Security Pop Quiz! q267.mp3

News

Packet Storm Security

* MGM Resorts Operations Resume 10 Days After Cyberattack
* Poland Investigates OpenAI Over Privacy Concerns
* Cisco Beefs Up Cybersecurity Play With $28 Billion Splunk Deal
* India's Biggest Tech Centers Named As Cyber Crime Hotspots
* Feds Issue Snatch Ransomware Warning

Security Affairs

* Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws
* Ukrainian hackers are behind the Free Download Manager supply chain attack
* Space and defense tech maker Exail Technologies exposes database access
* Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
* Experts found critical flaws in Nagios XI network monitoring software

Looking Glass Cyber

securingtomorrow.mcafee.com

Quick Heal

* THREAT ADVISORY: Zero-Day Vulnerabilities Detected on WinRAR
* Battling the Death Trap of Malicious Loan Apps
* Mallox Ransomware Strikes Unsecured MSSQL Servers
* DarkRace Ransomware: A Deep Dive into its Techniques and Impact
* Ethical Web Scraping and Crawling: Navigating the Digital World Responsibly

Threat Post

* Student Loan Breach Exposes 2.5M Records
* Watering Hole Attacks Push ScanBox Keylogger
* Tentacles of '0ktapus' Threat Group Victimize 130 Firms
* Ransomware Attacks are on the Rise
* Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Naked Security

* Mom's Meals issues "Notice of Data Event": What to know and what to do
* S3 Ep149: How many cryptographers does it take to change a light bulb?
* Using WinRAR? Be sure to patch against these code execution bugs…
* Smart light bulbs could give away your password secrets
* "Snakes in airplane mode" - what if your phone says it's offline but isn't?

ESET

* Ballistic Bobcat's Sponsor backdoor - Week in security with Tony Anscombe
* 10 tips to ace your cybersecurity job interview
* Read it right! How to spot scams on Reddit
* Will you give X your biometric data? - Week in security with Tony Anscombe
* ESET Research Podcast: Sextortion, digital usury and SQL brute-force

CIS

• Albert Network Monitoring: Guarding State, Local Governments Wed, 20 Sep 2023 12:04:00 -0400
  Albert Network Monitoring is an intrusion detection system (IDS) designed to help SLTTs protect their networks against cyber threats. Here's how.

Malware Patrol

* InfoSec Articles (09/12/23 - 09/19/23)
* Malware Patrol + Palo Alto Networks NGFW (PAN-OS)

SecList

• Overview of IoT threats in 2023
  IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023.

MySonicWall

Critical Infrastructure

* Critical infrastructure workers more likely to detect, report phishing
* Fill out the Security Benchmark Survey for 2023
* Critical infrastructure attacks are ramping up

* Cadisha Miceli | Women in Security 2023
* CISA MTS Guide may enhance critical infrastructure resilience
* DNV appoints Anette Roll Richardsen as Director of Cybersecurity

* White House announces aviation safety plans
* Seattle TSA emphasizes security ahead of Labor Day travel
* Railway company agrees to new safety measures following derailment

Case Studies

* Häfele recovers from ransomware attack with new SASE platform
* Ride-hailing company, inDrive, uses new platform to prevent fraud
* The Old Spaghetti Factory restaurant chain ups network & physical security

* CANVAS Hotel Dallas boosts security by adopting new door lock solution
* City of San Jose upgrades traffic security with advanced locks
* New York biotech company deploys security robots

Tools

* BDS Linux Userland Rootkit
* BDS Linux LKM Rootkit
* TOR Virtual Network Tunneling Tool 0.4.8.6
* Suricata IDPE 7.0.1
* Zeek 6.0.1

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* TOTOLINK Wireless Routers Remote Command Execution
* Luxcal Event Calendar 3.2.3 Cross Site Request Forgery
* Lamano CMS 2.0 Cross Site Request Forgery
* WordPress Theme My Login 2FA Brute Force
* Apache Airflow 1.10.10 Remote Code Execution
* Lexmark Device Embedded Web Server Remote Code Execution
* WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
* Taskhub 2.8.7 SQL Injection
* Packers And Movers Management System 1.0 SQL Injection
* Super Store Finder 3.7 Remote Command Execution

