Prioritize This, Prioritize That, Prioritize With Context! – Roi Cohen, Shani Dodge – PSW #670

Software vulnerabilities are exploding in growth at an unprecedented rate, and security teams are struggling to stay afloat. Lifebuoys (i.e. CVSS base scores) aren’t doing much to save them, either. A new advancement in threat prioritization offers relief, integrating the vulnerabilities’ surrounding characteristics to identify the most severe risks. This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw670

The post Prioritize This, Prioritize That, Prioritize With Context! – Roi Cohen, Shani Dodge – PSW #670 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/prioritize-this-prioritize-that-prioritize-with-context-roi-cohen-shani-dodge-psw-670/?utm_source=rss&utm_medium=rss&utm_campaign=prioritize-this-prioritize-that-prioritize-with-context-roi-cohen-shani-dodge-psw-670

Network Security News Summary for Friday October 16 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Friday October 16 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/network-security-news-summary-for-friday-october-16-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-friday-october-16-2020

Prolific Cybercrime Group Now Focused on Ransomware

Cybercriminal team previously associated with point-of-sale malware and data theft has now moved almost completely into the more lucrative crimes of ransomware and extortion.

An assortment of ransomware campaigns since 2019 are actually the work of a single group, which has evolved from conducting point-of-sale attacks using malware to infiltrating networks and infecting systems with ransomware, researchers say.

In an analysis of a cluster of malicious activity, FireEye’s Mandiant linked the attacks to a single cybercrime group, which the company dubbed FIN11. The group uses attack tools and malware that appear to be unique to its operators, who are also known for their use of high-volume e-mail campaigns to initially infect a user at a targeted company and establish a beachhead. While their activity has significant ramped up through most of 2019 and 2020, their operations appear to stretch back to 2016.

Overall, the group does not display sophisticated tactics, techniques and procedures (TTPs), but they are aggressive in their attempts to gain a foothold in companies, says Kimberly Goody, senior manager of the Mandiant threat intelligence financial crime team at FireEye.

“The main thing that sets this group apart from our perspective is how widespread their campaigns are,” she says. “They are sophisticated, but they have a wide reach. And their constant evolution of their TTPs–even though minor–can prevent organizations from being able to adequately defend against their spam campaigns.”

The group also highlights a trend observed by FireEye. Since early 2019, financial cybercrime groups once focused on stealing payment-card data are now shifting to compromising corporate networks, infecting a significant number of systems with ransomware, and then extorting the business for large sums, Goody says.

“Point of sale intrusions were very profitable, and we saw actors such as FIN6 and FIN7–all the way back to FIN5–they were targeting payment card data,” Goody says. “But ransomware, in terms of actors deploying it post compromise and widely distributing it in one victim’s environment, is far more profitable.”

FireEye concluded in its analysis that the group likely operates from the Commonwealth of Independent States (CIS), which broke off from the former Soviet Union. The company, however, has not linked their operations to any cyber espionage campaigns. Yet, cybercriminal groups operating in the CIS are likely known to Russian intelligence, and considering that such groups are usually worried enough about Russian law enforcement to avoid infecting systems within Russia, they could be conscripted into such activity, Goody says.

“Right now, we have only seen financially motivated attacks from this group,” she says. “But I find it improbable that Russia intelligence is unaware of this operation, and there has been cases of Russian cybercriminal groups–such as Zeus–that have specifically taken actions that appeared to be in line with espionage operations … so if asked, they would likely have to conduct whatever activity was asked of them.”

Trickbot

Earlier this month, Microsoft and a group of security firms worked together to take down the command-and-control channels for the Trickbot botnet, whose operators used the software’s modular capabilities to sell access to compromised systems and conduct ransomware attacks for financial gain. Yet, Microsoft–along with the US Cyber Command, reportedly–targeted Trickbot because of concerns that the group behind the malware would use its extensive reach to impact the US elections.

The impact of the takedown is not clear. While some reports have indicated the botnet had suffered disruptions prior to the takedown, ostensibly due to US Cyber Command activities, security firm Proofpoint stated that its researchers had not seen any notable changes in activity.

“The most recent Trickbot campaigns are already using new command and control channels, which shows the threat actors are actively adapting their campaigns,” Sherrod DeGrippo, senior director of threat research at Proofpoint, said in a statement to Dark Reading. “[W]e believe it’s unlikely we’ll see any immediate significant changes in Trickbot delivery volumes as the majority of Trickbot infections appear to come from third party malicious senders at this time.”

While FIN11 has its own unique toolsets, the group heavily leverages cybercrime services such as bulletproof hosting providers, private and semi-private malware infrastructure, and the purchase of stolen code-signing certificates, FireEye said in its analysis.

The largest risk the group poses, however, is its ubiquity, according to FireEye.

“The broad visibility Mandiant experts have into post-compromise activity that has historically followed FIN11’s malicious email campaigns suggests that they obtain access to the networks of far more organizations than they are able to successfully monetize,” the company stated. “Their high cadence of operations may be an attempt to cast a wide net rather than a reflection of the group’s ability to monetize many victims simultaneously.”

