News

• NYPD Considers Using Encryption To Block Public From Radio Scanner Broadcasts
• Microsoft Warns Of North Korean Crew Posing As LinkedIn Recruiters
• Exchange Server Zero-Day Being Actively Exploited
• MI5 Website Briefly Hit By Denial Of Service Attack
• FBI Arrests Former NSA Employee For Trying To Sell Top Secret Documents
• Ex-eBay Execs Jailed For Cyberstalking Web Critics
• Optus: How A Massive Data Breach Has Exposed Australia
• Hackers Are Making DDoS Attacks Sneakier And Harder To Protect Against
• How Hobbyist Hackers Are Preserving Pokemon's Past And Shaping Its Future
• UK Watchdog Dismisses Criticisms Over Crypto Authorizations
• Never-Before-Seen Malware Has Infected Hundreds Of Linux And Windows Devices
• Akamai Finds 13 Million Malicious Newly Observed Domains A Month
• New Malware Targets VMware For Hypervisor-Level Espionage
• MEV Bot Earns $1M But Loses Everything To A Hacker An Hour Later
• Fast Company Shuts Website After Hack Sends Obscene Apple News Notifications
• NFT Sales Have Lost Nearly All Their Allure
• Sophos Fixes Critical Firewall Hole Exploited By Miscreants
• National Data Privacy Proposal May Shape Health Data Not Covered By HIPAA
• Impact! NASA's DART Spacecraft Crashes Head-On Into Asteroid
• Meta Busts First Chinese Campaign Targeting US Midterms
• Alleged Optus Hacker Apologizes For Data Breach
• Interpol Seeks Arrest Of Failed Crypto-Firm Boss Do Kwon
• Noberus Ransomware Targets Veeam Backup Software
• UK May Fine TikTok $29 Million For Failing To Protect Kids
• London Police Arrested 17-Year-Old Hacker Suspected Of Uber And GTA 6 Breaches

• Cybersecurity at Scale: Piercing the Fog of More Mon, 26 Sep 2022 17:21:00 -0400
  To pierce the Fog of More, organizations must implement essential cyber hygiene and track their implementation of security best practices.

Looking Glass Cyber

Malware Patrol

• InfoSec Articles (09/12/2022 – 09/29/2022)
• InfoSec Articles (08/29/2022 – 09/12/2022)

SecList

• The secrets of Schneider Electric’s UMAS protocol
  Kaspersky ICS CERT report on vulnerabilities in Schneider Electric's engineering software that enables UMAS protocol abuse.

securingtomorrow.mcafee.com

• How Do Hackers Hack Phones and How Can I Prevent It?
• McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability
• The Optus Data Breach – Steps You Can Take to Protect Yourself
• Credit Lock and Credit Freeze: Which Service Is Best for You? Both!
• Help! I Think My Phone’s Been Hacked
• 7 Tips to Protect Your Smartphone from Getting Hacked
• All-New Ransomware Coverage Opens Up the Path to Recovery
• How Often Should You Change Your Passwords?
• Steer Clear of the “Pay Yourself Scam” That’s Targeting Online Bank Accounts
• Cryptohacking: Is Cryptocurrency Losing Its Credibility?
• Watch Out for These 3 Online Job Scams

Quick Heal

• Quick Heal Supports Windows 11 version 22H2
• Indian Power Sector targeted with latest LockBit 3.0 Variant
• PowerShell: An Attacker’s Paradise
• Auto-launching HiddAd on Google Play Store found in more than 6 million downloads
• Is the shift to 5G threatening the world of IoT Security?
• Robin Hood Ransomware ‘GOODWILL’ Forces Victim for Charity
• Threat Advisory: CVE-2022-30190 ‘Follina’ – Severe Zero-day Vulnerability discovered in MSDT
• Beware – Banking Trojans using enhanced techniques to spread malware.
• Critical Zero-Day “Log4Shell” Vulnerability “CVE-2021-44228” Exploited in the Wild
• Update Security Certificate to Install Quick Heal Product Successfully

Threat Post

• Student Loan Breach Exposes 2.5M Records
• Watering Hole Attacks Push ScanBox Keylogger
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
• Ransomware Attacks are on the Rise
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
• Twitter Whistleblower Complaint: The TL;DR Version
• Firewall Bug Under Active Attack Triggers CISA Warning
• Fake Reservation Links Prey on Weary Travelers
• iPhone Users Urged to Update to Patch 2 Zero-Days
• Google Patches Chrome’s Fifth Zero-Day of the Year

Naked Security

• URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”
• S3 Ep102: How to avoid a data breach [Audio + Transcript]
• Optus breach – Aussie telco told it will have to pay to replace IDs
• WhatsApp “zero-day exploit” news scare – what you need to know
• Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?
• Morgan Stanley fined millions for selling off devices full of customer PII
• S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
• Interested in cybersecurity? Join us for Security SOS Week 2022!
• LastPass source code breach – incident response report released
• S3 Ep100.5: Uber breach – an expert speaks [Audio + Text]

