Malware Devil

Thursday, April 29, 2021

Non-sensitive PII + Sensitive PII = Sensitive PII

Non-sensitive PII refers to any information that is publicly available. If any of the information is combined with sensitive PII, then it would become sensitive PII. Some Examples of Non-sensitive PII are: Work phone # Work fax # Work email address Work location Sensitive PII is personally identifiable information, which if lost, compromised, or disclosed […]

The post Non-sensitive PII + Sensitive PII = Sensitive PII appeared first on Security Boulevard.

The post Non-sensitive PII + Sensitive PII = Sensitive PII appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/non-sensitive-pii-sensitive-pii-sensitive-pii/?utm_source=rss&utm_medium=rss&utm_campaign=non-sensitive-pii-sensitive-pii-sensitive-pii

Network Security News Summary for Thursday April 29th, 2021

Stopping Google FLoC; RotaJakiro Backdoor; F5 Big IP Kerberos Bypass

Stopping Google FLoC
https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/
https://amifloced.org

RotaJakiro Backdoor
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/

F5 Big IP Kerberos Spoofing Vulnerablity
https://support.f5.com/csp/article/K51213246

keywords: f5; big-ip; kerberos; spoofing; rotajakrio; backdoor; linux; floc; google

The post Network Security News Summary for Thursday April 29th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/network-security-news-summary-for-thursday-april-29th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-thursday-april-29th-2021

Wednesday, April 28, 2021

FluBot Malware’s Rapid Spread May Soon Hit US Phones

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.

A type of Android malware known as FluBot has been spreading through multiple European countries and may soon land on smartphones in the United States, security researchers warn.

The operators behind FluBot initially targeted devices in Spain, which made up the majority of attacks when the malware was detected late last year. Now, its campaigns have expanded to affect Android phones in the United Kingdom, Germany, Hungary, Italy, and Poland, Proofpoint researchers learned through the company’s own data and open source intelligence.

FluBot’s English-language campaign, which has almost entirely targeted phones in the UK, has used more than 700 unique domains. The UK campaign started with messages from Germany; these were quickly replaced with messages from UK senders. The German-language messages were turned off once the UK messages were established, indicating a conscious effort to spread FluBot from country to country. Soon, researchers believe it may spread to the US as well.

“Currently, Proofpoint has seen German and English-language SMS messages being sent to US users from Europe, which may be the result of the malware sending to everyone on the infected devices’ contact lists,” says Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. This is similar to how FluBot began to spread in the UK, she adds, and given it already supports English, adding US to the list of targets wouldn’t be hard for attackers.

That said, researchers aren’t yet seeing a concerted effort to target US phones as they’re currently seeing in the UK.

A FluBot infection starts with the victim receiving an SMS message impersonating a delivery service; for example, FedEx, DHL, and Correos. The messages vary, but stick with the delivery theme. Some English-language texts have said, “Delivery date is 24/04. Follow the journey at,” or “Hi. We have (1) package pending on your name. Schedule delivery now:”

Each malicious message contains a link. If clicked, the victim is prompted to download a mobile app designed with the delivery service’s logo as its icon. The app uses legitimate-looking APK files that contain FluBot encrypted and embedded inside, researchers said in a blog post. After the app is installed, the victim is prompted to provide FluBot with full access to their device.

With these permissions, both versions of FluBot in use can act as spyware, an SMS spammer, and credit card and banking-credential stealer. It can also intercept text messages and USSD messages from the telecom operator; open pages on a victim’s browser, disable Google Play Protect; and uninstall apps as directed by the command-and-control (C2) server.

DeGrippo says the malware’s capabilities indicate “the threat actor is likely financially motivated and wants to continue to spread the malware for that purpose.”

To spread, FluBot contacts the command-and-control server to send the victim’s contact list. It receives an SMS phishing message and a number to continue spreading using the target phone.

New Versions, New Tactics

Proofpoint researchers reverse-engineered samples of FluBot versions 3.7 and 4.0. They learned while both have the same functionality, they differ in elements of their obfuscation and C2 communication.

FluBot uses a domain generation algorithm (DGA) to connect to the C2 server, creating a list of domains to try to access until it can find an accessible one. This tactic lets attackers quickly switch the domains they use for C2 communications in case one is blocked or taken down. FluBot version 4.0 tailors this process by using the language set of the victim’s Android phone.

“The most interesting aspect of this malware is its evolution in adding a number to the seed used by DGA for its C2 communication,” she explains. “In the latest version of the malware, it adds a number based on the language set of the victim’s device. This is what also makes FluBot different from other mobile threats we’ve researched.”

So far, there is no indication FluBot’s operators are targeting a subset of Android users. Right now, DeGrippo says, the threat is widespread and campaign volumes are large. Researchers believe it will continue to spread at a rapid rate across countries.

How to know if you’re hit? If someone downloads one of the fake applications spoofing FedEx, DHL, or Correos, they can click the icon in Settings to view the app’s details. When they attempt to swipe down on the screen, that may indicate a problem, she notes, because the malicious app won’t let you view details. Researchers advise users to remain wary of unexpected text messages, avoid installing apps outside of legitimate app stores, and verify requested permissions make sense when new apps are installed.

“SMS potentially could be a viable long-term attack vector for malware distribution,” DeGrippo says of this type of mobile threat. Android has its controls and protections, such as the permission-based controls in the app installation process that describe the software’s abilities before installation. These, plus other Android security features surrounding the installation of unknown APKs, have shrunk the attack surface for mobile phones.

Still, attackers are always looking for opportunities to get malicious software onto target devices, and FluBot’s success will likely inspire copycats, she continues. As the research team notes in their blog post, so long as people are willing to trust unexpected SMS messages and follow attackers’ instructions, campaigns like these will continue to spread.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Data Center Network Operations (NetOps) Reimagined

Managing a Hybrid Cloud Infrastructure

More Webcasts

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

CPRA: The Simple Guide

More White Papers

Reports

We Need Your Input: Trends in Workforce Optimization

Accelerate Threat Resolutions with DNS

More Reports

The post FluBot Malware’s Rapid Spread May Soon Hit US Phones appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/flubot-malwares-rapid-spread-may-soon-hit-us-phones-3/?utm_source=rss&utm_medium=rss&utm_campaign=flubot-malwares-rapid-spread-may-soon-hit-us-phones-3

Doghouse: How Not to Build a Club or a House.