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Maximizing Database Performance to Improve Customer Experience

More Webcasts

White Papers

Cloud Threat Report: Spring 2020

The Best Free Vulnerability Management Tools

More White Papers

Reports

2020 State of DevOps Report

The State of IT and Cybersecurity Operations 2020

More Reports

The post Prolific Cybercrime Group Now Focused on Ransomware appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/prolific-cybercrime-group-now-focused-on-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=prolific-cybercrime-group-now-focused-on-ransomware

US Indicts Members of Transnational Money-Laundering Organization

Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.

An indictment unsealed this week by the US Department of Justice (DoJ) in a Pennsylvania federal court and another one from last October has shed more light on the vast criminal network that cyberthieves rely on to launder funds stolen from their victims.

The indictment that was unsealed today charged 14 individuals from Latvia, Bulgaria, the UK, Spain, and Italy with conspiracy to commit money laundering involving tens of millions of dollars stolen from victims in the US and other countries since 2016. All are alleged to belong to a larger transnational criminal group called QQAAZZ, which specializes in helping cybercriminals convert and “clean” stolen funds for a fee.

According to the DoJ, law-enforcement authorities in the five countries searched more than 40 homes in connection with the investigation and seized a Bitcoin-mining operation tied to the group in Bulgaria. Most of the home searches and arrests in the case so far have been in Latvia, the DoJ said in a statement disclosing the indictments this week.

This week’s indictment listed several unnamed US businesses that had funds stolen, or nearly had funds stolen, and transferred to illegally opened bank accounts belonging to the 14 individuals. In each case, cybercriminals had first broken into the victim network and taken over its business account. They then used the QQAAZZ accounts to receive money stolen from the breached entities. Among the cybercrime groups that have used QQAAZZ as a money-laundering service are the operators of the Dridex banking Trojan and malware families such as Trickbot and GozNym.

Among the actual and attempted fraudulent wire transfers was one involving $498,536 from an automotive components manufacturer, another for $300,000 from a landscaping equipment manufacturer, and another for almost the same amount from a charitable organization.

Meanwhile, the earlier indictment unsealed last October accused five other Latvian members of QQAAZZ of involvement in the same money-laundering scheme. Also charged separately by criminal complaint in the case was a Russian national who was arrested in March 2020 when visiting the US.

The indictment papers described QQAAZZ as a sophisticated, multitier operation that has opened and maintained hundreds of personal and corporate bank accounts with major financial institutions around the world over the past several years. The bank accounts are being used to receive stolen funds belonging to organizations and individuals in the US and elsewhere.

QQAAZZ’s modus operandi is to then transfer funds from these bank accounts to numerous other accounts belonging to the group in an elaborate set of transactions designed to conceal the origins of the stolen money. The group also has been using so-called “tumbling” services to convert some of the stolen funds to cryptocurrency. Once the origins of the stolen funds have been sufficiently obscured, QQAAZZ returns the fund to the cybercrime group that stole the money for a 40 to 50 percent fee.

Complex Operation
The DoJ described QQAAZZ as having established dozens of shell companies around the world for no other purpose than to facilitate the creation of corporate bank accounts that could be used for money-laundering purposes. Many of the bank accounts were created using legitimate and fake identification documents belonging to individuals in Poland and Bulgaria, the DoJ said. To attract clients to its services, the group has been advertising on underground cybercrime forums, sometimes paying $10,000 per year for advertising space.

Members of QQAAZ operate at three levels. The leaders, sitting at the top of the hierarchy, develop strategies and direct midlevel managers on how to create fake bank accounts, promote their business, and coordinate and return stolen funds from the organization’s cybercrime clients.

Those at the midtier are responsible for recruiting so-called “money-mules” to open bank accounts around the world. In some cases, midlevel managers also directly operate the accounts that QQAAZZ used for its money-laundering operation. The money mules at the bottom of the pack are responsible for actually registering bank accounts as well as the shell companies and associated corporate accounts.

The charges unsealed this week against members of the QQAAZZ group are the latest in a rapidly growing list of US indictments against foreign-based cyber actors in the past few weeks. September was a particularly busy month, with the US government indicting or announcing sanctions against multiple entities. Among them were members of China’s APT41 group, three Iranians for allegedly stealing satellite tracking and aerospace data, members of Iran’s APT39 group, four Russians for election interference, and two Iranians over a series of web defacements.

Some security experts see the activity as a sign of the US government’s intent to demonstrate its ability to accurately identify and attribute attacks to specific individuals and groups. Many of the indictments do little more than publicly name and shame threat actors based in countries outside the US government’s reach. But in the past when individuals named in these indictments have stepped outside the relative safety of their countries to visit more extradition-friendly nations, the US government has been quick to have them apprehended and deported to the US to stand trial.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts
More Webcasts

White Papers

Cloud Threat Report: Spring 2020

The Best Free Vulnerability Management Tools

More White Papers

Reports

Special Report: Edge Computing: An IT Platform for the New Enterprise

How IT Security Organizations are Attacking the Cybersecurity Problem

More Reports

The post US Indicts Members of Transnational Money-Laundering Organization appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/us-indicts-members-of-transnational-money-laundering-organization/?utm_source=rss&utm_medium=rss&utm_campaign=us-indicts-members-of-transnational-money-laundering-organization

What’s Next in Security

Whenever we talk about what’s next for Akamai’s security portfolio, we clearly want to look at the challenges that are top of mind for our customers — both today and tomorrow. And what a year 2020 has shaped up to be in terms of new challenges for CISOs and their security teams.

