All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    23,384
    Messages:
    23,900
    Likes Received:
    41,560
    Trophy Points:
    931
    Patch Lady – I smell a Rat
    Posted on August 26th, 2019 at 20:03 Susan Bradley Comment on the AskWoody Lounge
    (coming to you from the friendly wifi of United Airlines as I fly to the Quest/The Experts Conference)

    So twice lately someone has asked about articles indicating that we should patch now. Yesterday. Like the day before yesterday. And yet, when I’m reading the articles, I can’t find a single specific update they are talking about.


    and

    https://www.forbes.com/sites/daveyw...e-control-hack-attack-confirmed/#268cd4715bdb

    Okay so the gist of the article (that I can tell is) that a research firm came out with a PR whitepaper on NanoRat 1.2.2 and said that it’s being used more in attacks. The attacks come in via phishing and macro enabled documents.

    So…..? This is different than any of the other daily phishing attacks I see in my spam filters?

    And all you can tell me is to “patch now”? Patching my operating system won’t patch if I’m stupid enough to click on something. Patching my operating system won’t patch if I’m stupid enough to enter my credentials on a well done web page pretending to be my mail server needing me to “upgrade”.

    Bottom line, telling me to patch now when there’s no specific operating system update in the August updates that will protect us from this is just running around like Chicken Little telling me the sky is falling.

    Come on tech sites, stop using Public relations stunts to write your content. There’s enough true security stories out there for us to be more than scared over. (The one that concerns me is the recent ransomware coming into multiple government entities via a shared managed service providers).

    Make no mistake the bad guys want to get us, but articles like these that give no good solid actionable items other than “patch” when it’s not even Patch Tuesday are just ridiculous.
     
    jclausius likes this.
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    6,629
    Messages:
    19,980
    Likes Received:
    24,806
    Trophy Points:
    931
    After posting this DDIO / RDMA NetCAT response from Intel:
    http://forum.notebookreview.com/thr...atches-and-more.812424/page-129#post-10950369

    I found these released today:

    National Cyber Awareness System =>Current Activity Landing => Intel Releases Security Updates
    https://www.us-cert.gov/ncas/current-activity/2019/08/13/intel-releases-security-updates

    Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
    And, these from a couple of days ago...

    Intel Releases Security Updates, Mitigations for Multiple Products
    Original release date: June 11, 2019 | Last revised: June 12, 2019
    https://www.us-cert.gov/ncas/curren...ecurity-Updates-Mitigations-Multiple-Products

    Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
     
    Starlight5 and Papusan like this.
  3. 6730b

    6730b Notebook Evangelist

    Reputations:
    575
    Messages:
    563
    Likes Received:
    905
    Trophy Points:
    106
    !

    "German vuln-hunting firm Greenbone Networks found 590 "medical image archive systems online" containing a startling 737 million images, of which it said around 400 million were downloadable."

    "A significant number of these servers have no protection at all, they aren't password protected and have no encryption."

    https://www.theregister.co.uk/2019/09/17/24m_medical_records_unsecured_online/
     
    hmscott and Papusan like this.
  4. Spartan

    Spartan Notebook Nobel Laureate

    Reputations:
    22,232
    Messages:
    20,966
    Likes Received:
    30,884
    Trophy Points:
    931
  5. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    23,384
    Messages:
    23,900
    Likes Received:
    41,560
    Trophy Points:
    931
    CYBERSECURITY TODAY zdnet.com | Sept 26, 2019
    Cisco warning: These routers have 9.9/10-severity security flaw

    Cisco has disclosed over a dozen high-severity vulnerabilities affecting the widely deployed Cisco IOS and IOS XE network automation software, including a nasty one affecting its industrial routers and grid routers.
     
    hmscott, jclausius and Tinderbox (UK) like this.
  6. 6730b

    6730b Notebook Evangelist

    Reputations:
    575
    Messages:
    563
    Likes Received:
    905
    Trophy Points:
    106
    hmscott, jclausius and Papusan like this.
  7. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    3,848
    Messages:
    3,021
    Likes Received:
    2,037
    Trophy Points:
    231
    "New Microsoft NTLM Flaws May Allow Full Domain Compromise"

    - Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise.

    - Microsoft patched the two NTLM flaws and issued security advisories as part of the Patch Tuesday security updates issued yesterday after Preempt’s disclosure.

    https://www.bleepingcomputer.com/ne...-ntlm-flaws-may-allow-full-domain-compromise/


    On the bright side, at least the vulnerability wasn't caused by a Windows 10 update.
     
    Tinderbox (UK), hmscott and Papusan like this.
  8. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    23,384
    Messages:
    23,900
    Likes Received:
    41,560
    Trophy Points:
    931
    SECURITY
    Hacker Selling User Info Stolen From Prostitution Forums bleepingcomputers.com | Oct 10, 2019
    Popular prostitution and escort forums in the Netherlands and Italy have suffered data breaches that exposed the usernames, email addresses, and hashed passwords for their registered members.

    ----------------------------------

    D-Link no longer wants to fix router vulnerability
    Published on 10th October 2019 by Günter Born
    [​IMG]
    The D-Link Routers DIR-652, DIR-655, DIR-866L, and DHP-1565 have a critical remote execution vulnerability, but the manufacturer does not want to fix it.

    ---------------------------------

    [​IMG]

    Windows 10 Mobile with a security problem that will not be resolved [Workaround]
    [​IMG] good Morning October 10, 2019 17:30 2 comments
    On 8/10, the KB4522809 was shipped for Windows 10 Mobile. This increased the version number to 15254.590. As always, the changes are "identical" to the PC version of the 1709. But a security hole is no longer closed. Under the CVE-2019-1314 ...

     
    Last edited: Oct 10, 2019
    Tinderbox (UK) and jclausius like this.
  9. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    23,384
    Messages:
    23,900
    Likes Received:
    41,560
    Trophy Points:
    931

    Attackers Are Exploiting an Apple iTunes Zero-Day Bug to Install Ransomware on Windows Machines wccftech.com | Oct 12, 2019

    A zero-day vulnerability in Apple iTunes for Windows enabled attackers to bypass antivirus detection on Windows devices. The targeted BitPaymer or IEncrypt ransomware campaign was detected by the security folks at Morphisec who called the iTunes exploit a "new and alarming evasion technique."

    This Apple zero-day vulnerability is in the Bonjour updater that comes packaged with iTunes and iCloud for Windows. Morphisec said that the the "adversaries abused an unquoted path to maintain persistence and evade detection." The unquoted path vulnerability is a widely known bug that occurs due to developers forgetting to surround a file path with quotation marks. This latest zero-day is a proof that developers continue to ignore quotes.

    Apple has fixed the flaw but it will affect even those who have uninstalled iTunes for Windows
    Apple fixed the vulnerability with the release of iTunes 12.10.1 for Windows and iCloud for Windows 7.14, as well, since Bonjour updater ships with both of them.

    Morphisec warns that even if you don't currently run iTunes but did so in the past, you could still be at risk, hinting that this could be the reason why attackers chose this process for evasion.

    In most cases, people are not aware that they need to uninstall the Apple Software Update component separately when uninstalling iTunes. Because of this, machines are left with the updater task installed and working.

    We were surprised by the results of an investigation that showed Apple Software Update is installed on a large number of computers across different enterprises. Many of the computers uninstalled iTunes years ago while the Apple Software Update component remains silently, un-updated, and still working in the background. Following this discovery, we identified the attack surface and the motivation of the attacker to choose this process for evasion.

    Morphisec researchers also added that Apple developers "haven't fixed all the vulnerabilities reported by us, only the one that was abused by the attackers." In any case, if you do use iTunes, make sure to update it to the very latest version. Mac users aren't affected by this bug.




     
    jclausius and Tinderbox (UK) like this.
  10. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    23,384
    Messages:
    23,900
    Likes Received:
    41,560
    Trophy Points:
    931
    Hackers Breach Avast Antivirus Network Through Insecure VPN Profile bleepingcomputers.com | Oct 21, 2019

    Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14.
    Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account.


    Update [10.21.2019]: When CCleaner 5.63 came out on October 15, BleepingComputer sought comments from Avast about the reason and benefits of the update since it was an unexpected move. The company delayed responding to our questions at the time.
    CCleaner General Manager David Peterson explains in a blog post today that the reason for automatically updating all CCleaner installations since 5.57 to the current latest version was a preventative measure to ensure that all users run a genuine release.
    "We took these steps preventatively as our investigation is continuing, but we wanted to eliminate the risk of fraudulent software being delivered to our users. Since we have indications that the attempts to infiltrate our systems began in May this year, we automatically updated users on builds released after this time to ensure their safety."

    A legitimate way (nice way) try snooping in their customers computers?:rolleyes:
     
    jclausius and 6730b like this.
Loading...

Share This Page