News

• REvil-Hit Medibank To Pull Plug On IT, Shore Up Defenses
• North Korean Hackers Exploit Internet Explorer's Leftover Bits
• 2022's Greatest Hacks And Leaks, Ranked
• North Korea Using Freelance Techies To Fund Missiles And Nukes
• Apple Adds End-To-End Encryption To iCloud Device Backups
• Bad Software Cost US Businesses $2.1 Trillion In 2022
• Jack To Elon: Can We Just Get The Doxxing Over With?
• Five British Companies Fined For Making Half A Million Nuisance Calls
• South Pacific Vacations May Be Wrecked By Ransomware
• Ethereum Change Cut Cryptocurrency Power Demand
• San Francisco Makes U-Turn On Killer Robots Plan
• Uber, Motional Launch Robotaxi Service In Las Vegas
• This Privacy Ruling Against Meta Could Spell The End Of Targeted Ads
• Amnesty International Canada Claims Attack By China-Backed Forces
• Four Suspects Cuffed, Face Extradition Over Tax Refund Scam Plot
• CommonSpirit Confirms Network Accessed A Week Before Ransomware Attack
• Want To Detect Cobalt Strike On The Network? Look To Process Memory
• TSA To Expand Facial Recognition Across America
• Russian State-Owned Bank VTB Hit By Massive DDoS Attack
• KmsdBot Botnet Is Down After Operator Sends Typo In Command
• Explainer: ChatGPT - What Is OpenAI's Chatbot And What Is It Used For?
• FBI Warning: This Ransomware Gang Has Hit Over 100 Targets And Made More Than $60 Million
• AI Bot ChatGPT Stuns Academics With Essay Writing Skills / Usability
• Rackspace Customers Rage As Email Outage Continues
• Journalist Sues NSO After Being Hacked By Pegasus Spyware

• Top 10 Malware October 2022 Wed, 07 Dec 2022 08:26:00 -0500
  In its Top 10 Malware list for October 2022, the MS-ISAC observed the return of Gh0st and Snugy and the debut of SessionManager2.

Looking Glass Cyber

Malware Patrol

• InfoSec Articles (11/22/2022 – 12/07/2022)
• New OSINT Feeds ‣ High Risk IPs ‣ Risk Indicators ‣ Tor Exit Nodes

SecList

• How to train your Ghidra
  Brief introduction to setting up Ghidra, and then configuring it with a familiar UI and shortcuts, so that you would not need to re-learn all the key sequences you have got used to over the years.

securingtomorrow.mcafee.com

• Test article delete with links special chars – 09-12
• McAfee 2023 Threat Predictions: Evolution and Exploitation
• BeReal – The Newest Kid On The Social Media Block
• ‘Tis the Season for Holiday Scams
• How To Help Your Family Protect Their Online Data
• Let’s Make Security Easy
• Unwrapping Some of the Holiday Season’s Biggest Scams
• Fake Security App Found Abuses Japanese Payment System
• What Are Tailgating Attacks and How to Protect Yourself From Them
• McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life
• What is Antivirus and What Does It Really Protect?

Quick Heal

• Proactive Measures to Safeguard against the Ransomware Menace
• Your Data and Devices are safe with Quick Heal
• Quick Heal Launches an all new version 23 – Smart, Secure and Sustainable
• QBOT – A HTML Smuggling technique to target victims
• Are Malware operators using NSIS Installers to bombard Stealers and avoid detection?
• A DEEP DIVE INTO NEW 64 BIT EMOTET MODULES
• Beware: SOVA Android Banking Trojan emerges more powerful with new capabilities
• Quick Heal Supports Windows 11 version 22H2
• Indian Power Sector targeted with latest LockBit 3.0 Variant
• PowerShell: An Attacker’s Paradise

Threat Post

• Student Loan Breach Exposes 2.5M Records
• Watering Hole Attacks Push ScanBox Keylogger
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
• Ransomware Attacks are on the Rise
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
• Twitter Whistleblower Complaint: The TL;DR Version
• Firewall Bug Under Active Attack Triggers CISA Warning
• Fake Reservation Links Prey on Weary Travelers
• iPhone Users Urged to Update to Patch 2 Zero-Days
• Google Patches Chrome’s Fifth Zero-Day of the Year

Naked Security

• Credit card skimming – the long and winding road of supply chain failure
• SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
• Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
• Ping of death! FreeBSD fixes crashtastic bug in network tool
• Apple pushes out iOS security update that’s more tight-lipped than ever
• LastPass admits to customer data breach caused by previous breach
• The CHRISTMA EXEC network worm – 35 years and counting!
• S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]
• Serious Security: MD5 considered harmful – to the tune of $600,000
• TikTok “Invisible Challenge” porn malware puts us all at risk

Security Affairs

• Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million
• Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series
• Experts devised a technique to bypass web application firewalls (WAF) of several vendors
• Zombinder APK binding service used in multiple malware attacks
• Pwn2Own Toronto 2022 Day 2: Participants earned $281K
• Android app with over 5m downloads leaked user browsing history
• APT37 used Internet Explorer Zero-Day in a recent campaign
• New Go-based botnet Zerobot exploits dozens of flaws
• Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked
• Sophos fixed a critical flaw in its Sophos Firewall version 19.5