The post What’s Next in Security appeared first on Security Boulevard.

Read More

The post What’s Next in Security appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/whats-next-in-security/?utm_source=rss&utm_medium=rss&utm_campaign=whats-next-in-security

What’s Next for Edge Delivery

Access to media through the internet is a huge part of how so many in the world are entertained, informed, and even educated nowadays. And 2020 has shined an even greater light on that fact as many around the world have needed to adjust to life during a pandemic. At Akamai, we saw traffic delivered from our network jump 30% in March — essentially creating growth that we expect to see over the course of over many months in a matter of weeks.

The post What’s Next for Edge Delivery appeared first on Security Boulevard.

Read More

The post What’s Next for Edge Delivery appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/whats-next-for-edge-delivery/?utm_source=rss&utm_medium=rss&utm_campaign=whats-next-for-edge-delivery

Platform Update Highlights for eCommerce

Akamai’s October Platform Update offers a ton of new features for our customers across all industries. But if you’re an online retailer, you should really be paying attention to improvements to EdgeWorkers and Image & Video Manager, which provide expanded capabilities for creating new microservices and managing video and image delivery at the edge.

The post Platform Update Highlights for eCommerce appeared first on Security Boulevard.

Read More

The post Platform Update Highlights for eCommerce appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/platform-update-highlights-for-ecommerce/?utm_source=rss&utm_medium=rss&utm_campaign=platform-update-highlights-for-ecommerce

Moving to the Edge — An Outlook Into a New Era of Computing

At the end of a busy week of Akamai platform updates, edge computing rises as a critical focus. Akamai has been operating services at the edge for over 20 years, from content and media delivery, app and IoT optimization, to cloud and enterprise security. Now we are excited to open up the full potential of our platform to developers with EdgeWorkers, allowing companies to run their own code serverless on our edge nodes. Let’s explore why we at Akamai consider this to be so important, and why edge computing is gaining momentum in the industry.

The post Moving to the Edge — An Outlook Into a New Era of Computing appeared first on Security Boulevard.

Read More

The post Moving to the Edge — An Outlook Into a New Era of Computing appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/moving-to-the-edge-an-outlook-into-a-new-era-of-computing/?utm_source=rss&utm_medium=rss&utm_campaign=moving-to-the-edge-an-outlook-into-a-new-era-of-computing

🔴 LIVE: Paul’s Security Weekly #670

This week, we welcome back Roi Cohen and Shani Dodge from Vicarius, then we welcome Patrick Garrity from Blumira, and we wrap with the Security News!

→Full Show Notes: https://wiki.securityweekly.com/psw670

→Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly

The post 🔴 LIVE: Paul’s Security Weekly #670 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/%f0%9f%94%b4-live-pauls-security-weekly-670/?utm_source=rss&utm_medium=rss&utm_campaign=%25f0%259f%2594%25b4-live-pauls-security-weekly-670

Critical Magento Holes Open Online Shops to Code Execution

Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
Read More

The post Critical Magento Holes Open Online Shops to Code Execution appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/critical-magento-holes-open-online-shops-to-code-execution/?utm_source=rss&utm_medium=rss&utm_campaign=critical-magento-holes-open-online-shops-to-code-execution

Breach at Dickey’s BBQ Smokes 3M Cards

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.

The post Breach at Dickey’s BBQ Smokes 3M Cards appeared first on Security Boulevard.

Read More

The post Breach at Dickey’s BBQ Smokes 3M Cards appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/breach-at-dickeys-bbq-smokes-3m-cards-2/?utm_source=rss&utm_medium=rss&utm_campaign=breach-at-dickeys-bbq-smokes-3m-cards-2

Breach at Dickey’s BBQ Smokes 3M Cards

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.

An ad on the popular carding site Joker’s Stash for “BlazingSun,” which fraud experts have traced back to a card breach at Dickey’s BBQ.

On Monday, the carding bazaar Joker’s Stash debuted “BlazingSun,” a new batch of more than three million stolen card records, advertising “valid rates” of between 90-100 percent. This is typically an indicator that the breached merchant is either unaware of the compromise or has only just begun responding to it.

Multiple companies that track the sale in stolen payment card data say they have confirmed with card-issuing financial institutions that the accounts for sale in the BlazingSun batch have one common theme: All were used at various Dickey’s BBQ locations over the past 13-15 months

KrebsOnSecurity first contacted Dallas-based Dickey’s on Oct. 13. Today, the company shared a statement saying it was aware of a possible payment card security incident at some of its eateries:

“We received a report indicating that a payment card security incident may have occurred. We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway. We are currently focused on determining the locations affected and time frames involved. We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges.”

The confirmations came from Miami-based Q6 Cyber and Gemini Advisory in New York City.

Q6Cyber CEO Eli Dominitz said the breach appears to extend from May 2019 through September 2020.

“The financial institutions we’ve been working with have already seen a significant amount of fraud related to these cards,” Dominitz said.

Gemini says its data indicated some 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing malware, with the highest exposure in California and Arizona. Gemini puts the exposure window between July 2019 and August 2020.

“Low-and-slow” aptly describes the card breach at Dickie’s, which persisted for at least 13 months.

With the threat from ransomware attacks grabbing all the headlines, it may be tempting to assume plain old credit card thieves have moved on to more lucrative endeavors. Alas, cybercrime bazaars like Joker’s Stash have continued plying their trade, undeterred by a push from the credit card associations to encourage more merchants to install credit card readers that require more secure chip-based payment cards.

That’s because there are countless restaurant locations — usually franchise locations of an established eatery chain — that are left to decide for themselves whether and how quickly they should make the upgrades necessary to dip the chip versus swipe the stripe.

“Dickey’s operates on a franchise model, which often allows each location to dictate the type of point-of-sale (POS) device and processors that they utilize,” Gemini wrote in a blog post about the incident. “However, given the widespread nature of the breach, the exposure may be linked to a breach of the single central processor, which was leveraged by over a quarter of all Dickey’s locations.”

While there have been sporadic reports about criminals compromising chip-based payment systems used by merchants in the U.S., the vast majority of the payment card data for sale in the cybercrime underground is stolen from merchants who are still swiping chip-based cards.

This isn’t conjecture; relatively recent data from the stolen card shops themselves bear this out. In July, KrebsOnSecurity wrote about an analysis by researchers at New York University, which looked at patterns surrounding more than 19 million stolen payment cards that were exposed after the hacking of BriansClub, a top competitor to the Joker’s Stash carding shop.

The NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. Around 97% of the inventory was stolen magnetic stripe data, commonly used to produce counterfeit cards for in-person payments.

Visa and MasterCard instituted new rules in October 2015 that put retailers on the hook for all of the losses associated with counterfeit card fraud tied to breaches if they haven’t implemented chip-based card readers and enforced the dipping of the chip when a customer presents a chip-based card.

Dominitz said he never imagined back in 2015 when he founded Q6Cyber that we would still be seeing so many merchants dealing with magstripe-based data breaches.

“Five years ago I did not expect we would be in this position today with card fraud,” he said. “You’d think the industry in general would have made a bigger dent in this underground economy a while ago.”

Tired of having your credit card re-issued and updating your payment records at countless e-commerce sites every time some restaurant you frequent has a breach? Here’s a radical idea: Next time you visit an eatery (okay, if that ever happens again post-COVID, etc), ask them if they use chip-based card readers. If not, consider taking your business elsewhere.

Read More

The post Breach at Dickey’s BBQ Smokes 3M Cards appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/breach-at-dickeys-bbq-smokes-3m-cards/?utm_source=rss&utm_medium=rss&utm_campaign=breach-at-dickeys-bbq-smokes-3m-cards

FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft

In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.
Read More

The post FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/fifa-21-blockbuster-release-gives-fraudsters-an-open-field-for-theft/?utm_source=rss&utm_medium=rss&utm_campaign=fifa-21-blockbuster-release-gives-fraudsters-an-open-field-for-theft

Twitter Hack Analysis Drives Calls for Greater Security Regulation

New York’s Department of Financial Services calls for more cybersecurity regulation at social media firms following the “jarringly easy” Twitter breach.

New York’s Department of Financial Services (DFS) is calling for greater cybersecurity regulation at social media firms following an investigation into the July 15 Twitter breach. The attackers’ ability to achieve “extraordinary access” using “simple” techniques highlights the potential for major security incidents at similarly large and powerful tech companies, researchers report.

Twitter, a $37 billion company with at least 330 million monthly active users, made headlines this summer when attackers used a social engineering scam to trick Twitter employees into handing over credentials into Twitter’s corporate network. As indicated in the DFS report, the hackers claimed they were responding to a reported problem the employee was having with Twitter’s virtual private network (VPN). Since switching to remote work, VPN issues were common at the company.

With this initial compromise, the attackers were able to navigate Twitter’s internal websites and learn more about its information systems. They learned how to access internal applications and with this learned who they should target to access internal tools needed to take over a user’s account. They took over accounts with desirable usernames and sold access to them.

Attackers then turned things up a notch and targeted high-profile accounts belonging to Elon Musk, Bill Gates, Joe Biden, and Kanye West, in addition to companies such as Uber and Apple. They used this access to launch a scam and posted several tweets requesting followers to send Bitcoin – a scheme that netted them about $118,000.

Shortly after the attack, three individuals ages 17, 19, and 22 were charged for their roles in the hack. As the DFS points out, it was “jarringly easy” for young hackers to break into Twitter and hijack accounts belonging to some of the world’s most prominent people and companies. While these attackers were focused on fraud, advanced adversaries could do far greater damage.

This incident underscores the need for strong security to “curb the potential weaponization of major social media companies,” officials wrote. Public institutions haven’t caught up with the new challenges that social media presents. Other industries, such as utilities, finance, telecommunications, and other critical infrastructure, have established regulation to ensure the public interest is protected. The same should be done for large and systemically important social media companies, they argue.

“The Twitter Hack demonstrates, more than anything, the risk to society when systemically important institutions are left to regulate themselves,” officials wrote. “Protecting systemically important social media against misuse is crucial for all of us-consumers, voters, government, and industry.”

Read the full investigation report for more details on the Twitter hack and recommended steps for improving cybersecurity oversight of large social media companies.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts
More Webcasts

White Papers

Cloud Threat Report: Spring 2020

The Best Free Vulnerability Management Tools

More White Papers

Reports

Special Report: Understanding Your Cyber Attackers

Online Threats — and What Your Org Can Do About Them

More Reports

The post Twitter Hack Analysis Drives Calls for Greater Security Regulation appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/twitter-hack-analysis-drives-calls-for-greater-security-regulation/?utm_source=rss&utm_medium=rss&utm_campaign=twitter-hack-analysis-drives-calls-for-greater-security-regulation

What Healthcare Organizations Need To Know About Cloud Drift

Cloud computing has modernized the way healthcare and life science organizations build, operate, and manage infrastructure and applications. Cloud computing […]

The post What Healthcare Organizations Need To Know About Cloud Drift appeared first on Sonrai Security.

The post What Healthcare Organizations Need To Know About Cloud Drift appeared first on Security Boulevard.

Read More

The post What Healthcare Organizations Need To Know About Cloud Drift appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/what-healthcare-organizations-need-to-know-about-cloud-drift/?utm_source=rss&utm_medium=rss&utm_campaign=what-healthcare-organizations-need-to-know-about-cloud-drift

Barnes & Noble Warns Customers About Data Breach

Subscribe to Newsletters

Webinar Archives

White Papers

InformationWeek & Network Computing Report Round Up

Osterman Research: Cyber Crisis Response – Fit For Today’s Threat Landscape?

[Dark Reading Report] Building an Effective Cybersecurity Incident Response Team

Vulnerability Management for Financial Companies

How to Choose the Right TLS/SSL Certificate

More White Papers

Video

All Videos

Cartoon

Latest Comment: I’m done with Technology tonight. The bed won’t go up so I’m using pillows, the Kindle is locked up so I’m reading an actual book and …

Cartoon Archive

Current Issue

Special Report: Computing’s New NormalThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Back Issues | Must Reads

Flash Poll

All Polls

How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world — and enterprise computing — on end. Here’s a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-25858
PUBLISHED: 2020-10-15

The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denia…

CVE-2020-25859
PUBLISHED: 2020-10-15

The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI…

CVE-2019-12411
PUBLISHED: 2020-10-15

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2020-11637
PUBLISHED: 2020-10-15

A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.

CVE-2020-13939
PUBLISHED: 2020-10-15

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

The post Barnes & Noble Warns Customers About Data Breach appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/barnes-noble-warns-customers-about-data-breach/?utm_source=rss&utm_medium=rss&utm_campaign=barnes-noble-warns-customers-about-data-breach

Patch Tuesday Update – October 2020

It’s that time again… Patch Tuesday! Some good news finally. This is the first month in the past 8 that we’ve had less than 100 CVE’s released. This month’s list of 87 includes 11 critical vulnerabilities (down from 23 last month) with the typical variety of OS, software, and browser-based flaws. There is one scary …

Read More

The post Patch Tuesday Update – October 2020 appeared first on Security Boulevard.

Read More

The post Patch Tuesday Update – October 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/patch-tuesday-update-october-2020/?utm_source=rss&utm_medium=rss&utm_campaign=patch-tuesday-update-october-2020

ESB-2020.3553 – [Juniper] Junos OS: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3553
JSA11047 - 2020-10 Security Bulletin: FreeBSD-SA-19:20.bsnmp : Insufficient
        message length validation in bsnmp library (CVE-2019-5610)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5610  

Reference:         ESB-2019.3031.2

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11047

- --------------------------BEGIN INCLUDED TEXT--------------------

2020-10 Security Bulletin: FreeBSD-SA-19:20.bsnmp : 
Insufficient message length validation in bsnmp library (CVE-2019-5610)

Article ID  : JSA11047
Last Updated: 14 Oct 2020
Version     : 1.0

Product Affected:
This issue affects Junos OS 15.1, 16.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2,
18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3.
Problem:

The bsnmp software library is a SNMP (Simple Network Management Protocol)
implementation included with Juniper Networks Junos OS for the snmpd process.

A programming error allows a remote user to read unrelated data or trigger a
snmpd process crash.

