News

• Ransomware Takes Down Network Of French IT Giant
• Russian Hackers Infiltrated Government Networks
• FDA Vuln Grading System Proves All Risk Not Created Equal
• Nvidia Tackles Code Execution, Data Leaks In GeForce Experience
• German Bundeswehr Starts Own Responsible Disclosure Program
• US Says Iran Behind Threatening Proud Boys Emails
• Oracle Kills 402 Bugs In Massive October Patch Update
• Cisco Warns Of Severe DoS Flaws In FTD / ASA Software
• EU Sanctions Russia Over 2015 German Parliament Hack
• Adobe Release Another Out-Of-Band Patch, Squashing Bugs Across Creative
• Cybersecurity And A Potential Biden White House
• Google Patches Actively-Exploited Zero-Day Bug In Chrome Browser
• Adblockers Installed 300,000 Times Are Found To Be Malicious
• NSA Publishes List Of Vulns Targeted By Chinese Hackers
• FCC Trying To Help Trump Win Election With Twitter Crackdown
• Mysterious Robin Hood Hackers Donating Stolen Money
• Russian Hackers Targeted Tokyo Olympics, UK Says
• New Malware Uses Remote Overlay Attacks To Hijack Your Bank Account
• Fancy Bear Imposters Are On A Hacking Extortion Spree
• Microsoft Is The Most Imitated Brand For Phishing
• Hackers Smell Blood As Schools Grapple With Virtual Instruction
• Twitter Softens Policy On Hacking Over NY Post Story
• TikTok Launches Bug Bounty Program Amid Security Snafus
• British Airways Fined $26 Million Over Data Breach
• Adobe Patches Magento Code Execution, Customer Tampering Bugs

• September 2020 Top 10 Malware Tue, 20 Oct 2020 12:00:57 +0000
  

  In September 2020, we had 3 malware return to the Top 10: CoinMiner, CryptoWall, and Emotet. The Top 10 Malware variants composed 87% of Total Malware activity in September 2020, up from 78% in August 2020. This increase is largely due to the recent Shlayer campaign ramping up, as the education year begins for universities […]

  The post September 2020 Top 10 Malware appeared first on CIS.

Looking Glass Cyber

• LookingGlass Expands Executive Team Leading Company’s Vision of Next-Generation Cybersecurity Products
• Cyveillance business unit acquired by ZeroFOX in groundbreaking partnership
• LookingGlass Cyber Solutions Announces Engagement with Defense Innovation Unit
• Need a (SMB)Ghost Buster? How CloudShield Eclipse Handles SMB Exploits
• Making Cybersecurity Policy Work For You: Tunable Security Mitigation At Attack Speed
• Elevating Security Orchestration with CACAO
• LookingGlass Cyber Solutions Announces Plans to Relaunch the Cyveillance Brand
• Social Engineering – Ever Present, Often Overlooked
• Quarterly Threat Landscape Review for Q1 2020
• Deepfakes Keep Getting Better – Are We Ready for Them?

Malware Patrol

• InfoSec Articles (10/03/20 – 10/17/20)
• InfoSec Articles (09/18/20 – 10/02/20)

SecList

• On the trail of the XMRig miner
  As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig.

securingtomorrow.mcafee.com

Quick Heal

• Quick Heal Supports Windows 10 October 2020 Update
• Want to stay safe and anonymous on the Internet? Consider using a VPN
• The Evergreen Make Utility: A cost-effective way of deployments on Cloud
• Answer these questions to find out how safe your social media profiles are
• Emotet Trojan is back as the world unlocks
• How social media is used to commit financial fraud
• The Biggest Cyberattacks of 2020…so far
• If your smartphone is your life, here’s how you can keep it safe
• Your guide to new-age cybersecurity terms
• Parental Control – Here’s how you can regulate your child’s computer habits

Threat Post

• U.S. Levies Sanctions Against Russian Research Institution Linked to Triton Malware
• IoT Device Takeovers Surge 100 Percent in 2020
• Louisiana Calls Out National Guard to Fight Ransomware Surge
• Election Security: Beyond Mail-In Voting
• Georgia Election Data Hit in Ransomware Attack
• COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach
• Nvidia Warns Gamers of Severe GeForce Experience Flaws
• Ransomware Takes Down Network of French IT Giant
• Researcher: I Hacked Trump’s Twitter by Guessing Password
• Facebook, News and XSS Underpin Complex Browser Locker Attack

Naked Security

• S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast]
• Time for a mobile privacy reset?
• Chrome zero-day in the wild – patch now!
• Russian “government hackers” charged with cybercrimes by the US
• Naked Security Live – Ping of Death: are you at risk?
• S3 Ep2: Creepy smartwatches, botnets and Pings of Death [Podcast]
• US Department of Justice reignites the Battle to Break Encryption
• Windows “Ping of Death” bug revealed – patch now!
• Creepy covert camera “feature” found in popular smartwatch for kids
• Microsoft on the counter­attack! Trickbot malware network takes a hit