There’s not much to add to a brilliant take-down of the toxic and completely tone-deaf platform just launched called Clubhouse. …demonstrates a growing chasm between attitudes in the United States and Europe about data governance, as Silicon Valley continues to export its technology and ideals around the world. Scraping is the same technique that controversial … Continue reading Doghouse: How Not to Build a Club or a House. →

The post Doghouse: How Not to Build a Club or a House. appeared first on Security Boulevard.

The post Doghouse: How Not to Build a Club or a House. appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/doghouse-how-not-to-build-a-club-or-a-house/?utm_source=rss&utm_medium=rss&utm_campaign=doghouse-how-not-to-build-a-club-or-a-house

Authentication vs. Authorization: Why Privileged Access Matters – Joseph Carson – ESW #225

Authentication and authorization might sound similar, but they are two distinct security processes. Joe Carson, Chief Security Scientist at Thycotic, joins us to discuss why privileges, not identities, are one of the biggest challenges for identity and access. Joe will share Thycotic’s simple approach to solving privileged access.

This segment is sponsored by Thycotic.

Visit https://securityweekly.com/thycotic to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw225

The post Authentication vs. Authorization: Why Privileged Access Matters – Joseph Carson – ESW #225 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/authentication-vs-authorization-why-privileged-access-matters-joseph-carson-esw-225/?utm_source=rss&utm_medium=rss&utm_campaign=authentication-vs-authorization-why-privileged-access-matters-joseph-carson-esw-225

HackerOne Enhances Platform, PANW Expands Unit 42, & More Funding – ESW #225

In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take cyber security firm Proofpoint private, BlackRock, Tudor Group Back Cybersecurity Startup Deep Instinct, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw225

The post HackerOne Enhances Platform, PANW Expands Unit 42, & More Funding – ESW #225 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/hackerone-enhances-platform-panw-expands-unit-42-more-funding-esw-225/?utm_source=rss&utm_medium=rss&utm_campaign=hackerone-enhances-platform-panw-expands-unit-42-more-funding-esw-225

Experian API Exposed Credit Scores of Most Americans

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

The post Experian API Exposed Credit Scores of Most Americans appeared first on Security Boulevard.

The post Experian API Exposed Credit Scores of Most Americans appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/experian-api-exposed-credit-scores-of-most-americans-2/?utm_source=rss&utm_medium=rss&utm_campaign=experian-api-exposed-credit-scores-of-most-americans-2

Experian API Exposed Credit Scores of Most Americans

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Bill Demirkapi, an independent security researcher who’s currently a sophomore at the Rochester Institute of Technology, said he discovered the data exposure while shopping around for student loan vendors online.

Demirkapi encountered one lender’s site that offered to check his loan eligibility by entering his name, address and date of birth. Peering at the code behind this lookup page, he was able to see it invoked an Experian Application Programming Interface or API — a capability that allows lenders to automate queries for FICO credit scores from the credit bureau.

“No one should be able to perform an Experian credit check with only publicly available information,” Demirkapi said. “Experian should mandate non-public information for promotional inquiries, otherwise an attacker who found a single vulnerability in a vendor could easily abuse Experian’s system.”

Demirkapi found the Experian API could be accessed directly without any sort of authentication, and that entering all zeros in the “date of birth” field let him then pull a person’s credit score. He even built a handy command-line tool to automate the lookups, which he dubbed “Bill’s Cool Credit Score Lookup Utility.”

Demirkapi’s Experian credit score lookup tool.

KrebsOnSecurity put that tool to the test, asking permission from a friend to have Demirkapi look up their credit score. The friend agreed and said he would pull his score from Experian (at this point I hadn’t told him that Experian was involved). The score he provided matched the score returned by Demirkapi’s lookup tool.

In addition to credit scores, the Experian API returns for each consumer up to four “risk factors,” indicators that might help explain why a person’s score is not higher.

For example, in my friend’s case Bill’s tool said his mid-700s score could be better if the proportion of balances to credit limits was lower, and if he didn’t owe so much on revolving credit accounts.

“Too many consumer finance company accounts,” the API concluded about my friend’s score.

The reason I could not test Demirkapi’s findings on my own credit score is that we have a security freeze on our files at the three major consumer credit reporting bureaus, and a freeze blocks this particular API from pulling the information.

Demirkapi declined to share with Experian the name of the lender or the website where the API was exposed. He refused because he said he suspects there may be hundreds or even thousands of companies using the same API, and that many of those lenders could be similarly leaking access to Experian’s consumer data.

“If we let them know about the specific endpoint, they can just ban/work with the loan vendor to block these requests on this one case, which doesn’t fix the systemic problem,” he explained.

Nevertheless, after being contacted by this reporter Experian figured out on its own which lender was exposing their API; Demirkapi said that vendor’s site now indicates the API access has been disabled.

“We have been able to confirm a single instance of where this situation has occurred and have taken steps to alert our partner and resolve the matter,” Experian said in a written statement. “While the situation did not implicate or compromise any of Experian’s systems, we take this matter very seriously. Data security has always been, and always will be, our highest priority.”

Demirkapi said he’s disappointed that Experian did exactly what he feared they would do.

“They found one endpoint I was using and sent it into maintenance mode,” he said. “But this doesn’t address the systemic issue at all.”

Leaky and poorly-secured APIs like the one Demirkapi found are the source of much mischief in the hands of identity thieves. Earlier this month, auto insurance giant Geico disclosed that fraudsters abused a bug in its site to steal drivers license numbers from Americans.

Geico said the data was used by thieves involved in fraudulently applying for unemployment insurance benefits. Many states now require drivers license numbers as a way of verifying an applicant’s identity.

In 2013, KrebsOnSecurity broke the news about an identity theft service in the underground that programmatically pulled sensitive consumer credit data directly from a subsidiary of Experian. That service was run by a Vietnamese hacker who’d told the Experian subsidiary he was a private investigator. The U.S. Secret Service later said the ID theft service “caused more material financial harm to more Americans than any other.”

Additional reading: Experian’s Credit Freeze Security is Still a Joke (Apr. 27, 2021)

The post Experian API Exposed Credit Scores of Most Americans appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/experian-api-exposed-credit-scores-of-most-americans/?utm_source=rss&utm_medium=rss&utm_campaign=experian-api-exposed-credit-scores-of-most-americans

FluBot Malware’s Rapid Spread May Soon Hit US Phones

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.

The post FluBot Malware’s Rapid Spread May Soon Hit US Phones appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/flubot-malwares-rapid-spread-may-soon-hit-us-phones-2/?utm_source=rss&utm_medium=rss&utm_campaign=flubot-malwares-rapid-spread-may-soon-hit-us-phones-2

FluBot Malware’s Rapid Spread May Soon Hit US Phones

The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.

The post FluBot Malware’s Rapid Spread May Soon Hit US Phones appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/flubot-malwares-rapid-spread-may-soon-hit-us-phones/?utm_source=rss&utm_medium=rss&utm_campaign=flubot-malwares-rapid-spread-may-soon-hit-us-phones

What Are Your NOT Detecting?

What are you not detecting?

OK, what threats are you NOT detecting?

Still didn’t help?

What I mean here is: are you thinking about these:

Threats that you don’t need to detect due to your risk profile, your threat assessment, etc.
Threats that you do need to detect, but don’t know how.
Threats that you do need to detect and know how, but cannot operationally (e.g. your SIEM will crash if you inject all the cloud logs).
Threats that you do need to detect and know how, but do not (yet?) for some other reason.
Threats that you do need to detect, know how and think you detect, but you really don’t (oops…).
Threats that you do need to detect, know how, and do detect — but too late for any useful outcome (e.g. a week later for ransomware).

This is useful. This is like an unholy marriage of your “not-to-do list” with your bucket list

Let’s go through these one by one and have some fun.

To me, it is very useful to think about what you do NOT want to detect (item 1), because I’d rather it be an explicit and intelligent (also, intelligence-driven) decision, not a byproduct of some broken security process or some, ahem, intern deciding it. However, we all know infosec/cyber/IT is awesome at intelligently assessing risk … right? Right?!

This means that when making a decision to not detect something, the fact base for this decision must be solid. Also, “a rule” to not detect something or, more practically, an exception to a rule to detect something must be much more prescriptive than a rule to detect something…

IMHO, it is absolutely essential to think about what you need to detect, but don’t know how (item 2). Ultimately, if an attacker thinks about it first, you’d be in hot water — and deep hot water at that — because you sort of “knew about it.” This is an area of threat research, ripping indicators out of artifacts, studying TTPs, etc. Basically, “get better” is the answer here.

Furthermore, just like in the good old days people when would architect the networks with choke points for placing NIDS devices, we need to architect for modern detection. This will reduce the “want but can’t” situation.

This case is different from from the previous one, because you know what you need to do, you just cannot do it (item 3). For some organizations cloud threats are a big part of the “known but infeasible.” Frankly, I’ve seen enough cases where the public cloud environment is one big detection gap. This may be due to technical limitations marring detection or economics preventing some technical choices.

This (item 4) one is simple — conceptually, that is, but not operationally. Detection roadmap — that evolves with threats, naturally — is a great idea, but it implies that there are things that are not detected today. Detection in depth may be a part of the answer here (e.g. we want to detect this early, and we will, but for now we detect this at later intrusion kill chain stages).

Of course, you will never be able to proactively detect everything you need, should and want. Additionally, detection is a moving target and so there is no static goal where you have 100 rules and say “wow, I’m done!” As a result, this applies to everybody, whether low or high maturity, but being explicitly aware of it is useful.

Thinking you are detecting something while in reality you don’t is a major source of hilarity … not (item 5). This is the area of red/purple teaming, attack simulation and other methods for consistently validating (a) and aggressively testing (b) your detections. Yes, you do need both the boring (such as checking the mappings vs ATT&CK and other detection rule consistency checks) and the exciting (such as red teaming without telling your SOC).

Now, everybody and their dog maps detection content/rules to MITRE ATT&CK. But sometimes the devil is in the details. You can see gaps between you and some generic model, but not gaps between what you have and what you truly need. This is why security is fun…

Finally, late detection (item 6) is a case where “better late than never” principle does not work well. Still, I want to be mindful of this when I am thinking about my threat detection strategy. Sometimes the timing makes a difference between a success (catching ransomware before it encrypts) and a failure (like, I dunno, detecting ransomware by looking for a ransom note). Detecting timing analysis perhaps calls for further study (and reminds me of this book)

So, thoughts?

Thanks to Brandon Levene for his super insightful comments!

What Are Your NOT Detecting? was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post What Are Your NOT Detecting? appeared first on Security Boulevard.

The post What Are Your NOT Detecting? appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/what-are-your-not-detecting/?utm_source=rss&utm_medium=rss&utm_campaign=what-are-your-not-detecting

Standard Chartered Bank Embraces Digital Identity to Grow

Standard Chartered Bank is changing the future of banking by simplifying authentication for its customers –letting customers decide the best way to access their accounts and get things done, without jumping through extra hoops. In the ultra-competitive world of retail banking, customer service is the competitive advantage and identity is key.

I recently had the pleasure of chatting with Alan Chiew, Executive Director and Head of Technology at Standard Chartered Bank. His team is tasked with improving customer experience and security for the bank’s mobile apps and Internet banking platforms. They are responsible for managing daily logins in the hundreds of millions across 30 retail markets.

ForgeRock: As a 160-year-old institution, Standard Chartered is a financial services global leader. But you’re in a fiercely competitive market where customers are becoming more demanding. Can you tell us about the role identity plays in your digital strategy for keeping customers happy?

Alan: Customer Identity and Access Management (CIAM) has always been a critical solution for the bank. We are introducing a new identity management solution to strengthen our ability to deliver an outstanding customer experience, which is also underpinned by world-class security. It’s a core component of our strategy over the next few years.

Our aim is to give customers the ability to use a single identity regardless of the channel. There are currently different authentications for different channels, but this can cause confusion and therefore cause a negative experience for customers. Some apps allow you to use your face (or biometrics). For example, in China, you can walk into a branch, show your face and receive cash. Customers can also use a pin number for an ATM, a different pin number for a call center, and a username and password for online banking. At Standard Chartered, we want to give the customer the ability to choose their preferred method of authentication while also ensuring the highest level of security.

ForgeRock: That makes sense, especially as many studies reveal that a seamless digital experience can help a business grow exponentially. What have been your barriers to success?

Alan: We have to balance the priority of the customer experience with risk. We can achieve that through continuous and progressive profiling of the customer and the risks associated with that customer. We need to be sure we know who they are, and we accomplish this through improved experience and security. If we are confident that you are you, then that is low risk. But if you login from a new location, try to make a new and costly payment — that’s high risk. The right technology can help us strike that balance.

ForgeRock: So, you didn’t have the right technology in place?

Alan: Like many banks, we were dealing with a mix of legacy and homegrown systems, some of which were nearing end-of-life. While these solutions served us well in the past, they were beginning to cause a high total cost of ownership (TCO). Additionally, we have ambitious plans in terms of customer service and these systems would eventually cause a difficult customer experience and slow our time to market. So, we decided to centralize our CIAM into one platform.

ForgeRock: Standard Chartered is using ForgeRock to authenticate your 85,000 employees. Why was the ForgeRock Identity Platform the best choice for your CIAM implementation?

Alan: Since we were already using ForgeRock internally for authentication, we knew it was a proven and trusted solution for staff and we could trust it for customers as well. We of course conducted our market research and conducted a few POCs, and we confirmed that ForgeRock’s functionality and technical capabilities as well as ease of implementation and high levels of support would serve us well.

By simplifying our legacy systems and consolidating them on the ForgeRock Identity Platform, we can get faster implementation and introduction of new services, reduce onboarding costs, and provide digital IDs to customers that are secure and easy to use. We are placing digital identity at the heart of our systems.

ForgeRock: Your digital strategy sounds perfect for retaining and growing your customer base through exceptional consumer experiences. What about other growth areas like virtual banking, which is booming and projected to hit $9 billion by 2026? How will your digital strategy help you seize this opportunity?

Alan: We have an aggressive virtual banking strategy, launching multiple virtual banks across many regions like we did with ForgeRock customer Mox Bank in Hong Kong. These are completely different brands from Standard Chartered, but the challenge is the same: Onboarding is 100% digital as there is no branch to walk into and present a passport or ID card. That’s why you need to have a strong identity solution to support virtual banking.

ForgeRock: You operate in many different countries, each with their own unique IDPs (Identity Providers). How do you manage that challenge?

Alan: With 30 different markets, we are faced with 30 different regulations. Each government offers unique IDPs like SingPass in Singapore and IELTS in India. ForgeRock’s open APIs and industry standards are important–they allow us to easily integrate into the various governments by connecting to their external authentication providers. The standards and open APIs are also essential to our open banking strategy. ForgeRock’s open standards and open APIs ensure we have a single platform to support our open banking solution.

For more information on how digital identity helps Financial Services teams address key business initiatives, visit us here.

The post Standard Chartered Bank Embraces Digital Identity to Grow appeared first on Security Boulevard.

The post Standard Chartered Bank Embraces Digital Identity to Grow appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/standard-chartered-bank-embraces-digital-identity-to-grow/?utm_source=rss&utm_medium=rss&utm_campaign=standard-chartered-bank-embraces-digital-identity-to-grow

74% of Financial Institutions See Spike in COVID-Related Threats

Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.

The post 74% of Financial Institutions See Spike in COVID-Related Threats appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/74-of-financial-institutions-see-spike-in-covid-related-threats/?utm_source=rss&utm_medium=rss&utm_campaign=74-of-financial-institutions-see-spike-in-covid-related-threats

Collaboration Rules! Challenging Transparency in Modern App Sec – Rickard Carlsson – ESW #225

Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. During the discussion, we’ll cover:

– why organizations should challenge transparency and open up their security practices and information internally,
– how to approach security as a collaborative effort (with some real-life examples),
– and Detectify’s vision of building a hub where security information and research is shared across the globe.

Segment Resources:
We recently published the ebook “A guide to modern web application security” for SaaS and tech organizations looking to bring their security up to speed with development. Download it here: https://blog.detectify.com/2021/04/09/modern-application-security-requires-speed-scale-and-collaboration/

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw225

The post Collaboration Rules! Challenging Transparency in Modern App Sec – Rickard Carlsson – ESW #225 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/collaboration-rules-challenging-transparency-in-modern-app-sec-rickard-carlsson-esw-225/?utm_source=rss&utm_medium=rss&utm_campaign=collaboration-rules-challenging-transparency-in-modern-app-sec-rickard-carlsson-esw-225

FBI Works With ‘Have I Been Pwned’ to Notify Emotet Victims

Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.

The post FBI Works With ‘Have I Been Pwned’ to Notify Emotet Victims appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/fbi-works-with-have-i-been-pwned-to-notify-emotet-victims/?utm_source=rss&utm_medium=rss&utm_campaign=fbi-works-with-have-i-been-pwned-to-notify-emotet-victims

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.
Read More

The post Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/microsoft-office-sharepoint-targeted-with-high-risk-phish-ransomware-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-office-sharepoint-targeted-with-high-risk-phish-ransomware-attacks

ESB-2021.1430 – [RedHat] etcd: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1430
etcd security update
28 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: etcd
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-15112 CVE-2020-15106

Reference: ESB-2021.0946
ESB-2020.4383

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1407

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: etcd security update
Advisory ID: RHSA-2021:1407-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1407
Issue date: 2021-04-27
CVE Names: CVE-2020-15106 CVE-2020-15112
=====================================================================

1. Summary:

An update for etcd is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras – ppc64le, s390x, x86_64

3. Description:

The etcd packages provide a highly available key-value store for shared
configuration.

Security Fix(es):

* etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)

* etcd: DoS in wal/wal.go (CVE-2020-15112)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1868872 – CVE-2020-15112 etcd: DoS in wal/wal.go
1868883 – CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
etcd-3.2.32-1.el7_9.src.rpm

ppc64le:
etcd-3.2.32-1.el7_9.ppc64le.rpm
etcd-debuginfo-3.2.32-1.el7_9.ppc64le.rpm