Security Awareness Tips of the week

Exploits

• Windows HTTP.SYS Kerberos PAC Verification Bypass / Privilege Escalation
• py7zr 0.20.0 Directory Traversal
• pixman pixman_sample_floor_y Integer Overflow
• VMware vCenter vScalation Privilege Escalation
• Senayan Library Management System 9.5.1 SQL Injection
• Drupal H5P Module 2.0.0 Zip Slip Traversal
• Automotive Shop Management System 1.0 SQL Injection
• Zillya Total Security 3.0.2367.0 / 3.0.2368.0 Local Privilege Escalation
• Packet Storm New Exploits For November, 2022
• Backdoor.Win32.Delf.gj MVID-2022-0663 Information Disclosure
• IBM Websphere Application Server 7.0 Cross Site Scripting
• perfSONAR 4.4.5 Cross Site Request Forgery
• perfSONAR 4.4.4 Open Proxy / Relay
• Microsoft Exchange ProxyNotShell Remote Code Execution
• OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
• Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
• Remote Control Collection Remote Code Execution
• Concrete CMS 9.1.3 XPATH Injection
• vBulletin 5.5.2 PHP Object Injection
• Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential
• Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw
• Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL
• Helmet Store Showroom 1.0 SQL Injection
• Sanitization Management System 1.0 SQL Injection
• Chrome blink::LocalFrameView::PerformLayout Use-After-Free

• [remote] SmartRG Router SR510n 2.6.13 - Remote Code Execution
• [webapps] CVAT 2.0 - Server Side Request Forgery
• [local] IOTransfer V4 - Unquoted Service Path
• [remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
• [remote] MSNSwitch Firmware MNT.2408 - Remote Code Execution
• [webapps] Open Web Analytics 1.7.3 - Remote Code Execution
• [webapps] Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
• [webapps] Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
• [webapps] Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
• [webapps] Aero CMS v0.0.1 - SQLi
• [webapps] Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
• [webapps] Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
• [remote] Teleport v10.1.1 - Remote Code Execution (RCE)
• [webapps] Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
• [webapps] TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
• [remote] WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
• [remote] Wifi HD Wireless Disk Drive 11 - Local File Inclusion
• [local] Blink1Control2 2.2.7 - Weak Password Encryption
• [webapps] Bookwyrm v0.4.3 - Authentication Bypass
• [webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass
• [remote] Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
• [remote] Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)
• [webapps] Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
• [webapps] WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
• [webapps] Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
• [remote] PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
• [webapps] ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
• [webapps] ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
• [webapps] Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
• [webapps] Prestashop blockwishlist module 2.1.0 - SQLi
• [remote] uftpd 2.10 - Directory Traversal (Authenticated)
• [remote] Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
• [webapps] Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
• [webapps] NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
• [remote] Omnia MPX 1.5.0+r1 - Path Traversal
• [webapps] mPDF 7.0 - Local File Inclusion
• [webapps] CuteEditor for PHP 6.6 - Directory Traversal
• [webapps] WordPress Plugin Duplicator 1.4.7 - Information Disclosure
• [webapps] WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
• [webapps] Wavlink WN530HG4 - Password Disclosure
• [webapps] Wavlink WN533A8 - Password Disclosure
• [webapps] Wavlink WN533A8 - Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting (XSS)
• [remote] Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution
• [webapps] Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal

Last 20 Website Defacements - Zone-h

• https://simasmatamoros.gob.mx/by.html
• https://www.matamoroscoahuila.gob.mx/by.html
• http://procurement.dgr.go.th/show_file/
• http://sipa.pt-bandung.go.id/el.htm
• https://nathalie.pn-tanjungpinangkota.go.id/el.htm
• https://ptsp.pn-tanjungpinangkota.go.id/el.htm
• https://sipp.pn-tanjungpinangkota.go.id/el.htm
• https://angola.mofa.go.ug
• https://algiers.mofa.go.ug
• https://dmu.ict.go.ug
• https://office.cpd.go.th/area2/
• http://www.tocumbo.gob.mx/ok.htm
• https://abuja.mofa.go.ug
• https://addisababa.mofa.go.ug
• https://abudhabi.mofa.go.ug
• https://nitda.gov.ng
• http://saed.cobiene.mil.pe/back.txt
• http://sad.cobiene.mil.pe/back.txt
• http://jae.cobiene.mil.pe/back.txt
• http://jace.cobiene.mil.pe/back.txt

