News

• Ransomware Now To Blame For Half Of Healthcare Data Breaches
• High Severity Cisco Flaw Found In CMX Software For Retailers
• Cloud Attacks Are Bypassing MFA, Feds Warn
• After Musk Tweet, Signal And Telegram See Millions Of New Downloads
• Ring Adds End-To-End Encryption To Quell Security Uproar
• Kaspersky Lab Fingers Own Government For SolarWinds Hack
• Apple Removes Feature That Allowed Its Apps To Bypass macOS Firewalls And VPNs
• Hackers Used 4 Zero-Days To Infect Windows And Android Devices
• House Impeaches Trump For Role In Deadly Capitol Riot
• Mimecast Certificate Hacked In Microsoft Email Attack
• The Password Guess Worth $240 Million In Bitcoin
• WhatsApp Responds To Concerns Over Privacy Policy Update
• Hackers Have Leaked The COVID-19 Vaccine Data They Stole
• Twitter Suspends 70,000 Accounts Sharing QAnon Content
• Amazon And Facebook Staff Warned Of Threats To Safety
• This Android Malware Claims To Give Hackers Full Control Of Your Phone
• Parler Hacked As Attackers Claim Access To Messages, Locations, And Raw Videos
• Nissan Balances Fallout From Source Code Leak
• Ransom Hacker Locks Internet Connected Chastity Cage
• Capitol Attack's Cybersecurity Fallout: Stolen Laptops, Lost Data, And Possible Espionage
• SolarWinds Hackers Linked To Known Russian Spying Tools
• Google Chrome Browser Privacy Plan Investigated In UK
• Investigation Launched Into Vulns Found In US Judiciary Case System
• Rioters Had Physical Access To Lawmakers' Computers. How Bad Is That?
• Hackers Can Clone Google Titan 2FA Keys

• 2021 Cybersecurity Trends to Prepare For Thu, 14 Jan 2021 20:46:09 +0000
  

  While few people foresaw the dramatic developments of the past year, CIS experts interviewed in 2020 identified several cybersecurity trends that persisted or even accelerated in the midst of the COVID-19 pandemic. This year, we asked a group of CIS thought leaders what cybersecurity trends the world might expect in 2021. They foresee a continuance […]

  The post 2021 Cybersecurity Trends to Prepare For appeared first on CIS.

Looking Glass Cyber

• How A Federal Law Enforcement Agency Tackles Cyber Attribution
• Concern mounts over government cyber agency’s struggle to respond to hack fallout
• How Can the U.S. Rebuild After Shocking Series of Cyber Breaches
• SolarWinds hack: What we must do to avoid the next attack
• Washington’s Cyber Reckoning
• Executive Briefing: Mitigating Cyber Risk
• SC Media Reviews scoutPRIME, Gives High Marks
• LookingGlass Expands Executive Team Leading Company’s Vision of Next-Generation Cybersecurity Products
• Cyveillance business unit acquired by ZeroFOX in groundbreaking partnership
• LookingGlass Cyber Solutions Announces Engagement with Defense Innovation Unit

Malware Patrol

• InfoSec Articles (01/01/21 – 01/15/21)
• InfoSec Articles (12/17/20 – 12/31/20)

SecList

• Sunburst backdoor – code overlaps with Kazuar
  While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

securingtomorrow.mcafee.com

Quick Heal

• What does WhatsApp’s new privacy policy mean for you?
• You might get hacked before getting vaccinated
• E-wallets are becoming prominent targets for cyberattacks!
• Don’t let your kids’ online classes be disrupted by cyberattacks!
• Stay safe from scams disguised in New Year’s Eve!
• Leverage Parental Control to regulate the online activity of your kids
• Protect yourself from Fraudulent QR codes
• Staying safe while gaming: how to ensure your children don’t become victims of financial fraud
• Keeping kids safe in the digital world: a primer for anxious parents
• Quick Heal Total Security supports macOS Big Sur 11