s390x:
etcd-3.2.32-1.el7_9.s390x.rpm
etcd-debuginfo-3.2.32-1.el7_9.s390x.rpm

x86_64:
etcd-3.2.32-1.el7_9.x86_64.rpm
etcd-debuginfo-3.2.32-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-15106
https://access.redhat.com/security/cve/CVE-2020-15112
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIg6OtzjgjWX9erEAQh+CA/9Hn3Aq7nWwm357TZ2MytEkhdaXq7YA5bZ
rKeeUJo/he1Otmlt5WTog/Nk6eVIF4HCpiPsn1ZmyFDS9893MajQnD9rnJrfRgqT
I3RxelGGWIcUkDPIORdJHJ5MBM2oPdMguZ8ilEskq3rSaFrP8U7rrtOkIBbLpxA/
57lOUjSdRNbe2BXL3MFhn40Iohadv6JiMjqsZ3QLVIb29734Ed42VflsBIvSsRug
R+sh+HRdLYcj0O51Ewpsj1mgv6/g3nPQzohJG/T5C3IVoZ7wi2kSsVvDceZjoMU8
pM7nLQS5vD6kzIYQaUvz9aV1MvXjPtR9qo67Pkn3qs/oSOB0xIbqinl9svj3ARbR
1KqD20NI4Arze6eITy7mh5OVnUOMqWmnqb74v0pVzb3ssuhuUu9GDNewR+7N/EoT
yru+zjJyUBkDgcFlnyqpZuwhVyVF6kdZJOb2o1tH57VTUGJFMGbvU/8HM+5u/BJx
UiX77mqkQIlv/3Df9x4dSCdWBBThFHCyrucuc7toyjEQh7+CNAwELPWJIiX/K5s0
0y8Ul9b2lEwNIxR9m5uQ1U9T0Sraj8qAW3r7vrbD5exYExuifbTb3LBbgArrceYi
wRU+SzBRo4u8dJywDYC7iagEAXLYAHkUu5Vudb2yZ5rWUP1NlJzebP5qyUUC6Ay/
RKv1RzAQhqg=
=QxBg
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIirm+NLKJtyKPYoAQhu9BAAkVSDtrHSamtIFY2vx40U5R9rKv1LUUuD
9nYxyVQMzEioPqu2c2F/VEE4X8VnBqAgxVkyB3TzlC+IRNlr5D8sG8F81nWkg4+v
rA2dbC7dRW5W1HiWMfCqjvOUwCLUDHEwKmS2pQsZZrhCapIeB49wk3uFKEOSA7cX
16Uej4qZJDDz2XfXrZevAiKt0LAZ6lVg+Outv3oxnEztXJO3t8LhYtAiHlB/Xp4k
Srcb2z0uVXr+CQbfX1tHBHBP7q6YZjgfX3RDfD6yXS/7srFwOq/DBabuQMYUIQOh
vP4D6ks/XVVW1PtIIB6le0P65KcBOSDeiExsnRIaSKt/xDzuA/Ls3HCWJDAy8jJq
i8dWGMItGNW8wcfbzjDv985ityq0hSJLG4+ArUzk14DVxsQ15N2RPHahWQ2mVy7o
yYmT6/YRLxWkibiH1akHXUjD8o3uvSd3hkbE0QsbQUiINv5rUjIuO3nUREQz+xRq
zdLBP6zmgHeghXiT2FXJW/+cRCqrBsLx3n9ll3A+EUwLd2De5f5idzfCjOH9VHSY
rHF8wR444DXv4/B3fthOxZTt1hDjrWy/ZVm4iReZ75MY/+HOHQZhAk5W+c5vzyMo
2M328RtyCY69pUCImQSGdzQHc1P7OEzYxwlAEgCxu+fSXvjhvBmoRUbLkH1jKmlp
utWt3Z5BVtg=
=ltAv
—–END PGP SIGNATURE—–

The post ESB-2021.1430 – [RedHat] etcd: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/esb-2021-1430-redhat-etcd-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1430-redhat-etcd-denial-of-service-existing-account

ESB-2021.1431 – [RedHat] Red Hat Fuse: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1431
Red Hat Fuse 7.8.1 patch release and security update
28 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Red Hat Fuse
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-28052

Reference: ASB-2021.0086
ESB-2021.1001

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1401

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Fuse 7.8.1 patch release and security update
Advisory ID: RHSA-2021:1401-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1401
Issue date: 2021-04-27
CVE Names: CVE-2020-28052
=====================================================================

1. Summary:

A micro version update (from 7.8.0 to 7.8.1) is now available for Red Hat
Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this
text-only errata is to inform you about the security issues fixed in this
release.

2. Description:

This release of Red Hat Fuse 7.8.1 serves as a patch to Red Hat Fuse on
Karaf and Red Hat Fuse on Spring Boot 2 (7.8.0), and includes security
fixes, which are documented in the Release Notes document linked to in the
References.

Security Fix(es):

* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility
possible – Karaf (CVE-2020-28052)

* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility
possible – Spring Boot 2 (CVE-2020-28052)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

Installation instructions are available from the Fuse 7.8.0 product
documentation page:

https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/install
ing_on_apache_karaf/apply-hotfix-patch

https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deployi
ng_into_spring_boot/patch-red-hat-fuse-applications

4. Bugs fixed (https://bugzilla.redhat.com/):

1912881 – CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

5. References:

https://access.redhat.com/security/cve/CVE-2020-28052
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.8.0

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIfQDtzjgjWX9erEAQgs8g/8D1JzNDrU9s8NIDGecM17U83tb62pdeHi
2WzKUFsG5cebZV1UpvIF0oeoIwAzwSROw9/TRzi5tzeibPEPVdW94DO9qApRNSsS
TdNxAAuPxkQkx6DoUOPxqw/vDC9oI0jGILL/wGKRX39kKEhtknghSq/5nZrjkP9v
3Y+6c+eKwgEJWQRn93NPaKa3kc18laFSmGp+gKppzafAh6h3LYZwFtCJs9sn0Lbx
pEEujMp1hibg9uAE7EWzw0dbyjNgg3befA56V5DtusvkE+MrbyDtbm4rGxyEUTUg
CrXxcl93ErngWgscIVcjDOPU2KKuvaamjisk0UvcYLDNXlL7aMjqobyPBgi4BO8F
iPLuWcJLjkfEbLatNuz48tWjhUkk3httU3521AIt4SUgW2daR0lyEqx6aHY5K2hX
apW0wsfnpaTSDOn+PFCnBI6lvhxR9YUgiAphcmhNUJWDrOu1t8wesP4iBsfwj3mf
rZFZlWAF02PV09I448NhDQwxnoSopj5S9MH+KQeipGeH1mpxP+HJSqTAABHm+sxO
bowQGVUdq/b1q8Dl2AU6/f9uyKygWNzWnYRJsQNb5POjauZVdVylF4mv0wcZiD1y
slOPltC+Qg7aJTInhJfwvQURDZON3A3qVk57dM+wOFNxnqEEVbCbvKT2Pi5S4ZW7
kMEDdFVBaGc=
=1BzY
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIisnuNLKJtyKPYoAQgxHRAAggHUqWuIXxvVQ9bmBMwHYoYkUKLK1FWX
mjvWOe5/JE9yfcXx5weXxvH3EC20w7WeW+NDXZPCgmBxJ1jsHDKH5jJbDykjPtKf
KIRq1xUpvR3+q0FXM/5CLkjz2jfcwPc4my2hKhhSgd9j4Qk1IWoamMobrV2G3C2f
UDdNtDtPSuL8aMGsIxNTQlqvrD7zc5gEA95TlyvYcqUBXbwR+2E+F6LSaD3lfb+7
IXoAG75DJMOBo7iiKMfMwaXA9iokeIVRdzxXOwPfDKzmf1U51ffyH970ygyy2Gz7
naGlACjQU8LjpOtwnOHMDaTlL7Cp7UGzjKZhkAs3zm0RV6/hpWSlDQ09vNnhzQqu
yzPupArYlksrWv8lpR5eV0mtalYjT6t6t2zSeg7X+52fcVYJRsmfXn+2pA4SN9Wc
HidfVu7BlFwO+AuCSlf/9d0N2lE8IQr5OluitQ857gS159nd62tSazuHO/HUuaIO
GcHNUf2fGInHqBhA57ZJClhMc9bva0zMBBPLkEwTZ5OhsdQ1XgXHyxPZedITgMCG
QZBOXmbRoviyY+llROjhYE4nWnLLhjOMP3OCWuSE4bObCMIte8tDVzNmALY2krgw
9zFrJOEa1+qxTZIfNLnbCNm3MEsVQ3+6/D/LvH19ehEh1S53zykuFQQoTzR1tKum
El5dBgDgG1U=
=GbwW
—–END PGP SIGNATURE—–

The post ESB-2021.1431 – [RedHat] Red Hat Fuse: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/esb-2021-1431-redhat-red-hat-fuse-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1431-redhat-red-hat-fuse-multiple-vulnerabilities

ESB-2021.1432 – [RedHat] openldap: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1432
openldap security update
28 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: openldap
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25692

Reference: ESB-2020.4057
ESB-2020.4032

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1389

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: openldap security update
Advisory ID: RHSA-2021:1389-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1389
Issue date: 2021-04-27
CVE Names: CVE-2020-25692
=====================================================================

1. Summary:

An update for openldap is now available for Red Hat Enterprise Linux 7.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64

3. Description:

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols used
to access and maintain distributed directory information services over an
IP network.

Security Fix(es):

* openldap: NULL pointer dereference for unauthenticated packet in slapd
(CVE-2020-25692)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1894567 – CVE-2020-25692 openldap: NULL pointer dereference for unauthenticated packet in slapd

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
openldap-2.4.44-23.el7_9.src.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
openldap-debuginfo-2.4.44-23.el7_9.i686.rpm
openldap-debuginfo-2.4.44-23.el7_9.x86_64.rpm
openldap-devel-2.4.44-23.el7_9.i686.rpm
openldap-devel-2.4.44-23.el7_9.x86_64.rpm
openldap-servers-2.4.44-23.el7_9.x86_64.rpm
openldap-servers-sql-2.4.44-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
openldap-2.4.44-23.el7_9.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source:
openldap-2.4.44-23.el7_9.src.rpm

ppc64:
openldap-2.4.44-23.el7_9.ppc.rpm
openldap-2.4.44-23.el7_9.ppc64.rpm
openldap-clients-2.4.44-23.el7_9.ppc64.rpm
openldap-debuginfo-2.4.44-23.el7_9.ppc.rpm
openldap-debuginfo-2.4.44-23.el7_9.ppc64.rpm
openldap-devel-2.4.44-23.el7_9.ppc.rpm
openldap-devel-2.4.44-23.el7_9.ppc64.rpm
openldap-servers-2.4.44-23.el7_9.ppc64.rpm

ppc64le:
openldap-2.4.44-23.el7_9.ppc64le.rpm
openldap-clients-2.4.44-23.el7_9.ppc64le.rpm
openldap-debuginfo-2.4.44-23.el7_9.ppc64le.rpm
openldap-devel-2.4.44-23.el7_9.ppc64le.rpm
openldap-servers-2.4.44-23.el7_9.ppc64le.rpm

s390x:
openldap-2.4.44-23.el7_9.s390.rpm
openldap-2.4.44-23.el7_9.s390x.rpm
openldap-clients-2.4.44-23.el7_9.s390x.rpm
openldap-debuginfo-2.4.44-23.el7_9.s390.rpm
openldap-debuginfo-2.4.44-23.el7_9.s390x.rpm
openldap-devel-2.4.44-23.el7_9.s390.rpm
openldap-devel-2.4.44-23.el7_9.s390x.rpm
openldap-servers-2.4.44-23.el7_9.s390x.rpm

x86_64:
openldap-2.4.44-23.el7_9.i686.rpm
openldap-2.4.44-23.el7_9.x86_64.rpm
openldap-clients-2.4.44-23.el7_9.x86_64.rpm
openldap-debuginfo-2.4.44-23.el7_9.i686.rpm
openldap-debuginfo-2.4.44-23.el7_9.x86_64.rpm
openldap-devel-2.4.44-23.el7_9.i686.rpm
openldap-devel-2.4.44-23.el7_9.x86_64.rpm
openldap-servers-2.4.44-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
openldap-debuginfo-2.4.44-23.el7_9.ppc64.rpm
openldap-servers-sql-2.4.44-23.el7_9.ppc64.rpm

ppc64le:
openldap-debuginfo-2.4.44-23.el7_9.ppc64le.rpm
openldap-servers-sql-2.4.44-23.el7_9.ppc64le.rpm

s390x:
openldap-debuginfo-2.4.44-23.el7_9.s390x.rpm
openldap-servers-sql-2.4.44-23.el7_9.s390x.rpm