Advisories

Symantec Packet Stoem Security

• Ubuntu Security Notice USN-5768-1 Thu, 08 Dec 2022 16:36:17 GMT
  Ubuntu Security Notice 5768-1 - Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. It was discovered that the GNU C Library did not properly handled DNS responses when ENDS0 is enabled. An attacker could possibly use this issue to cause fragmentation-based attacks.
• Red Hat Security Advisory 2022-8781-01 Thu, 08 Dec 2022 16:34:22 GMT
  Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2022-8849-01 Thu, 08 Dec 2022 16:33:08 GMT
  Red Hat Security Advisory 2022-8849-01 - An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 16.2.4 (Train).
• Red Hat Security Advisory 2022-8852-01 Thu, 08 Dec 2022 16:32:57 GMT
  Red Hat Security Advisory 2022-8852-01 - A fast multidimensional array facility for Python. Issues addressed include a null pointer vulnerability.
• Red Hat Security Advisory 2022-8874-01 Thu, 08 Dec 2022 16:31:28 GMT
  Red Hat Security Advisory 2022-8874-01 - An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
• Red Hat Security Advisory 2022-8857-01 Thu, 08 Dec 2022 16:31:01 GMT
  Red Hat Security Advisory 2022-8857-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2022-8873-01 Thu, 08 Dec 2022 16:29:56 GMT
  Red Hat Security Advisory 2022-8873-01 - An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
• Red Hat Security Advisory 2022-8866-01 Thu, 08 Dec 2022 16:29:06 GMT
  Red Hat Security Advisory 2022-8866-01 - An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
• Red Hat Security Advisory 2022-8848-01 Thu, 08 Dec 2022 16:28:14 GMT
  Red Hat Security Advisory 2022-8848-01 - An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 16.2.4 (Train). Issues addressed include a cross site scripting vulnerability.
• Red Hat Security Advisory 2022-8865-01 Thu, 08 Dec 2022 16:27:25 GMT
  Red Hat Security Advisory 2022-8865-01 - An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include a cross site scripting vulnerability.
• Red Hat Security Advisory 2022-8864-01 Thu, 08 Dec 2022 16:27:11 GMT
  Red Hat Security Advisory 2022-8864-01 - UltraJSON is an ultra fast JSON encoder and decoder. Issues addressed include a double free vulnerability.
• Red Hat Security Advisory 2022-8851-01 Thu, 08 Dec 2022 16:26:28 GMT
  Red Hat Security Advisory 2022-8851-01 - An update for rabbitmq-server is now available for Red Hat OpenStack Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4. Issues addressed include cross site scripting and improper neutralization vulnerabilities.
• Red Hat Security Advisory 2022-8862-01 Thu, 08 Dec 2022 16:25:43 GMT
  Red Hat Security Advisory 2022-8862-01 - An update for puppet is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
• Red Hat Security Advisory 2022-8853-01 Thu, 08 Dec 2022 16:24:45 GMT
  Red Hat Security Advisory 2022-8853-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4. Issues addressed include cross site scripting and denial of service vulnerabilities.
• Red Hat Security Advisory 2022-8867-01 Thu, 08 Dec 2022 16:23:18 GMT
  Red Hat Security Advisory 2022-8867-01 - An update for rabbitmq-server is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting and improper neutralization vulnerabilities.
• Red Hat Security Advisory 2022-8847-01 Thu, 08 Dec 2022 16:22:30 GMT
  Red Hat Security Advisory 2022-8847-01 - An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train).
• Red Hat Security Advisory 2022-8856-01 Thu, 08 Dec 2022 16:20:32 GMT
  Red Hat Security Advisory 2022-8856-01 - An update for python-django-horizon is now available for Red Hat OpenStack Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4.
• Red Hat Security Advisory 2022-8854-01 Thu, 08 Dec 2022 16:19:39 GMT
  Red Hat Security Advisory 2022-8854-01 - An update for python-scciclient is now available for Red Hat OpenStack Platform 16.2.4 (Train) director for Red Hat Enterprise Linux (RHEL) 8.4.
• Red Hat Security Advisory 2022-8872-01 Thu, 08 Dec 2022 16:18:51 GMT
  Red Hat Security Advisory 2022-8872-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting, denial of service, remote shell upload, and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2022-8863-01 Thu, 08 Dec 2022 16:18:42 GMT
  Red Hat Security Advisory 2022-8863-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
• Red Hat Security Advisory 2022-8861-01 Thu, 08 Dec 2022 16:18:33 GMT
  Red Hat Security Advisory 2022-8861-01 - A fast multidimensional array facility for Python. Issues addressed include a null pointer vulnerability.
• Red Hat Security Advisory 2022-8868-01 Thu, 08 Dec 2022 16:16:22 GMT
  Red Hat Security Advisory 2022-8868-01 - An update for python-scciclient is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
• Red Hat Security Advisory 2022-8870-01 Thu, 08 Dec 2022 16:15:22 GMT
  Red Hat Security Advisory 2022-8870-01 - An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
• Red Hat Security Advisory 2022-8869-01 Thu, 08 Dec 2022 15:24:41 GMT
  Red Hat Security Advisory 2022-8869-01 - An update for puppet-firewall is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
• Red Hat Security Advisory 2022-8855-01 Thu, 08 Dec 2022 15:24:33 GMT
  Red Hat Security Advisory 2022-8855-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect 'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities.