bantako.go.th
• http://ijoir.gov.iq/ijoir/public/site/images/krz/krz.gif
• http://jurnalpjf.lan.go.id/public/site/images/krz/krz.gif
• https://heritage.kemenag.go.id/public/site/images/krz/krz.gif
• https://dprexternal3.dpr.go.id/public/site/images/krz/krz.gif
• http://bpsdm.papua.go.id/journal/public/site/images/krz/krz.gif
• https://viole.gov.vn/public/ckfinder/core/connector/php/connector.phppublic/uploadsfiles/yawn.txt
• http://buolkab.go.id/oh.php
• https://padangsidimpuankota.go.id/oh.php
• http://dprd-brebeskab.go.id/o.txt

Advisories

Symantec Packet Stoem Security

• Ubuntu Security Notice USN-4991-1 Thu, 17 Jun 2021 18:34:57 GMT
  Ubuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also addressed.
• Red Hat Security Advisory 2021-2479-01 Thu, 17 Jun 2021 18:34:10 GMT
  Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.
• Ubuntu Security Notice USN-4990-1 Thu, 17 Jun 2021 18:27:31 GMT
  Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
• Red Hat Security Advisory 2021-2476-01 Thu, 17 Jun 2021 18:23:27 GMT
  Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
• Trojan.Win32.Alien.erf Directory Traversal Thu, 17 Jun 2021 18:21:19 GMT
  Trojan.Win32.Alien.erf malware suffers from a directory traversal vulnerability.
• Red Hat Security Advisory 2021-2475-01 Thu, 17 Jun 2021 18:16:15 GMT
  Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
• Red Hat Security Advisory 2021-2472-01 Thu, 17 Jun 2021 18:09:26 GMT
  Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
• Red Hat Security Advisory 2021-2469-01 Thu, 17 Jun 2021 18:09:00 GMT
  Red Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• Red Hat Security Advisory 2021-2471-01 Thu, 17 Jun 2021 18:01:23 GMT
  Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
• Red Hat Security Advisory 2021-2467-01 Thu, 17 Jun 2021 17:57:29 GMT
  Red Hat Security Advisory 2021-2467-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
• Red Hat Security Advisory 2021-2461-01 Thu, 17 Jun 2021 17:53:22 GMT
  Red Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include denial of service and integer overflow vulnerabilities.
• Ubuntu Security Notice USN-4989-2 Thu, 17 Jun 2021 17:49:44 GMT
  Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.
• Ubuntu Security Notice USN-4989-1 Thu, 17 Jun 2021 17:45:55 GMT
  Ubuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
• Red Hat Security Advisory 2021-2459-01 Thu, 17 Jun 2021 17:40:11 GMT
  Red Hat Security Advisory 2021-2459-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
• Red Hat Security Advisory 2021-2456-01 Thu, 17 Jun 2021 17:37:26 GMT
  Red Hat Security Advisory 2021-2456-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.
• Red Hat Security Advisory 2021-2445-01 Wed, 16 Jun 2021 14:24:51 GMT
  Red Hat Security Advisory 2021-2445-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Issues addressed include cross site scripting and remote shell upload vulnerabilities.
• SAP Solution Manager 7.20 Missing Authorization Tue, 15 Jun 2021 15:49:33 GMT
  Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.
• Red Hat Security Advisory 2021-2439-01 Tue, 15 Jun 2021 15:49:18 GMT
  Red Hat Security Advisory 2021-2439-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section. Issues addressed include a cross site request forgery vulnerability.
• Red Hat Security Advisory 2021-2417-01 Tue, 15 Jun 2021 15:46:42 GMT
  Red Hat Security Advisory 2021-2417-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
• SAP XMII Remote Code Execution Tue, 15 Jun 2021 15:43:56 GMT
  By abusing a code injection vulnerability in SAP MII, an authenticated user with SAP XMII developer privileges could execute code (including OS commands) on the server. Versions affected include XMII 15.1 lower than SP006 PL 000062, XMII 15.2 lower than SP003 PL 000038, XMII 15.3 lower than SP001 PL 000022, and XMII 15.4 lower than SP001 PL 000007.
• SAP Solution Manager 7.2 Missing Authorization Tue, 15 Jun 2021 15:34:47 GMT
  Any authenticated user of the SAP Solution Manager version 7.2 is able to craft, upload, and execute EEM scripts on the SMDAgents affecting its integrity, confidentiality and availability.
• SAP Solution Manager 7.2 File Disclosure / Denial Of Service Tue, 15 Jun 2021 15:32:58 GMT
  The End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager version 7.2, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive OS files and affect the availability of the EEM robots connected to the SolMan.
• SAP Wily Introscope Enterprise Default Hard-Coded Credentials Tue, 15 Jun 2021 15:23:02 GMT
  SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from having default hard-coded credentials.
• Red Hat Security Advisory 2021-2420-01 Tue, 15 Jun 2021 15:18:36 GMT
  Red Hat Security Advisory 2021-2420-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
• SAP Wily Introscope Enterprise OS Command Injection Tue, 15 Jun 2021 15:04:10 GMT
  SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.