Malware Devil

Loading...

Monday, October 19, 2020

GravityRAT Spyware Targets Android & MacOS in India

Register for Dark Reading Newsletters

Subscribe to Newsletters

image

White Papers

image

Video

image
image
image
Cartoon
image

Current Issue

imageSpecial Report: Computing’s New NormalThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
image

Flash Poll

image
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world — and enterprise computing — on end. Here’s a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
image

Twitter Feed

Dark Reading - Bug Report

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-15256
PUBLISHED: 2020-10-19

A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and settin…

CVE-2020-15261
PUBLISHED: 2020-10-19

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don’t have administr…

CVE-2020-6084
PUBLISHED: 2020-10-19

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic…

CVE-2020-6085
PUBLISHED: 2020-10-19

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic…

CVE-2020-10746
PUBLISHED: 2020-10-19

A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

The post GravityRAT Spyware Targets Android & MacOS in India appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/gravityrat-spyware-targets-android-macos-in-india/?utm_source=rss&utm_medium=rss&utm_campaign=gravityrat-spyware-targets-android-macos-in-india
at No comments:
Labels:

IoT Vulnerability Disclosure Platform Launched

Register for Dark Reading Newsletters

Subscribe to Newsletters

image

White Papers

image

Video

image
image
image
Cartoon
image

Current Issue

imageSpecial Report: Computing’s New NormalThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
image

Flash Poll

image
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world — and enterprise computing — on end. Here’s a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
image

Twitter Feed

Dark Reading - Bug Report

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-15256
PUBLISHED: 2020-10-19

A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and settin…

CVE-2020-15261
PUBLISHED: 2020-10-19

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don’t have administr…

CVE-2020-6084
PUBLISHED: 2020-10-19

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic…

CVE-2020-6085
PUBLISHED: 2020-10-19

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic…

CVE-2020-10746
PUBLISHED: 2020-10-19

A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

The post IoT Vulnerability Disclosure Platform Launched appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/iot-vulnerability-disclosure-platform-launched/?utm_source=rss&utm_medium=rss&utm_campaign=iot-vulnerability-disclosure-platform-launched
at No comments:
Labels:

Microsoft Tops Q3 List of Most-Impersonated Brands

The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point’s latest report on brand phishing.

Microsoft bumped Amazon and Google to place first for the brand most imitated by cybercriminals in phishing attacks that go after individuals’ account credentials and payment information, according to Check Point’s “Q3 Brand Phishing Report.”

According to Omer Dembinsky, team leader on Check Point’s data research team, 19% of all brand phishing attempts studied by the company last quarter related to Microsoft. Overall, 44% of phishing attacks were via email, 43% were via the Web, and another 12% were mobile.

“We don’t know for sure what the reasons are, but it’s clear that many organizations have their people working remotely using Office 365 and Teams, and those Microsoft applications are vulnerable,” Dembinsky says. “We don’t always tell people whythe trends exist – our goal is to tell security teams whatthe risks are so they can respond.”

Stu Sjouwerman, CEO of KnowBe4, which provides security awareness training, says Microsoft is typically among brands most impersonated.

“Microsoft’s size and broad range of products and services means that many different types of phishing campaigns can be created to push all sorts of luring messages to fool victims,” Sjouwerman says. “Phishers are also likely seizing on the popularity of Office 365 users who already use and trust Microsoft email as a daily part of their lives so that when a message is sent by someone pretending to be from Microsoft, some percentage of potential victims are more inclined to trust a message or suggested action than if it came from a brand that wasn’t already part of their daily use.”

The technology sector was the most likely targeted industry for brand phishing attacks, followed by banking and social networking sites, according to the Check Point report.

In a brand phishing attack, cybercriminals imitate the official website of a brand by using a similar domain name, or URL, and website design. They send the link to the fake website to targeted individuals via email or text message. The attackers can also redirect users during web browsing, or the brand phishing can get triggered from a fraudulent mobile application. On the mobile front specifically, the top brands imitated in Q3 were WhatsApp, PayPal, and Facebook.