This issue affects Juniper Networks Junos OS

  o 15.1 versions prior to 15.1R7-S7;
  o 16.1 versions prior to 16.1R7-S8;
  o 17.2 versions prior to 17.2R3-S4;
  o 17.2X75 versions prior to 17.2X75-D45;
  o 17.3 versions prior to 17.3R3-S8;
  o 17.4 versions prior to 17.4R2-S12, 17.4R3-S3;
  o 18.1 versions prior to 18.1R3-S9;
  o 18.2 versions prior to 18.2R3-S6;
  o 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D420, 18.2X75-D53,
    18.2X75-D60;
  o 18.3 versions prior to 18.3R2-S3, 18.3R3-S1;
  o 18.4 versions prior to 18.4R1-S5, 18.4R2-S5, 18.4R3;
  o 19.1 versions prior to 19.1R1-S4, 19.1R2-S2, 19.1R3;
  o 19.2 versions prior to 19.2R1-S5, 19.2R2;
  o 19.3 versions prior to 19.3R2.

This issue does not affect Junos OS with FreeBSD 6, for example Junos OS
15.1X49.

To verifiy which FreeBSD version is used in Junos OS, the administrator can use
the following commands:

user&device> start shell
% sysctl kern.osreldate
kern.osreldate: 601000  start shell
% sysctl kern.osreldate
kern.osreldate: 1001510 

Read More

The post ESB-2020.3553 – [Juniper] Junos OS: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/esb-2020-3553-juniper-junos-os-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3553-juniper-junos-os-multiple-vulnerabilities

ESB-2020.3551 – [Juniper] MX series/EX9200 Series running Junos OS: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3551
 JSA11062 - 2020-10 Security Bulletin: Junos OS: MX series/EX9200 Series:
      IPv6 DDoS protection does not work as expected. (CVE-2020-1665)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
                   MX series
                   EX9200 Series
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1665  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11062

- --------------------------BEGIN INCLUDED TEXT--------------------

2020-10 Security Bulletin: Junos OS: MX series/EX9200 Series: 
IPv6 DDoS protection does not work as expected. (CVE-2020-1665)

Article ID  : JSA11062
Last Updated: 14 Oct 2020
Version     : 2.0

Product Affected:
This issue affects Junos OS 17.2, 17.2X75, 17.3, 17.4, 18.2, 18.2X75, 18.3.
Affected platforms: MX series/EX9200 Series.
Problem:

On Juniper Networks MX Series and EX9200 Series, in a certain condition the
IPv6 Distributed Denial of Service (DDoS) protection might not take affect when
it reaches the threshold condition.

The DDoS protection allows the device to continue to function while it is under
DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC
Concentrator (FPC) during the DDoS attack.

When this issue occurs, the RE and/or the FPC can become overwhelmed, which
could disrupt network protocol operations and/or interrupt traffic.

This issue does not affect IPv4 DDoS protection.

This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet
Forwarding Engines).

Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs.

This issue affects Juniper Networks Junos OS on MX series and EX9200 Series:

  o 17.2 versions prior to 17.2R3-S4;
  o 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110;
  o 17.3 versions prior to 17.3R3-S8;
  o 17.4 versions prior to 17.4R2-S11, 17.4R3-S2;
  o 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3;
  o 18.2X75 versions prior to 18.2X75-D30;
  o 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.

The DDoS feature is enabled by default, there is no specific config stanza
required to enable DDoS protection, however it can be manually disabled.

To check if DDOS protection is enabled, the administrator can issue the
following command:

user@host> show ddos-protection statistics
DDOS protection global statistics:
Policing on routing engine: Yes
Policing on FPC: Yes

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was found during internal product security testing or research.

This issue has been assigned CVE-2020-1665 .

Solution:

The following software releases have been updated to resolve this specific
issue: Junos OS 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11,
17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2,
18.4R1, and all subsequent releases.

This issue is being tracked as 1377899 .

Workaround:

There are no viable workarounds for this issue.

Implementation:
Software releases or updates are available for download at https://
www.juniper.net/support/downloads/ .
Modification History:
2020-10-14: Initial Publication
CVSS Score:
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4e/vONLKJtyKPYoAQgq5Q/+MxRQdBuRZ2sip467SEE8gDbNenEqSw4E
9Ud9gvSQcpvK/JmvwI80kgJVuDz/xFOJ4b5x6bODjIonGZN5UztiYy3wNAsoaRiP
B68Qa2bNdCZy2L2vIIRHz8wLEywA+QpbolB+MACUU2S1itKta7j69sox2yNn2F/Q
pEcYUb83MqchBINq1qTpGyHYc29/SwGxA08aeBKglmq5gm2wxzp8FxNE6d2ZyREG
6Dr6RB+5ZF/mIJ5AKdcgrn/O/hDWD64qteghIL173A5rA1rsjpxc8WHh0Cpfxc6l
XxRNbdjFLoQaZMuHQqQvre03ITs1W+kjEpP/C3fM1/NKl9W5CkHLcV1Dw6S2HwZn
HvM26c0bbVPSsElk+lkK3FUiXHQX71UEarVxTbTUVH+X/BHMIMRc4Tjswp8YCAoO
MDFhv9EtJ/EYqsjXdgVBHn39W1Qtt0nrCKtlYgMes74WQOV3Hc0/RICfHC7uGLyU
+UhrfG/jg/2wSopLNxmqO8lO8s+cxlQx9W1GudSwgHLmoCTjLhyxBGY7yIj1zIqt
PywULighQXZOX1LOS0rVZXMaSPavVnqKEOQx+th1hgPTLGlYUEJpmhJqxMHj3AGC
JO04TCD2y4IltdTN0dlSVgkz8x3jE8t5HqbpnnGHu3JfL603rdoETqC4hyZeSYe7
djXhL4ghUwg=
=7xtq
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3551 – [Juniper] MX series/EX9200 Series running Junos OS: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/esb-2020-3551-juniper-mx-series-ex9200-series-running-junos-os-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3551-juniper-mx-series-ex9200-series-running-junos-os-denial-of-service-remote-unauthenticated