Security Affairs

• Witchetty APT used steganography in attacks against Middle East entities
• US DoD announced the results of the Hack US bug bounty challenge
• Microsoft confirms Exchange zero-day flaws actively exploited in the wild
• Unpatched Microsoft Exchange Zero-Day actively exploited in the wild
• Experts uncovered novel Malware persistence within VMware ESXi Hypervisors
• Hacker groups support protestors in Iran using Telegram, Signal and Darkweb
• A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums
• Go-based Chaos malware is rapidly growing targeting Windows, Linux and more
• Threat actors use Quantum Builder to deliver Agent Tesla malware
• ONLINE DISINFORMATION: Under the hood of a Doppelgänger

Security Awareness Tips of the week

Exploits

• Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting
• jCart For OpenCart 3.0.3.19 Cross Site Scripting
• Joomla JoomRecipe 4.2.2 Cross Site Scripting
• qdPM 9.1 Authenticated Shell Upload
• Joomla AdsManager 3.2.0 SQL Injection
• Bus Pass Management System 1.0 Cross Site Scripting
• Online Examination System 1.0 SQL Injection
• Joomla EDocman 1.23.3 Cross Site Scripting
• Online Examination System 1.0 Cross Site Scripting
• Mobile Mouse Remote Code Execution
• Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
• EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting
• WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting
• COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
• Online Birth Certificate Management System 1.0 Cross Site Scripting
• Online Birth Certificate Management System 1.0 Cross Site Scripting
• Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
• Online Birth Certificate Management System 1.0 Cross Site Request Forgery
• Food Ordering Management System 1.0 SQL Injection
• WiFi Mouse 1.8.3.4 Remote Code Execution
• Veritas Backup Exec Agent Remote Code Execution
• Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution
• WordPress Forym 1.5.7 Cross Site Scripting
• WordPress Sabai Discuss 1.4.13 Cross Site Scripting
• Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload

• [webapps] Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
• [webapps] Aero CMS v0.0.1 - SQLi
• [webapps] Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
• [webapps] Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
• [remote] Teleport v10.1.1 - Remote Code Execution (RCE)
• [webapps] Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)
• [webapps] TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
• [remote] WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
• [remote] Wifi HD Wireless Disk Drive 11 - Local File Inclusion
• [local] Blink1Control2 2.2.7 - Weak Password Encryption
• [webapps] Bookwyrm v0.4.3 - Authentication Bypass
• [webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass
• [remote] Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
• [remote] Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)
• [webapps] Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
• [webapps] WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
• [webapps] Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
• [remote] PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
• [webapps] ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
• [webapps] ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
• [webapps] Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
• [webapps] Prestashop blockwishlist module 2.1.0 - SQLi
• [remote] uftpd 2.10 - Directory Traversal (Authenticated)
• [remote] Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
• [webapps] Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
• [webapps] NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
• [remote] Omnia MPX 1.5.0+r1 - Path Traversal
• [webapps] mPDF 7.0 - Local File Inclusion
• [webapps] CuteEditor for PHP 6.6 - Directory Traversal
• [webapps] WordPress Plugin Duplicator 1.4.7 - Information Disclosure
• [webapps] WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
• [webapps] Wavlink WN530HG4 - Password Disclosure
• [webapps] Wavlink WN533A8 - Password Disclosure
• [webapps] Wavlink WN533A8 - Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting (XSS)
• [remote] Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution
• [webapps] Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal
• [local] Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path
• [webapps] Dingtian-DT-R002 3.1.276A - Authentication Bypass
• [remote] rpc.py 0.6.0 - Remote Code Execution (RCE)
• [webapps] Geonetwork 4.2.0 - XML External Entity (XXE)
• [webapps] WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
• [webapps] OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
• [webapps] CodoForum v5.1 - Remote Code Execution (RCE)
• [local] Dr. Fone 4.0.8 - 'net_updater32.exe' Unquoted Service Path

Last 20 Website Defacements - Zone-h

• http://disdukcapil.mitrakab.go.id/dx.htm
• http://taskpapdg.pta-padang.go.id/hacked.txt
• http://pendaftaranseleksi.pta-padang.go.id/hacked.txt
• http://apm.pta-padang.go.id/hacked.txt
• https://e-silat.pta-padang.go.id/fvck.html
• https://pasti.pta-padang.go.id/fvck.html
• https://dprd.riau.go.id
• http://ekraf.disporapar.jatengprov.go.id/dz.php
• https://mpsja.mphc.gov.in/readme.php
• https://district.mphc.gov.in/readme.php
• https://familycourts.mphc.gov.in/readme.php
• https://commercialcourt.mphc.gov.in/readme.php
• http://bappelitbangda.bengkuluutarakab.go.id/1.html
• https://bpsdmi.kemenperin.go.id/1.html
• https://biroekbang.sulbarprov.go.id/1.html
• https://cre.guadalupe.gob.mx/1.html
• http://pta-pontianak.go.id/read.html
• http://www.kptraffic.kpdata.gov.pk
• http://www.icon.kpdata.gov.pk
• http://jalabahasa.kemdikbud.go.id/public/site/images/admin1/xixi.gif

Advisories

Symantec Packet Stoem Security

• Gentoo Linux Security Advisory 202209-27 Fri, 30 Sep 2022 14:56:55 GMT
  Gentoo Linux Security Advisory 202209-27 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.3.0:esr are affected.
• Gentoo Linux Security Advisory 202209-20 Fri, 30 Sep 2022 14:56:50 GMT
  Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.
• Gentoo Linux Security Advisory 202209-24 Fri, 30 Sep 2022 14:56:43 GMT
  Gentoo Linux Security Advisory 202209-24 - Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Versions less than 2.4.9 are affected.
• Gentoo Linux Security Advisory 202209-22 Fri, 30 Sep 2022 14:56:33 GMT
  Gentoo Linux Security Advisory 202209-22 - A vulnerability has been found in Kitty which could allow for arbitrary code execution with user input. Versions less than 0.26.2 are affected.
• Gentoo Linux Security Advisory 202209-26 Fri, 30 Sep 2022 14:56:27 GMT
  Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.
• Gentoo Linux Security Advisory 202209-23 Fri, 30 Sep 2022 14:56:19 GMT
  Gentoo Linux Security Advisory 202209-23 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 105.0.5195.125 are affected.
• Gentoo Linux Security Advisory 202209-25 Fri, 30 Sep 2022 14:56:12 GMT
  Gentoo Linux Security Advisory 202209-25 - A vulnerability has been discovered in Zutty which could allow for arbitrary code execution. Versions less than 0.13 are affected.
• Gentoo Linux Security Advisory 202209-21 Fri, 30 Sep 2022 14:56:06 GMT
  Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.
• Gentoo Linux Security Advisory 202209-19 Fri, 30 Sep 2022 14:56:01 GMT
  Gentoo Linux Security Advisory 202209-19 - Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which are fuzzing issues presumed to allow for arbitrary code execution. Versions less than 1.3.38 are affected.
• Gentoo Linux Security Advisory 202209-18 Fri, 30 Sep 2022 14:53:19 GMT
  Gentoo Linux Security Advisory 202209-18 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Versions less than 102.3.0 are affected.
• Gentoo Linux Security Advisory 202209-17 Fri, 30 Sep 2022 14:53:09 GMT
  Gentoo Linux Security Advisory 202209-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution. Versions less than 7.0.5 are affected.
• Gentoo Linux Security Advisory 202209-16 Fri, 30 Sep 2022 14:52:58 GMT
  Gentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.
• Red Hat Security Advisory 2022-6753-01 Fri, 30 Sep 2022 14:51:18 GMT
  Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
• Red Hat Security Advisory 2022-6750-01 Fri, 30 Sep 2022 14:51:03 GMT
  Red Hat Security Advisory 2022-6750-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2022-6755-01 Fri, 30 Sep 2022 14:49:39 GMT
  Red Hat Security Advisory 2022-6755-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP15.
• Red Hat Security Advisory 2022-6756-01 Fri, 30 Sep 2022 14:49:17 GMT
  Red Hat Security Advisory 2022-6756-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP15.
• Ubuntu Security Notice USN-5647-1 Thu, 29 Sep 2022 15:21:44 GMT
  Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
• Ubuntu Security Notice USN-5615-2 Thu, 29 Sep 2022 15:21:29 GMT
  Ubuntu Security Notice 5615-2 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2022-6741-01 Thu, 29 Sep 2022 15:17:17 GMT
  Red Hat Security Advisory 2022-6741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
• Ubuntu Security Notice USN-5646-1 Thu, 29 Sep 2022 15:08:37 GMT
  Ubuntu Security Notice 5646-1 - Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service.
• Ubuntu Security Notice USN-5645-1 Thu, 29 Sep 2022 14:58:06 GMT
  Ubuntu Security Notice 5645-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges.
• Ubuntu Security Notice USN-5644-1 Wed, 28 Sep 2022 15:04:08 GMT
  Ubuntu Security Notice 5644-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
• Red Hat Security Advisory 2022-6696-01 Tue, 27 Sep 2022 16:01:00 GMT
  Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.
• Ubuntu Security Notice USN-5643-1 Tue, 27 Sep 2022 16:00:42 GMT
  Ubuntu Security Notice 5643-1 - It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
• Ubuntu Security Notice USN-5642-1 Tue, 27 Sep 2022 15:57:48 GMT
  Ubuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.