Threat Post

• Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show
• Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
• Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls
• Google Boots 164 Apps from Play Marketplace for Shady Ad Practices
• Facebook: Malicious Chrome Extension Developers Scraped Profile Data
• Florida Ethics Officer Charged with Cyberstalking
• Telegram Bots at Heart of Classiscam Scam-as-a-Service
• Cloud Attacks Are Bypassing MFA, Feds Warn
• Ring Adds End-to-End Encryption to Quell Security Uproar
• TikTok Takes Teen Accounts Private

Naked Security

• Europol announces bust of “world’s biggest” dark web marketplace
• S3 Ep15: Titan keys, Mimecast certs and Solarwinds [Podcast]
• Home schooling – how to stay secure
• Naked Security Live – HTTPS: do we REALLY need it?
• Google Titan security keys hacked by French researchers
• S3 Ep14: Money scams, HTTPS by default, and hardcoded passwords [Podcast]
• Zyxel hardcoded admin password found – patch now!
• Chrome browser has a New Year’s resolution: HTTPS by default
• S3 Ep13: A chat with hacker Keren Elazari [Podcast]
• Get back into the cybersecurity groove for 2021

Security Affairs

• Signal is down for multiple users worldwide
• Expert launched Malvuln, a project to report flaws in malware
• Winnti APT continues to target game developers in Russia and abroad
• Cisco says its RV routers will no longer receive updates
• Expert discovered a DoS vulnerability in F5 BIG-IP systems
• Operation Spalax, an ongoing malware campaign targeting Colombian entities
• CAPCOM: 390,000 people impacted in the recent ransomware Attack
• Classiscam expands to Europe: Russian-speaking scammers lure Europeans to pages mimicking classifieds
• Cisco addresses a High-severity flaw in CMX Software
• CISA warns of recent successful cyberattacks against cloud service accounts

Security Awareness Tips of the week

• Scamming Your Through Social Media
• Never Respond to Emails Asking for Personal Information
• Phishing
• Digital Inheritance
• Security Technology Cannot Stop All Attacks

Exploits

• Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User
• Alumni Management System 1.0 Cross Site Scripting
• E-Learning System 1.0 SQL Injection / Shell Upload
• Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow
• EyesOfNetwork 5.3 Remote Code Execution
• Online Hotel Reservation System 1.0 Cross Site Request Forgery
• Online Hotel Reservation System 1.0 SQL Injection
• WordPress Easy Contact Form 1.1.7 Cross Site Scripting
• Online Hotel Reservation System 1.0 Cross Site Scripting
• PHP-Fusion 9.03.90 Cross Site Request Forgery
• Backdoor.Win32.Ketch.a Remote Stack Buffer Overflow
• Cisco RV110W 1.2.1.7 Denial Of Service
• Laravel 8.4.2 Remote Code Execution
• Backdoor.Win32.Ketch.i Remote Stack Buffer Overflow
• Online Shopping Cart 1.0 SQL Injection
• Nagios XI 5.7.x Remote Code Execution
• Online Movie Streaming 1.0 SQL Injection
• Online Hotel Reservation 1.0 SQL Injection
• flatCore CMS XSS / File Disclosure / SQL Injection
• Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection
• FiberHome HG6245D Disclosure / Bypass / Privilege Escalation / DoS
• Envira Gallery Lite 1.8.3.2 Cross Site Scripting
• Backdoor.Win32.Kurbadur.a Remote Stack Buffer Overflow
• Erlang Cookie Remote Code Execution
• Cloud Filter Arbitrary File Creation / Privilege Escalation