“The top three mobile impersonated brands have a significantly higher proportion of end users who conduct the majority of their business with that brand over their mobile phones,” Sjouwerman says. “For example, nearly all Instagram activity occurs over cell phones and very little via larger form-factor devices. So it intuitively makes sense that phishers would borrow the brands that are more closely tied to mobile devices to send mobile-based phishing.”

6 Tips
As part of its Q3 report, Check Point offers the following six tips to security teams looking to educate their companies and employees about brand phishing attacks:

Learn the red flags: Certain characteristics can give away an attack via email. They include poor formatting, spelling and grammar mistakes, and generic greetings, such as “Dear user” or “Dear customer.” Links should start with https:// (not http://), and any email that conveys a sense of urgency or wants the user to respond quickly should be regarded with suspicion.

Avoid oversharing information: As a general rule, share the bare minimum, no matter what site is requesting information. Users never need to provide their Social Security numbers to conduct a transaction, and they never need to provide credentials to third parties.

Delete suspicious emails: If something doesn’t seem right, it probably isn’t. Suspicious emails should be deleted without opening or clicking on any links, or forwarded them to the IT department for investigation.

Don’t click on attachments: Do not open attachments – especially Word, Excel, PowerPoint, or PDFs – in suspicious or strange emails.

Verify the sender: With every email received, take a good look at who sent it. Who or what is the source? Watch for misspellings or alterations in the email addresses of the email sender. Do not hesitate to block suspicious email senders via the email client.

Keep all applications up-to-date: Make sure all apps on mobile phones and desktop and laptop computers have the latest software versions, which contain the latest vulnerability patches and defenses.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

More Webcasts

White Papers

More White Papers

Reports

More Reports

The post Microsoft Tops Q3 List of Most-Impersonated Brands appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/microsoft-tops-q3-list-of-most-impersonated-brands/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-tops-q3-list-of-most-impersonated-brands
at No comments:
Labels:

Securing Internet-Connected Devices in Healthcare

We’ve been talking about Cybersecurity Awareness Month in the last couple of posts, following along…

The post Securing Internet-Connected Devices in Healthcare appeared first on Gurucul.

The post Securing Internet-Connected Devices in Healthcare appeared first on Security Boulevard.

Read More

The post Securing Internet-Connected Devices in Healthcare appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/securing-internet-connected-devices-in-healthcare/?utm_source=rss&utm_medium=rss&utm_campaign=securing-internet-connected-devices-in-healthcare
at No comments:
Labels:

Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video

“Nuke Bizzle” faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, “EDD.”
Read More

The post Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/rapper-scams-1-2m-in-covid-19-relief-gloats-with-edd-video/?utm_source=rss&utm_medium=rss&utm_campaign=rapper-scams-1-2m-in-covid-19-relief-gloats-with-edd-video
at No comments:
Labels:

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks.
Read More

The post DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/doj-charges-6-sandworm-apt-members-in-notpetya-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=doj-charges-6-sandworm-apt-members-in-notpetya-cyberattacks
at No comments:
Labels:

Windows “Ping of Death”, SonicWall VPN RCE , & MediaTek BootROM Glitch – ASW #126

Patch Your Windows – “Ping of Death” bug revealed, 800,000 SonicWall VPNs vulnerable to remote code execution bug, T2 Exploit Team Creates Cable That Hacks Mac, Zoom Rolling Out End-to-End Encryption, and ‘BleedingTooth’ Bluetooth flaw!

Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw126

The post Windows “Ping of Death”, SonicWall VPN RCE , & MediaTek BootROM Glitch – ASW #126 appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/windows-ping-of-death-sonicwall-vpn-rce-mediatek-bootrom-glitch-asw-126-2/?utm_source=rss&utm_medium=rss&utm_campaign=windows-ping-of-death-sonicwall-vpn-rce-mediatek-bootrom-glitch-asw-126-2
at No comments:
Labels:

Windows “Ping of Death”, SonicWall VPN RCE , & MediaTek BootROM Glitch – ASW #126

Patch Your Windows – “Ping of Death” bug revealed, 800,000 SonicWall VPNs vulnerable to remote code execution bug, T2 Exploit Team Creates Cable That Hacks Mac, Zoom Rolling Out End-to-End Encryption, and ‘BleedingTooth’ Bluetooth flaw!

Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/asw126

The post Windows “Ping of Death”, SonicWall VPN RCE , & MediaTek BootROM Glitch – ASW #126 appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/windows-ping-of-death-sonicwall-vpn-rce-mediatek-bootrom-glitch-asw-126/?utm_source=rss&utm_medium=rss&utm_campaign=windows-ping-of-death-sonicwall-vpn-rce-mediatek-bootrom-glitch-asw-126
at No comments:
Labels:

Still Looking For RASP Resources? SANS Has A RASP Report

It turns out the SANS Institute created a report titled, “Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications” in April of 2019, and covers a lot of useful information about what RASP is.

The post Still Looking For RASP Resources? SANS Has A RASP Report appeared first on K2io.

The post Still Looking For RASP Resources? SANS Has A RASP Report appeared first on Security Boulevard.

Read More

The post Still Looking For RASP Resources? SANS Has A RASP Report appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/still-looking-for-rasp-resources-sans-has-a-rasp-report/?utm_source=rss&utm_medium=rss&utm_campaign=still-looking-for-rasp-resources-sans-has-a-rasp-report
at No comments:
Labels:

What does a hacker look like?

2020 has been rife with cyberattacks, but who is behind these hacks? We dig into the details.

The post What does a hacker look like? appeared first on Security Boulevard.

Read More

The post What does a hacker look like? appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/what-does-a-hacker-look-like/?utm_source=rss&utm_medium=rss&utm_campaign=what-does-a-hacker-look-like
at No comments:
Labels:

Cybersecurity Professionals Feel Threatened by the Adoption of AI and Automation Tools, Survey Finds

Cybersecurity Professionals Feel Threatened by the Adoption of AI and Automation Tools, Survey Finds
  • AI, machine learning and automation aid in cybersecurity
  • People feel threatened by the adoption of new technologies
  • Cybersecurity specialists recommend their field as a career option

The post Cybersecurity Professionals Feel Threatened by the Adoption of AI and Automation Tools, Survey Finds appeared first on Security Boulevard.

Read More

The post Cybersecurity Professionals Feel Threatened by the Adoption of AI and Automation Tools, Survey Finds appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/cybersecurity-professionals-feel-threatened-by-the-adoption-of-ai-and-automation-tools-survey-finds/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-professionals-feel-threatened-by-the-adoption-of-ai-and-automation-tools-survey-finds
at No comments:
Labels:

Pandemic Pushes Security Analysts to the Brink

security analysts

Even when times are good, security analysts working in Security Operations Centers (SOCs) are up against it. They must stay on top of a rising tide of ever-changing threats, knowing all the while they will be first in the firing line if ever a breach occurs. The COVID-19 pandemic has only made this job more..

The post Pandemic Pushes Security Analysts to the Brink appeared first on Security Boulevard.

Read More

The post Pandemic Pushes Security Analysts to the Brink appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/pandemic-pushes-security-analysts-to-the-brink/?utm_source=rss&utm_medium=rss&utm_campaign=pandemic-pushes-security-analysts-to-the-brink
at No comments:
Labels:

IoT Sex Toy Security Flaw | Avast

When we talk about the Internet of Things (IoT), we’re usually talking about “smart” home appliances. Fridges. Coffeemakers. Virtual assistants. But there’s another category of device that is also increasingly connected to the internet: sex toys. And, like other IoT devices, app-connected sex toys are at risk of security and privacy violations if they’re not created with security in mind. 

The post IoT Sex Toy Security Flaw | Avast appeared first on Security Boulevard.

Read More

The post IoT Sex Toy Security Flaw | Avast appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/iot-sex-toy-security-flaw-avast/?utm_source=rss&utm_medium=rss&utm_campaign=iot-sex-toy-security-flaw-avast
at No comments:
Labels:

QAnon/8Chan Sites Briefly Knocked Offline

A phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. Following a brief disruption, the sites have come back online with the help of an Internet company based in St. Petersburg, Russia.

The post QAnon/8Chan Sites Briefly Knocked Offline appeared first on Security Boulevard.

Read More

The post QAnon/8Chan Sites Briefly Knocked Offline appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/qanon-8chan-sites-briefly-knocked-offline-2/?utm_source=rss&utm_medium=rss&utm_campaign=qanon-8chan-sites-briefly-knocked-offline-2
at No comments:
Labels:

QAnon/8Chan Sites Briefly Knocked Offline

A phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. Following a brief disruption, the sites have come back online with the help of an Internet company based in St. Petersburg, Russia.

The IP address range in the upper-right portion of this map of QAnon and 8kun-related sites — 203.28.246.0/24 — is assigned to VanwaTech and briefly went offline this evening. Source: twitter.com/Redrum_of_Crows.

A large number of 8kun and QAnon-related sites (see map above) are connected to the Web via a single Internet provider in Vancouver, Wash. called VanwaTech (a.k.a. “OrcaTech“). Previous appeals to VanwaTech to disconnect these sites have fallen on deaf ears, as the company’s owner Nick Lim reportedly has been working with 8kun’s administrators to keep the sites online in the name of protecting free speech.

But VanwaTech also had a single point of failure on its end: The swath of Internet addresses serving the various 8kun/QAnon sites were being protected from otherwise crippling and incessant distributed-denial-of-service (DDoS) attacks by Hillsboro, Ore. based CNServers LLC.

On Sunday evening, security researcher Ron Guilmette placed a phone call to CNServers’ owner, who professed to be shocked by revelations that his company was helping QAnon and 8kun keep the lights on.

Within minutes of that call, CNServers told its customer — Spartan Host Ltd., which is registered in Belfast, Northern Ireland — that it would no longer be providing DDoS protection for the set of 254 Internet addresses that Spartan Host was routing on behalf of VanwaTech.

Contacted by KrebsOnSecurity, the person who answered the phone at CNServers asked not to be named in this story for fear of possible reprisals from the 8kun/QAnon crowd. But they confirmed that CNServers had indeed terminated its service with Spartan Host. That person added they weren’t a fan of either 8kun or QAnon, and said they would not self-describe as a Trump supporter.

CNServers said that shortly after it withdrew its DDoS protection services, Spartan Host changed its settings so that VanwaTech’s Internet addresses were protected from attacks by ddos-guard[.]net, a company based in St. Petersburg, Russia.

Spartan Host’s founder, 25-year-old Ryan McCully, confirmed CNServers’ report. McCully declined to say for how long VanwaTech had been a customer, or whether Spartan Host had experienced any attacks as a result of CNServers’ action.

McCully said while he personally doesn’t subscribe to the beliefs espoused by QAnon or 8kun, he intends to keep VanwaTech as a customer going forward.

“We follow the ‘law of the land’ when deciding what we allow to be hosted with us, with some exceptions to things that may cause resource issues etc.,” McCully said in a conversation over instant message. “Just because we host something, it doesn’t say anything about we do and don’t support, our opinions don’t come into hosted content decisions.”

But according to Guilmette, Spartan Host’s relationship with VanwaTech wasn’t widely known previously because Spartan Host had set up what’s known as a “private peering” agreement with VanwaTech. That is to say, the two companies had a confidential business arrangement by which their mutual connections were not explicitly stated or obvious to other Internet providers on the global Internet.

Guilmette said private peering relationships often play a significant role in a good deal of behind-the-scenes-mischief when the parties involved do not want anyone else to know about their relationship.

“These arrangements are business agreements that are confidential between two parties, and no one knows about them, unless you start asking questions,” Guilmette said. “It certainly appears that a private peering arrangement was used in this instance in order to hide the direct involvement of Spartan Host in providing connectivity to VanwaTech and thus to 8kun. Perhaps Mr. McCully was not eager to have his involvement known.”

8chan, which rebranded last year as 8kun, has been linked to white supremacism, neo-Nazism, antisemitism, multiple mass shootings, and is known for hosting child pornography. After three mass shootings in 2019 revealed the perpetrators had spread their manifestos on 8chan and even streamed their killings live there, 8chan was ostracized by one Internet provider after another.

The FBI last year identified QAnon as a potential domestic terror threat, noting that some of its followers have been linked to violent incidents motivated by fringe beliefs.