ESB-2020.3549 – [Win][UNIX/Linux] McAfee Application and Change Control (MACC): Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3549
           McAfee Application and Change Control update fixes a
        vulnerability in Package Control (CVE-2020-7334) (SB10333)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           McAfee Application and Change Control (MACC)
Publisher:         McAfee
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Modify Arbitrary Files -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7334  

Original Bulletin: 
   https://kc.mcafee.com/corporate/index?page=content&id=SB10333

- --------------------------BEGIN INCLUDED TEXT--------------------

McAfee Security Bulletin - Application and Change Control update fixes a
vulnerability in Package Control (CVE-2020-7334)

Security Bulletins ID   : SB10333

Last Modified           : 10/13/2020

Summary

First Published: October 13, 2020
+------------------+---------+-------------+----------------+--------+--------+
|                  |         |             |                |        |CVSS    |
|                  |Impacted |             |Impact of       |Severity|v3.1    |
|Product:          |Versions:|CVE ID:      |Vulnerabilities:|Ratings:|Base/   |
|                  |         |             |                |        |Temporal|
|                  |         |             |                |        |Scores: |
+------------------+---------+-------------+----------------+--------+--------+
|McAfee Application|         |             |Incorrect       |        |        |
|and Change Control|8.3.1 and|CVE-2020-7334|Privilege       |High    |8.2 /   |
|(MACC)            |earlier  |             |Assignment      |        |7.6     |
|                  |         |             |(CWE-266)       |        |        |
+------------------+---------+-------------+----------------+--------+--------+
|Recommendations:  |Install or update to MACC 8.3.2                           |
+------------------+----------------------------------------------------------+
|Security Bulletin |None                                                      |
|Replacement:      |                                                          |
+------------------+----------------------------------------------------------+
|Location of       |http://www.mcafee.com/us/downloads/downloads.aspx         |
|updated software: |                                                          |
+------------------+----------------------------------------------------------+

To receive email notification when this Security Bulletin is updated, click
Subscribe on the right side of the page. You must be logged on to subscribe.

Article contents:

  o Vulnerability Description
  o Remediation
  o Frequently Asked Questions (FAQs)
  o Resources
  o Disclaimer

Vulnerability Description
CVE-2020-7334
Improper privilege assignment vulnerability in the installer McAfee Application
and Change Control (MACC) prior to 8.3.2 allows local administrators to change
or update the configuration settings via a carefully constructed MSI configured
to mimic the genuine installer. This version adds further controls for
installation/uninstallation of software.
https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2020-7334
https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2020-7334
Remediation
To remediate this issue, go to the Product Downloads site , and download the
applicable product update file:
+-------+-------+------+----------------+
|Product|Version|Type  |Release Date    |
+-------+-------+------+----------------+
|MACC   |8.3.2  |Update|October 13, 2020|
+-------+-------+------+----------------+

Download and Installation Instructions
See KB56057 for instructions on how to download McAfee products, documentation,
updates, and hotfixes. Review the Release Notes and the Installation Guide for
instructions on how to install these updates. All documentation is available at
https://docs.mcafee.com .
Frequently Asked Questions (FAQs)
How do I know if my McAfee product is vulnerable or not
For endpoint products:
Use the following instructions for endpoint or client-based products:

 1. Right-click the McAfee tray shield icon on the Windows taskbar.
 2. Select Open Console .
 3. In the console, select Action Menu .
 4. In the Action Menu, select Product Details . The product version displays.

What is CVSS
CVSS, or Common Vulnerability Scoring System, is the result of the National
Infrastructure Advisory Council's effort to standardize a system of assessing
the criticality of a vulnerability. This system offers an unbiased criticality
score between 0 and 10 that customers can use to judge how critical a
vulnerability is and plan accordingly. For more information, visit the CVSS
website at: https://www.first.org/cvss/ .

When calculating CVSS scores, McAfee has adopted a philosophy that fosters
consistency and repeatability. Our guiding principle for CVSS scoring is to
score the exploit under consideration by itself. We consider only the immediate
and direct impact of the exploit under consideration. We do not factor into a
score any potential follow-on exploits that might be made possible by the
successful exploitation of the issue being scored.

What are the CVSS scoring metrics

CVE-2020-7334
+------------------------+-----------------------------+
|Base Score              |8.2                          |
+------------------------+-----------------------------+
|Attack Vector (AV)      |Local (L)                    |
+------------------------+-----------------------------+
|Attack Complexity (AC)  |Low (L)                      |
+------------------------+-----------------------------+
|Privileges Required (PR)|High (H)                     |
+------------------------+-----------------------------+
|User Interaction (UI)   |Required (R)                 |
+------------------------+-----------------------------+
|Scope (S)               |Changed (C)                  |
+------------------------+-----------------------------+
|Confidentiality (C)     |High (H)                     |
+------------------------+-----------------------------+
|Integrity (I)           |High (H)                     |
+------------------------+-----------------------------+
|Availability (A)        |High (H)                     |
+------------------------+-----------------------------+
|Temporal Score (Overall)|7.6                          |
+------------------------+-----------------------------+
|Exploitability (E)      |Functional exploit exists (F)|
+------------------------+-----------------------------+
|Remediation Level (RL)  |Official Fix (O)             |
+------------------------+-----------------------------+
|Report Confidence (RC)  |Confirmed (C)                |
+------------------------+-----------------------------+

NOTE: The below CVSS version 3.1 vector was used to generate this score.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:H/UI:R
/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C&version=3.1

Where can I find a list of all Security Bulletins
All Security Bulletins are published on our external PSIRT website at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see
Security Bulletins for McAfee Enterprise products on this website click
Enterprise Security Bulletins . Security Bulletins are retired (removed) once a
product is both End of Sale and End of Support (End of Life).

How do I report a product vulnerability to McAfee
If you have information about a security issue or vulnerability with a McAfee
product, visit the McAfee PSIRT website for instructions at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an
issue, click Report a Security Vulnerability .

How does McAfee respond to this and any other reported security flaws
Our key priority is the security of our customers. If a vulnerability is found
within any McAfee software or services, we work closely with the relevant
security software development team to ensure the rapid and effective
development of a fix and communication plan.

McAfee only publishes Security Bulletins if they include something actionable
such as a workaround, mitigation, version update, or hotfix. Otherwise, we
would simply be informing the hacker community that our products are a target,
putting our customers at greater risk. For products that are updated
automatically, a non-actionable Security Bulletin might be published to
acknowledge the discoverer.

View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/
threat-center/product-security-bulletins.aspx by clicking About PSIRT .
Resources
To contact Technical Support, log on to the ServicePortal and go to the Create
a Service Request page at https://support.mcafee.com/ServicePortal/faces/
serviceRequests/createSR :

  o If you are a registered user, type your User ID and Password, and then
    click Log In .
  o If you are not a registered user, click Register and complete the required
    fields. Your password and logon instructions will be emailed to you.

Disclaimer
The information provided in this Security Bulletin is provided as is without
warranty of any kind. McAfee disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall McAfee or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if McAfee or its suppliers have
been advised of the possibility of such damages. Some states do not allow the
exclusion or limitation of liability for consequential or incidental damages so
the preceding limitation may not apply.

Any future product release dates mentioned in this Security Bulletin are
intended to outline our general product direction, and they should not be
relied on in making a purchasing decision. The product release dates are for
information purposes only, and may not be incorporated into any contract. The
product release dates are not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. The development, release, and
timing of any features or functionality described for our products remains at
our sole discretion and may be changed or canceled at any time

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4ekw+NLKJtyKPYoAQjBcw/+KzNTcJgeybDmZofDEM3fwPzpY+sPTVZU
0KvIisL2WWVWGQHm5RqAvFe/6805QRc5S+6ozxLe1ShI0Wvtti093WFmdhy4yqUI
sNkrMQK4dqiKaULN4HhqUCpfGUf01BWOcR8XIbcKUYcKy1FpPRirLUexuMY3rzaD
r+xi6nkek9/LOA33a1tbXl8SclRuTzU/Q3r42DSSW979zkTjc5McnWP9pN2xtFBf
rdejt8vSXRfiNWhdO1H+Xkrn+Z+AvIYj1eOuWYqJAH1UDMsO1NxesPZhOftUVy9L
rOKeEZ+898jyW0bCLm3BU/xnVdNRWkeG2l9FEviFWmxdTXdiA1bsLUDrBOQr+jX+
2rfzgEDWkflnhQd4iOXDem71YY+HWYvIkqBySoSknAzbC7RupDH7y6yw117NpAM5
s3JsVG+L2kaNplrRHYPVk181UZBUN9seb0fM9MdtIORVw85oEoEza7qy88HAkE7F
0nF+2UxQ3ZlC8Kw6iBRAKrTWtTPfvQWL3lG8t8i0ButLKtqDldGy3UKHqywPwn1h
LDxRlZfS7XlGV5SCDA6AkELl1L9gGEOvFECyGjIcxd53DqWuudz7pn1GAAnggrxz
aYiZQUmZyi1HQ5m7v0mUlnNImPxE9uQ1eIWZrvgES3bRNCD3Che+Ax9MVSzFQ10t
btkPgaPftkk=
=1x8V
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3549 – [Win][UNIX/Linux] McAfee Application and Change Control (MACC): Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/esb-2020-3549-winunix-linux-mcafee-application-and-change-control-macc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3549-winunix-linux-mcafee-application-and-change-control-macc-multiple-vulnerabilities