• [webapps] Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
• [webapps] E-Learning System 1.0 - Authentication Bypass & RCE POC
• [webapps] Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS
• [webapps] EyesOfNetwork 5.3 - File Upload Remote Code Execution
• [webapps] Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
• [webapps] Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
• [webapps] Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
• [webapps] Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
• [webapps] WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
• [webapps] PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)
• [webapps] Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
• [webapps] Laravel 8.4.2 debug mode - Remote code execution
• [webapps] Online Shopping Cart System 1.0 - 'id' SQL Injection
• [webapps] Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
• [webapps] Online Movie Streaming 1.0 - Admin Authentication Bypass
• [webapps] Online Hotel Reservation System 1.0 - Admin Authentication Bypass
• [remote] Erlang Cookie - Remote Code Execution
• [webapps] SmartAgent 3.1.0 - Privilege Escalation
• [webapps] Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
• [webapps] Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
• [webapps] Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
• [local] PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
• [webapps] OpenCart 3.0.36 - ATO via Cross Site Request Forgery
• [webapps] WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)
• [webapps] Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting
• [webapps] EyesOfNetwork 5.3 - LFI
• [webapps] Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
• [webapps] EyesOfNetwork 5.3 - RCE & PrivEsc
• [webapps] Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
• [webapps] WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
• [webapps] Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
• [webapps] Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
• [webapps] Online Doctor Appointment System 1.0 - Multiple Stored XSS
• [webapps] Life Insurance Management System 1.0 - Multiple Stored XSS
• [webapps] CRUD Operation 1.0 - Multiple Stored XSS
• [webapps] ECSIMAGING PACS 6.21.5 - SQL injection
• [webapps] Curfew e-Pass Management System 1.0 - Stored XSS
• [webapps] Cockpit CMS 0.6.1 - Remote Code Execution
• [webapps] Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution
• [webapps] ECSIMAGING PACS 6.21.5 - Remote code execution
• [webapps] iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
• [webapps] Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
• [local] H2 Database 1.4.199 - JNI Code Execution
• [webapps] Gitea 1.7.5 - Remote Code Execution
• [local] PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
• [webapps] Resumes Management and Job Application Website 1.0 - Multiple Stored XSS

Last 20 Website Defacements - Zone-h

• http://wangpang.go.th/z.htm
• http://phrommat.go.th/z.htm
• http://www.waengnoi.go.th/vin.txt
• http://www.nakhank.go.th/manis.htm
• http://kaongiw.go.th/vin.txt
• http://uptech.regione.marche.it/krz.html
• http://www.pa-muarabulian.go.id/V.txt
• http://aia.gov.af/pwn.htm
• http://maisnk.go.th/vin.txt
• https://www.ponsai.go.th/vin.txt
• http://perpustakaan.pamekasankab.go.id
• http://munidetejutla.gob.gt/ara.txt
• http://nongpanta.go.th/z.htm
• http://esanpt1.go.th/z.htm
• http://khdc.gov.bd/galau.htm
• http://phetchabun2.go.th/bots.txt
• http://bgr12.dgr.go.th/bots.txt
• http://bgr11.dgr.go.th/bots.txt
• http://www.banon-ngao.go.th/z.htm
• https://akademi-tni.mil.id