Security Affairs

• Is the Abaddon RAT the first malware using Discord as C&C?
• HPE addresses critical auth bypass issue in SSMC console
• Security Affairs newsletter Round 286
• New Emotet attacks use a new template urging recipients to upgrade Microsoft Word
• Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users
• Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware
• US Treasury imposes sanctions on a Russian research institute behind Triton malware
• Sopra Steria hit by the Ryuk ransomware gang
• Iran-Linked Seedworm APT target orgs in the Middle East
• FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Awareness Tips of the week

• Reporting an Incident
• Forwarding Emails
• Messaging / Smishing Attacks
• Recording Conference Calls
• Never Respond to Emails Asking for Personal Information

Exploits

• BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery
• Bludit 3.9.2 Bruteforce Mitigation Bypass
• Tiki Wiki CMS Groupware 21.1 Authentication Bypass
• Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery
• GOautodial 4.0 Shell Upload
• School Faculty Scheduling System 1.0 SQL Injection
• School Faculty Scheduling System 1.0 Cross Site Scripting
• Hrsale 2.0.0 Local File Inclusion
• Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
• WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting
• WordPress Rest Google Maps SQL Injection
• Linux / Unix su Privilege Escalation
• Visitor Management System In PHP 1.0 SQL Injection
• User Registration And Login And User Management System 2.1 Cross Site Scripting
• WordPress HS Brand Logo Slider 2.1 Shell Upload
• Ultimate Project Manager CRM PRO 2.05 SQL Injection
• Apache Struts 2 Remote Code Execution
• WordPress SuperStoreFinder 6.1 CSRF / Shell Upload
• Rite CMS 2.2.1 Remote Code Execution
• Loan Management System 1.0 Cross Site Scripting
• Textpattern CMS 4.6.2 Cross Site Request Forgery
• Comtrend AR-5387un Cross Site Scripting
• Typesetter CMS 5.1 Remote Code Execution
• Hostel Management System 2.1 Cross Site Scripting
• Microsoft SharePoint SSI / ViewState Remote Code Execution

• [webapps] TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
• [webapps] Bludit 3.9.2 - Auth Bruteforce Bypass
• [webapps] Gym Management System 1.0 - Stored Cross Site Scripting
• [webapps] Gym Management System 1.0 - Authentication Bypass
• [webapps] School Faculty Scheduling System 1.0 - 'username' SQL Injection
• [webapps] School Faculty Scheduling System 1.0 - 'id' SQL Injection
• [webapps] Point of Sales 1.0 - 'username' SQL Injection
• [webapps] Gym Management System 1.0 - 'id' SQL Injection
• [webapps] Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
• [webapps] Lot Reservation Management System 1.0 - Authentication Bypass
• [webapps] Point of Sales 1.0 - 'id' SQL Injection
• [webapps] User Registration & Login and User Management System 2.1 - SQL Injection
• [webapps] Car Rental Management System 1.0 - Arbitrary File Upload
• [webapps] Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
• [webapps] Ajenti 2.1.36 - Remote Code Execution (Authenticated)
• [webapps] Online Library Management System 1.0 - Arbitrary File Upload
• [webapps] Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
• [webapps] Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting
• [webapps] Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting
• [webapps] Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting
• [webapps] GOautodial 4.0 - Authenticated Shell Upload
• [webapps] School Faculty Scheduling System 1.0 - Authentication Bypass POC
• [webapps] School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC
• [webapps] Hrsale 2.0.0 - Local File Inclusion
• [webapps] WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
• [webapps] WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
• [webapps] Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
• [webapps] Mobile Shop System v1.0 - SQL Injection Authentication Bypass
• [webapps] RiteCMS 2.2.1 - Remote Code Execution (Authenticated)
• [webapps] User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
• [webapps] WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload
• [webapps] Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)
• [webapps] Visitor Management System in PHP 1.0 - SQL Injection (Authenticated)
• [webapps] Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
• [webapps] Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
• [webapps] Comtrend AR-5387un router - Persistent XSS (Authenticated)
• [webapps] Textpattern CMS 4.6.2 - Cross-site Request Forgery
• [webapps] Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)
• [webapps] Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
• [webapps] Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
• [webapps] HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
• [webapps] HiSilicon Video Encoders - Full admin access via backdoor password
• [webapps] HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
• [webapps] HiSilicon Video Encoders - RCE via unauthenticated command injection
• [webapps] HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
• [webapps] Online Job Portal 1.0 - Cross Site Scripting (Stored)