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

• Ubuntu Security Notice USN-6393-1 Thu, 21 Sep 2023 16:23:50 GMT
  Ubuntu Security Notice 6393-1 - It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash.
• Debian Security Advisory 5503-1 Thu, 21 Sep 2023 16:23:34 GMT
  Debian Linux Security Advisory 5503-1 - Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure.
• Red Hat Security Advisory 2023-5309-01 Thu, 21 Sep 2023 16:23:21 GMT
  Red Hat Security Advisory 2023-5309-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
• Ubuntu Security Notice USN-6391-2 Thu, 21 Sep 2023 16:20:39 GMT
  Ubuntu Security Notice 6391-2 - USN-6391-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6392-1 Thu, 21 Sep 2023 16:20:23 GMT
  Ubuntu Security Notice 6392-1 - It was discovered that libppd incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause libppd to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2023-5314-01 Thu, 21 Sep 2023 16:20:10 GMT
  Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
• Ubuntu Security Notice USN-6391-1 Thu, 21 Sep 2023 16:18:48 GMT
  Ubuntu Security Notice 6391-1 - It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6390-1 Thu, 21 Sep 2023 16:18:32 GMT
  Ubuntu Security Notice 6390-1 - It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. Robert Story discovered that Bind incorrectly handled certain DNS-over-TLS queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
• Red Hat Security Advisory 2023-5313-01 Thu, 21 Sep 2023 16:18:22 GMT
  Red Hat Security Advisory 2023-5313-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2023-5312-01 Thu, 21 Sep 2023 16:18:09 GMT
  Red Hat Security Advisory 2023-5312-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2023-5095-01 Thu, 21 Sep 2023 16:05:38 GMT
  Red Hat Security Advisory 2023-5095-01 - Logging Subsystem 5.6.11 - Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
• Red Hat Security Advisory 2023-5096-01 Wed, 20 Sep 2023 15:29:00 GMT
  Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.
• Ubuntu Security Notice USN-6389-1 Wed, 20 Sep 2023 15:27:06 GMT
  Ubuntu Security Notice 6389-1 - It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use this issue to cause Indent to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2023-5310-01 Wed, 20 Sep 2023 15:26:52 GMT
  Red Hat Security Advisory 2023-5310-01 - A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-6386-1 Wed, 20 Sep 2023 15:26:38 GMT
  Ubuntu Security Notice 6386-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6387-1 Wed, 20 Sep 2023 15:26:18 GMT
  Ubuntu Security Notice 6387-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6388-1 Wed, 20 Sep 2023 15:25:39 GMT
  Ubuntu Security Notice 6388-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service.
• Ubuntu Security Notice USN-6385-1 Wed, 20 Sep 2023 15:25:15 GMT
  Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-6384-1 Wed, 20 Sep 2023 15:24:54 GMT
  Ubuntu Security Notice 6384-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information.
• Ubuntu Security Notice USN-6382-1 Wed, 20 Sep 2023 15:24:28 GMT
  Ubuntu Security Notice 6382-1 - It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service.
• Red Hat Security Advisory 2023-5233-01 Wed, 20 Sep 2023 15:24:21 GMT
  Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
• Red Hat Security Advisory 2023-5239-01 Wed, 20 Sep 2023 15:24:12 GMT
  Red Hat Security Advisory 2023-5239-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
• Red Hat Security Advisory 2023-5235-01 Wed, 20 Sep 2023 15:24:06 GMT
  Red Hat Security Advisory 2023-5235-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2023-5264-01 Wed, 20 Sep 2023 15:23:59 GMT
  Red Hat Security Advisory 2023-5264-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
• Red Hat Security Advisory 2023-5238-01 Wed, 20 Sep 2023 15:23:32 GMT
  Red Hat Security Advisory 2023-5238-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.