Advisories

Symantec Packet Stoem Security

• Ubuntu Security Notice USN-4693-1 Fri, 15 Jan 2021 15:41:53 GMT
  Ubuntu Security Notice 4693-1 - It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. It was discovered that an XSS vulnerability in Ampache. An attacker could use this vulnerability to force an admin to create a new privileged user. Various other issues were also addressed.
• Ubuntu Security Notice USN-4694-1 Fri, 15 Jan 2021 15:13:26 GMT
  Ubuntu Security Notice 4694-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
• Red Hat Security Advisory 2021-0146-01 Fri, 15 Jan 2021 15:06:55 GMT
  Red Hat Security Advisory 2021-0146-01 - Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include code execution and cross site scripting vulnerabilities.
• Red Hat Security Advisory 2021-0145-01 Thu, 14 Jan 2021 15:22:03 GMT
  Red Hat Security Advisory 2021-0145-01 - Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Red Hat OpenShift Serverless Client kn 1.12.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.12.0, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include code execution and cross site scripting vulnerabilities.
• Red Hat Security Advisory 2021-0136-01 Thu, 14 Jan 2021 15:18:49 GMT
  Red Hat Security Advisory 2021-0136-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
• Ubuntu Security Notice USN-4692-1 Wed, 13 Jan 2021 23:19:36 GMT
  Ubuntu Security Notice 4692-1 - Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. Various other issues were also addressed.
• Red Hat Security Advisory 2021-0114-01 Wed, 13 Jan 2021 23:19:30 GMT
  Red Hat Security Advisory 2021-0114-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.111 and .NET Core Runtime 3.1.11.
• Red Hat Security Advisory 2021-0110-01 Wed, 13 Jan 2021 23:19:23 GMT
  Red Hat Security Advisory 2021-0110-01 - This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an XML injection vulnerability.
• Ubuntu Security Notice USN-4691-1 Wed, 13 Jan 2021 23:19:15 GMT
  Ubuntu Security Notice 4691-1 - Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2021-0030-01 Wed, 13 Jan 2021 23:19:10 GMT
  Red Hat Security Advisory 2021-0030-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
• Red Hat Security Advisory 2021-0106-01 Wed, 13 Jan 2021 23:19:04 GMT
  Red Hat Security Advisory 2021-0106-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.1 serves as an update to Red Hat Decision Manager 7.9.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
• Red Hat Security Advisory 2021-0105-01 Wed, 13 Jan 2021 23:18:57 GMT
  Red Hat Security Advisory 2021-0105-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.1 serves as an update to Red Hat Process Automation Manager 7.9.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
• Ubuntu Security Notice USN-4690-1 Wed, 13 Jan 2021 15:21:35 GMT
  Ubuntu Security Notice 4690-1 - It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface.
• Gentoo Linux Security Advisory 202101-10 Wed, 13 Jan 2021 15:21:24 GMT
  Gentoo Linux Security Advisory 202101-10 - Multiple vulnerabilities have been found in Asterisk, the worst of which could result in a Denial of Service condition. Versions less than 13.38.1 are affected.
• Red Hat Security Advisory 2021-0095-01 Wed, 13 Jan 2021 15:19:08 GMT
  Red Hat Security Advisory 2021-0095-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.111 and .NET Core Runtime 3.1.11.
• Red Hat Security Advisory 2021-0094-01 Wed, 13 Jan 2021 15:18:53 GMT
  Red Hat Security Advisory 2021-0094-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2.
• Gentoo Linux Security Advisory 202101-09 Wed, 13 Jan 2021 15:12:11 GMT
  Gentoo Linux Security Advisory 202101-9 - Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox. Versions prior to 6.1.12 are affected.
• Red Hat Security Advisory 2021-0096-01 Wed, 13 Jan 2021 15:11:46 GMT
  Red Hat Security Advisory 2021-0096-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2.
• Red Hat Security Advisory 2021-0087-01 Wed, 13 Jan 2021 15:06:22 GMT
  Red Hat Security Advisory 2021-0087-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2021-0088-01 Wed, 13 Jan 2021 15:06:05 GMT
  Red Hat Security Advisory 2021-0088-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2021-0089-01 Wed, 13 Jan 2021 15:05:42 GMT
  Red Hat Security Advisory 2021-0089-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2021-0084-01 Wed, 13 Jan 2021 15:05:15 GMT
  Red Hat Security Advisory 2021-0084-01 - This release of Red Hat build of Quarkus 1.7.6 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.
• Red Hat Security Advisory 2021-0083-01 Tue, 12 Jan 2021 16:26:30 GMT
  Red Hat Security Advisory 2021-0083-01 - The rhceph-4.2 image is based on Red Hat Ceph Storage 4.2 and Red Hat Enterprise Linux. Issues addressed include a server-side request forgery vulnerability.
• Ubuntu Security Notice USN-4689-2 Tue, 12 Jan 2021 16:26:24 GMT
  Ubuntu Security Notice 4689-2 - USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. Various other issues were also addressed.
• Red Hat Security Advisory 2021-0081-01 Tue, 12 Jan 2021 16:21:13 GMT
  Red Hat Security Advisory 2021-0081-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. NFS-GANESHA is a NFS Server running in user space. It comes with various back-end modules provided as shared objects to support different file systems and name-spaces.