Last 20 Website Defacements - Zone-h

• http://sipp.pn-kasongan.go.id
• https://srangnoktha.go.th/indonesia.php
• https://ptrws.go.th/indonesia.php
• https://tambonyom.go.th/indonesia.php
• https://sksm.go.th/indonesia.php
• https://thungnalao.go.th/indonesia.php
• https://pangku.go.th/indonesia.php
• https://nontan-npm.go.th/indonesia.php
• https://kongphon.go.th/indonesia.php
• https://jiktueng.go.th/indonesia.php
• https://nadi-suwan.go.th/indonesia.php
• https://kokglang.go.th/indonesia.php
• https://sopprap.go.th/indonesia.php
• https://kutchim.go.th/indonesia.php
• https://saphlee.go.th/indonesia.php
• https://kusuman.go.th/indonesia.php
• https://huayrai-lomsak.go.th/indonesia.php
• https://numjuednoi.go.th/indonesia.php
• https://muangna.go.th/indonesia.php
• https://jaothong.go.th/indonesia.php

Advisories

Symantec Packet Stoem Security

• Ubuntu Security Notice USN-4599-1 Fri, 23 Oct 2020 13:11:09 GMT
  Ubuntu Security Notice 4599-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.
• Gentoo Linux Security Advisory 202010-07 Fri, 23 Oct 2020 13:11:03 GMT
  Gentoo Linux Security Advisory 202010-7 - A buffer overflow in FreeType might allow remote attacker(s) to execute arbitrary code. Versions less than 2.10.3-r1 are affected.
• Ubuntu Security Notice USN-4601-1 Thu, 22 Oct 2020 23:56:16 GMT
  Ubuntu Security Notice 4601-1 - It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack.
• Red Hat Security Advisory 2020-4317-01 Thu, 22 Oct 2020 23:56:11 GMT
  Red Hat Security Advisory 2020-4317-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4316-01 Thu, 22 Oct 2020 23:56:03 GMT
  Red Hat Security Advisory 2020-4316-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Ubuntu Security Notice USN-4600-1 Thu, 22 Oct 2020 23:55:57 GMT
  Ubuntu Security Notice 4600-1 - It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information.
• Red Hat Security Advisory 2020-4315-01 Thu, 22 Oct 2020 23:55:51 GMT
  Red Hat Security Advisory 2020-4315-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4310-01 Thu, 22 Oct 2020 23:55:44 GMT
  Red Hat Security Advisory 2020-4310-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4312-01 Thu, 22 Oct 2020 17:19:48 GMT
  Red Hat Security Advisory 2020-4312-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include an XML injection vulnerability.
• Red Hat Security Advisory 2020-4311-01 Thu, 22 Oct 2020 17:19:42 GMT
  Red Hat Security Advisory 2020-4311-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2020-4307-01 Thu, 22 Oct 2020 17:19:35 GMT
  Red Hat Security Advisory 2020-4307-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Ubuntu Security Notice USN-4598-1 Thu, 22 Oct 2020 17:19:28 GMT
  Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
• Ubuntu Security Notice USN-4597-1 Thu, 22 Oct 2020 17:18:38 GMT
  Ubuntu Security Notice 4597-1 - Fran
• Red Hat Security Advisory 2020-4304-01 Thu, 22 Oct 2020 17:18:18 GMT
  Red Hat Security Advisory 2020-4304-01 - RHACM 2.0.4 images Red Hat Advanced Cluster Management provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2020-4305-01 Thu, 22 Oct 2020 17:17:28 GMT
  Red Hat Security Advisory 2020-4305-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Red Hat Security Advisory 2020-4306-01 Thu, 22 Oct 2020 17:17:18 GMT
  Red Hat Security Advisory 2020-4306-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
• Red Hat Security Advisory 2020-4223-01 Thu, 22 Oct 2020 17:17:11 GMT
  Red Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
• Ubuntu Security Notice USN-4588-1 Wed, 21 Oct 2020 21:38:19 GMT
  Ubuntu Security Notice 4588-1 - It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.
• Ubuntu Security Notice USN-4586-1 Wed, 21 Oct 2020 21:38:14 GMT
  Ubuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.
• Ubuntu Security Notice USN-4587-1 Wed, 21 Oct 2020 21:38:07 GMT
  Ubuntu Security Notice 4587-1 - Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4596-1 Wed, 21 Oct 2020 15:52:39 GMT
  Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
• Red Hat Security Advisory 2020-4295-01 Wed, 21 Oct 2020 15:52:31 GMT
  Red Hat Security Advisory 2020-4295-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
• Red Hat Security Advisory 2020-4264-01 Wed, 21 Oct 2020 15:40:32 GMT
  Red Hat Security Advisory 2020-4264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Ubuntu Security Notice USN-4595-1 Wed, 21 Oct 2020 15:40:07 GMT
  Ubuntu Security Notice 4595-1 - It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code.
• Ubuntu Security Notice USN-4594-1 Wed, 21 Oct 2020 15:38:42 GMT
  Ubuntu Security Notice 4594-1 - It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service.