x86_64:
openldap-debuginfo-2.4.44-23.el7_9.x86_64.rpm
openldap-servers-sql-2.4.44-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
openldap-2.4.44-23.el7_9.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
openldap-debuginfo-2.4.44-23.el7_9.x86_64.rpm
openldap-servers-sql-2.4.44-23.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25692
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIf4AdzjgjWX9erEAQio+Q/+L4PMy/6LuPxuy89cx+jompfILbD6SUON
W5PWGpb8EPKdcusExSc5iw4YK0tytF4CM2JkMiW22fH6DFkUEAuiTPzT68y2ITF4
caw6RJfRlGb8RrVO/xy+oKhrk0LBWckp7SwB85D4pNquza9Efz/XPRzAiD2ll/O6
tPX96kccZuN+sKpnr65NqIsP0bpOh+B0oOTw/i2sKbvU9ga5ceIcgnQwe8ZVbZxe
UBgMOwPAvCX1Hnu/JwxgdV36PZvcCUYIMt3Y7fg7IyLdWIYNqARmTkrewY0k7brM
K+ArQJQ6O6h15HtaxR1oXLel3wfWqpVRto3h58FQxEVDXzmTsGU33yD1/+JZPA+x
Rs7eQqL8HapLcchjZ8lFDYVjTBr+mu+G47Ra8Ib3bE+azOq7XGV0znIll5OaYYK5
rIUBwAsjqEk1/VZgwqSu5ps6VOJPUPtjOqCLmbkpDKwSXWDdj6e07NGEcCM7GUzO
2BGUrqgDFx10SPjUPBYroETQyAWa+bH4VY7LIiR+XwWFkwnLBiiUHFCiNkbD0LOu
WxTPgekUjQiJcl/Ti0t9KuduvACKRVPmHeC4nvxvAPnF2APIF5hStHM47BzOMZVj
nKwfmfWF2A7hcSOOQQ3hZJIm2OBP+xxsheteBCnq0ZnSdeGpq2gvEAbrhEuzSJyD
PjvWVWn97zU=
=SKSI
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIithuNLKJtyKPYoAQjqTw//VNGEbEunCcgYQphhJenieYVfCqZnL/DQ
+sCNTTImCsVvpLvai90KpZO8Z8fJyVKsP7Iv0Py8vSHjZGNKH6rJ3F2WY/HhBwZF
C+2G8RSb3C2IlkNarrPEi4A5Q/w9sV9vc4P2fKwht2gO+r/kAT+u5ITULEhaXhdZ
XNKdhdW+pOrqIs7sfeZZHCZ9qKNr76GHY3IW9uuMtFk1CkVRhFwWEGyr1eR4e5Fk
3K991Y8NS5bnPq0NSEODhUe8M3QEUBb11k4RJNPiGvDSFBWFlpM+4P4Pyz8si9SV
+WMBYCYzsDmlzjezMq8JAG9fXXBgir6HOvlbxXzyKpxu2oLPa3W64/tzopesnh/o
k/5IDP6MAirJWAOLj7MZ+M28/fHvlYMMOMk0V8z+X59rZVuQmTdsFF5mEdPwndEY
ROd2415Ham+ZSunDZulqsl5RfNEZYnHc+mjEh68fT6tIlhbLlkdqGBy1NCFiabnc
IgpEkd4F/u14Flza5PauxDy/X/ZfjbsqZtsAw/60LOTRj0PlY0p+ACv/NA/JpLti
77bgHhBwBh7JsIeFRxdKp1KDbA9IW3gjNkB1EOmDWZWUTgJJxilv7HigOy2dabfm
bqk6OApjQp1vzorPedtF7UUscnbOFdvbUIy7LBvk6hLQlQlhL5zir0riVaJkf74L
ihTn3M6vP3g=
=HSQD
—–END PGP SIGNATURE—–

The post ESB-2021.1432 – [RedHat] openldap: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/esb-2021-1432-redhat-openldap-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1432-redhat-openldap-denial-of-service-remote-unauthenticated

ESB-2021.1433 – [Win][UNIX/Linux][RedHat] nss: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1433
nss security and bug fix update
28 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: nss
Publisher: Red Hat
Operating System: Red Hat
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25648

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1384

Comment: This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running nss check for an updated version of the software for their
operating system.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: nss security and bug fix update
Advisory ID: RHSA-2021:1384-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1384
Issue date: 2021-04-27
CVE Names: CVE-2020-25648
=====================================================================

1. Summary:

An update for nss is now available for Red Hat Enterprise Linux 7.

2. Relevant releases/architectures:

3. Description:

Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.

Security Fix(es):

* nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FTBFS: Paypal Cert expired (BZ#1883973)

* FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793)

* Cannot compile code with nss headers and -Werror=strict-prototypes
(BZ#1885321)

* CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox)
must be restarted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1883973 – FTBFS: Paypal Cert expired [rhel-7.9.z]
1884793 – FTBFS: IKE CLASS_1563 fails gtest [rhel-7.9.z]
1885321 – Cannot compile code with nss headers and -Werror=strict-prototypes
1887319 – CVE-2020-25648 nss: TLS 1.3 CCS flood remote DoS Attack

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
nss-3.53.1-7.el7_9.src.rpm

x86_64:
nss-3.53.1-7.el7_9.i686.rpm
nss-3.53.1-7.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-7.el7_9.i686.rpm
nss-debuginfo-3.53.1-7.el7_9.x86_64.rpm
nss-sysinit-3.53.1-7.el7_9.x86_64.rpm
nss-tools-3.53.1-7.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
nss-debuginfo-3.53.1-7.el7_9.i686.rpm
nss-debuginfo-3.53.1-7.el7_9.x86_64.rpm
nss-devel-3.53.1-7.el7_9.i686.rpm
nss-devel-3.53.1-7.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
nss-3.53.1-7.el7_9.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source:
nss-3.53.1-7.el7_9.src.rpm

ppc64:
nss-3.53.1-7.el7_9.ppc.rpm
nss-3.53.1-7.el7_9.ppc64.rpm
nss-debuginfo-3.53.1-7.el7_9.ppc.rpm
nss-debuginfo-3.53.1-7.el7_9.ppc64.rpm
nss-devel-3.53.1-7.el7_9.ppc.rpm
nss-devel-3.53.1-7.el7_9.ppc64.rpm
nss-sysinit-3.53.1-7.el7_9.ppc64.rpm
nss-tools-3.53.1-7.el7_9.ppc64.rpm

ppc64le:
nss-3.53.1-7.el7_9.ppc64le.rpm
nss-debuginfo-3.53.1-7.el7_9.ppc64le.rpm
nss-devel-3.53.1-7.el7_9.ppc64le.rpm
nss-sysinit-3.53.1-7.el7_9.ppc64le.rpm
nss-tools-3.53.1-7.el7_9.ppc64le.rpm

s390x:
nss-3.53.1-7.el7_9.s390.rpm
nss-3.53.1-7.el7_9.s390x.rpm
nss-debuginfo-3.53.1-7.el7_9.s390.rpm
nss-debuginfo-3.53.1-7.el7_9.s390x.rpm
nss-devel-3.53.1-7.el7_9.s390.rpm
nss-devel-3.53.1-7.el7_9.s390x.rpm
nss-sysinit-3.53.1-7.el7_9.s390x.rpm
nss-tools-3.53.1-7.el7_9.s390x.rpm

x86_64:
nss-3.53.1-7.el7_9.i686.rpm
nss-3.53.1-7.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-7.el7_9.i686.rpm
nss-debuginfo-3.53.1-7.el7_9.x86_64.rpm
nss-devel-3.53.1-7.el7_9.i686.rpm
nss-devel-3.53.1-7.el7_9.x86_64.rpm
nss-sysinit-3.53.1-7.el7_9.x86_64.rpm
nss-tools-3.53.1-7.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
nss-debuginfo-3.53.1-7.el7_9.ppc.rpm
nss-debuginfo-3.53.1-7.el7_9.ppc64.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.ppc.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.ppc64.rpm

ppc64le:
nss-debuginfo-3.53.1-7.el7_9.ppc64le.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.ppc64le.rpm

s390x:
nss-debuginfo-3.53.1-7.el7_9.s390.rpm
nss-debuginfo-3.53.1-7.el7_9.s390x.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.s390.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.s390x.rpm

x86_64:
nss-debuginfo-3.53.1-7.el7_9.i686.rpm
nss-debuginfo-3.53.1-7.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
nss-3.53.1-7.el7_9.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
nss-debuginfo-3.53.1-7.el7_9.i686.rpm
nss-debuginfo-3.53.1-7.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-7.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25648
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIf359zjgjWX9erEAQigOw//TKzf8ctaWjAPFaHygoCMnTJCG/XebHId
iAPskx6/0IoejR+bMnQ9JA/pkcorSAEMY6C2is8t4nWSTqR1X5HVbIjMMs9s1GTQ
EwZyrk7l+bdnXdBVWnv/UyhNG8D/FI8Aim7LQGCZDt5tt+HxWtmhZ/l9/yUKvmFy
RPO14MFvLP8EzBZPHji/mt8TXuK/rFcvYwNMLavBW3H1rMj6BkTTz7QCnleCT1et
CXm8swtiV6DccM33hH5R6M+7vuoQG4UJuIIgroW7wiLctmf8e48WSuppXPqpth7E
1hiE6WSbdixfMufXA3nvEbHNyH1Q6mv8KS2+QUVSO78ll2WPlPovE4rvLNa8867I
paJ/G3fh3EgOtY2kWfCcvuI5EmAuLpxCPSc1yH13W8Q0xljfQzIkrKnSxH/IWXXl
cKmG2YmBapWVdFXTAe8zuefDQT0qxKw3JfM4z3P2TIKF3FIRAk14tSd6U8+Z6zHS
/HlIvW2GgEQaSV+yyfC8La6TRrvYw8e+LmXqyU5W8TGv+IW76b7Wxl18rYd+ubQt
oIxyxE3rDcCBoGxexqSkcpox9AZYZrScIFCcoPPZCbGNhYNjpgpwa9+6rUnSfCGC
t1u+krciwT8yoniesZsNZP+S5/yhuXQNP171nOXsOwY2WyCj2GsfMYJyMYe90DxZ
wAIZFLjBDJ0=
=9dqh
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIitpONLKJtyKPYoAQhY5g//ZtI7rusMwFktXYJ0fpHVpLDdbIaDcZu1
dJao7rCZ0ge1ng2BTBauigVExnJ2/jmC1fG10kRoAnJF3RS204ttce7QRxRl5bMz
h682ni2IEQgaQGenPUmlkmQd52sKzegBiABtMeHE/9jQ0GjPulVZ0+MqplDKeadh
4IV1OXgwcHS6r35TI+0JajRJC0Z/oH8c8bk6e78CPGfz6eHIDChym3kJYLCtS3ua
HaMT2inxLVlnAyw2q/VkpjabOvPbe6TD9T6TcqnFZblo5+6FRVHekSWPrQpy2mjE
xQ1RbdR2GxRJPvTwIPxuFPQrUZ0j6iG7UWW+iB5Oo9BbBtmKObXiXQvAao97k0u/
BFzQdBtYeZTox4qlzcGpdcCJvj/u41QVJJZZgrPjeOQlPVNInqVLmyqtHsN6cApb
jDn6GkWfL9DI0rsXSXhpREezs7jhay0JhVzVYjOtz0/WH1qn9lriaASMZqkr5cYb
gQnw4Zf1vlG5Qd7pPY33+MsoghwhbTvNw2a41ZaFKv8U2DusqhV9RkJ/FBAZBrWH
hh7CUL+XCJfMPQHcDaUf0CvEXzTpjZ5u7tATLqcH8KYo9w++TcjjEe9dpsKN5prA
Y8qigwPI4NHs3AhjBytijGdwH1xrMcXm1CLl7bKGSzu1APcMgeNm7dPpnL7JgiXG
6OKgl4mHPmE=
=pBVZ
—–END PGP SIGNATURE—–

The post ESB-2021.1433 – [Win][UNIX/Linux][RedHat] nss: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/04/28/esb-2021-1433-winunix-linuxredhat-nss-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1433-winunix-linuxredhat-nss-denial-of-service-remote-unauthenticated

Malware Devil

Malware Devil

Thursday, April 29, 2021

Non-sensitive PII + Sensitive PII = Sensitive PII

Network Security News Summary for Thursday April 29th, 2021

Wednesday, April 28, 2021

FluBot Malware’s Rapid Spread May Soon Hit US Phones

Doghouse: How Not to Build a Club or a House.

Authentication vs. Authorization: Why Privileged Access Matters – Joseph Carson – ESW #225

HackerOne Enhances Platform, PANW Expands Unit 42, & More Funding – ESW #225

Experian API Exposed Credit Scores of Most Americans

Experian API Exposed Credit Scores of Most Americans

FluBot Malware’s Rapid Spread May Soon Hit US Phones

FluBot Malware’s Rapid Spread May Soon Hit US Phones

What Are Your NOT Detecting?

Standard Chartered Bank Embraces Digital Identity to Grow

74% of Financial Institutions See Spike in COVID-Related Threats

Collaboration Rules! Challenging Transparency in Modern App Sec – Rickard Carlsson – ESW #225

FBI Works With ‘Have I Been Pwned’ to Notify Emotet Victims

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

ESB-2021.1430 – [RedHat] etcd: Denial of service – Existing account

ESB-2021.1431 – [RedHat] Red Hat Fuse: Multiple vulnerabilities

ESB-2021.1432 – [RedHat] openldap: Denial of service – Remote/unauthenticated

ESB-2021.1433 – [Win][UNIX/Linux][RedHat] nss: Denial of service – Remote/unauthenticated

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me