Further reading:

What Is QAnon?

QAnon: A Timeline of Violent Linked to the Conspiracy Theory

Read More

The post QAnon/8Chan Sites Briefly Knocked Offline appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/qanon-8chan-sites-briefly-knocked-offline/?utm_source=rss&utm_medium=rss&utm_campaign=qanon-8chan-sites-briefly-knocked-offline
at No comments:
Labels:

TrickBot Takedown, VPN Flaws, Zoom End-to-End Encryption

In episode 143 for October 19th 2020: Microsoft gets creative to help take down the TrickBot botnet, details on how attackers have been using VPN flaws to attack election support systems, and Zoom’s rollout of end-to-end encryption. ** Links mentioned on the show ** “The Social Dilemma” A Conversation about the Pros and Cons of […]

The post TrickBot Takedown, VPN Flaws, Zoom End-to-End Encryption appeared first on The Shared Security Show.

The post TrickBot Takedown, VPN Flaws, Zoom End-to-End Encryption appeared first on Security Boulevard.

Read More

The post TrickBot Takedown, VPN Flaws, Zoom End-to-End Encryption appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/trickbot-takedown-vpn-flaws-zoom-end-to-end-encryption/?utm_source=rss&utm_medium=rss&utm_campaign=trickbot-takedown-vpn-flaws-zoom-end-to-end-encryption
at No comments:
Labels:

IoT Devices: Privacy and Security in Abusive Relationships

A few weeks, ago, technology news site The Verge reported on a new Ring security camera that is in fact a drone that flies around inside your house. Available beginning next year, the ‘Always Home Cam’ is supposed to give its owners a total view of their home without the need for multiple cameras. Those […]… Read More

The post IoT Devices: Privacy and Security in Abusive Relationships appeared first on The State of Security.

The post IoT Devices: Privacy and Security in Abusive Relationships appeared first on Security Boulevard.

Read More

The post IoT Devices: Privacy and Security in Abusive Relationships appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/iot-devices-privacy-and-security-in-abusive-relationships/?utm_source=rss&utm_medium=rss&utm_campaign=iot-devices-privacy-and-security-in-abusive-relationships
at No comments:
Labels:

3 Zones that Require Network Security for Industrial Remote Access

By now, we have a good understanding of what secure remote access (SRA) is and why organizations might choose to enable it for their OT environments. We also know that securing IT-OT collaboration, leveraging guidance from best practice frameworks and using an automated solution can help organizations to implement this type of access. Even so, […]… Read More

The post 3 Zones that Require Network Security for Industrial Remote Access appeared first on The State of Security.

The post 3 Zones that Require Network Security for Industrial Remote Access appeared first on Security Boulevard.

Read More

The post 3 Zones that Require Network Security for Industrial Remote Access appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/3-zones-that-require-network-security-for-industrial-remote-access/?utm_source=rss&utm_medium=rss&utm_campaign=3-zones-that-require-network-security-for-industrial-remote-access
at No comments:
Labels:

ESB-2020.3586 – [Win] Microsoft Windows Codecs Library and Visual Studio Code: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3586
         New Security Updates for Microsoft Windows Codecs Library
                          and Visual Studio Code
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Windows Codecs Library
                   Microsoft Visual Studio Code
                   Microsoft Dynamics 365 Commerce
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-17023 CVE-2020-17022 CVE-2020-16943

Reference:         ASB-2020.0167

Original Bulletin: 
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16943

Comment: This bulletin contains three (3) Microsoft security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: October 15, 2020
**************************************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2020-16943
* CVE-2020-17022
* CVE-2020-17023
 

Revision Information:
=====================

* CVE-2020-16943

 - CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16943
 - Version 2.0
 - Reason for Revision: In the Security Updates table, removed the Article and Download
   links because an update is not yet available for Dynamics 365 Commerce. Customers
   will be notified via a revision to this CVE information when an update becomes
   available.
 - Originally posted: October 13, 2020
 - Updated: October 13, 2020
 - Aggregate CVE Severity Rating: Important

* CVE-2020-17022

 - CVE-2020-17022 | Remote Desktop Services Remote Code Execution Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
 - Version 1.0
 - Reason for Revision: Information published.
 - Originally posted: October 15, 2020
 - Updated: N/A
 - Aggregate CVE Severity Rating: Important

* CVE-2020-17023

 - CVE-2020-17023 | Visual Studio JSON Remote Code Execution Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
 - Version 1.0
 - Reason for Revision: Information published.
 - Originally posted: October 15, 2020
 - Updated: N/A
 - Aggregate CVE Severity Rating: Important


**************************************************************************************
 
Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================

If you receive an email message that claims to be distributing a Microsoft security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security 
notifications. However, PGP is not required for reading security notifications, 
reading security bulletins, or installing security updates. You can obtain the MSRC
public PGP key at .

**************************************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT 
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, 
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS 
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
**************************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at 
.

If you would prefer not to receive future technical security notification alerts by 
email from Microsoft and its family of companies please visit the following website 
to unsubscribe:
.

These settings will not affect any newsletters you've requested or any mandatory 
service communications that are considered part of certain Microsoft services.

For legal Information, see:
.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEELTQbGKdJ0A4NErYObMczVWaPe3UFAl+I3HUACgkQbMczVWaP
e3WVbwf9EJfqNYIskGIpqS+sI3mTBlNiZTfnCR7w2fhrz0trvcq5I4gxwqzdswrN
ChRP8ZSRVcTmnvnAVyMI0pUfB6cz/42yf/K8byzVZgqNIDtIoKwaKvL0QN/sGzU2
CMsUJU09eP+YPamQ9w/7iyU91RpKzj/kd4nnQEmJAy8nEBUzWZkSUxgnV7qJVRmN
8Yse5jxVDDIYnUzuYCY2cV/oiBkuN4ZhhFl20iKlXaLq+etCRQY/r8Ll2lJAz7Ub
OuFmKlWqZhuuVBEfJAXWM82bg3ztdI5hSOD5CdBsflwSMvK3DBN0LFw5SUhI7aT/
Qh5NZxuuAOGP88OSwJGO5Ao8NlWDEA==
=UDkC
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX40vHeNLKJtyKPYoAQhuHg/9F7Yd21vIcWySblo6xW9xxNZ9yPWpukos
MoAv3JU75SOjoFZE6gRIJQ7PzGt+V2AEZkbfeLYQzC7DenkVvC36QJUl3YBKWY/c
ewHJT88lnRj/UHh0zl7YZ+UeNV9mkiRFpgrMJo6QGg3biNR7P4wqPwtckCAfoCFr
uLRS24XK+SNpd0sjnQJDwyNbsbybELU9pPhFACOGyE7RXO8dgi8gWqQCQxHMsz13
OjDMo3p6dNBC4chl9P7ACJWRqN2Q2xD6uqbeRq91E82hjo96QQB2r8lqDUuXjYv3
vUt1SiyHofSW6VzD2kB4ozHW/OXvTwDvyfmObZUCCISRwOKFwRVNgm7L9Njr8rQA
qYoxgEU2COi9Luwn7JYECiIkGsSlOjqwnfeEIlfq8dngh7EG0emczwbVRqTnkRwl
GA1CZYBQFUR4rQOljtaBAbSDQFua6v0tTHiJ1fytM0fjEZdDkU5XObFPj8WOmOMj
syxwEm1Ixw6kYoLwL35sKHyORm8u/MqWMakV1DyNLzEO+xGEEhGtLnDoJ7XurLZ4
5S1MkrGyynqOGQ6th7ErMTCleSjiFcd7FeqhzJRJovgK3ZyjeBKDREsgBJwXb1DN
pCVv2gj3q2ZsAGRablXrpVHG7V7Qou9AByMJ8Gr7j4WqBDFhGufXLs9detDtyewh
kNb4nv+fkNA=
=BD5Q
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3586 – [Win] Microsoft Windows Codecs Library and Visual Studio Code: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/esb-2020-3586-win-microsoft-windows-codecs-library-and-visual-studio-code-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3586-win-microsoft-windows-codecs-library-and-visual-studio-code-multiple-vulnerabilities
at No comments:
Labels:
Subscribe to: Posts (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...