InfoSec News 20211011

  • Publicado: Seg, 11/10/2021 - 09:53

Top News

  • CISA Releases Remote Access Guidance for Government Agencies

"The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case."

Link

TLP1 : Green

  • Windows 11 incompatible with apps using non-ASCII registry keys

"Microsoft is blocking Windows 11 upgrades if customers use applications that create registry keys using some non-ASCII characters."

Link

TLP1 : Green

  • Remote work exposing SMEs to increased cybersecurity risk

"The research, conducted with 1,000 business leaders at SMEs, found that changes in working patterns are resulting in infrastructure being left unmonitored and business data being rendered more vulnerable to exploitation."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Amnesty International links cybersecurity firm to spyware operation

"A report by Amnesty International links an Indian cybersecurity company to an Android spyware program used to target prominent activists."

Link

TLP1 : Green

  • A Pentagon official said he resigned because US cybersecurity is no match for China, calling it 'kindergarten level'

"A senior cybersecurity official at the Pentagon said he quit because he thinks it's impossible for the US to compete with China on AI.
Nicolas Chaillan joined the US Air Force as its first chief software officer in August 2018, and worked to equip it and the Pentagon with the most secure and advanced software available."

Link

TLP1 : Green

  • Lots and Lots of Bots: Looking at Botnet Activity in 2021

"Botnets continue to be a major problem for cybersecurity teams. With the growth in sophisticated threats, botnets are becoming more malicious, sometimes able to create hundreds of thousands of drones that can attack a variety of machines, including Mac systems, Linux, Windows systems, edge devices, IoT devices, and so on."

Link

TLP1 : Green

  • NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

"A wildcard certificate is a public key certificate that can be used to secure all first-level subdomains of single domain name."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • BrewDog exposed data of 200,000 shareholders for over a year

"Researchers say that BrewDog exposed the personally identifiable information (PII) of roughly 200,000 shareholders for the best part of 18 months. 
According to PenTestPartners, BrewDog "declined to inform their shareholders and asked not to be named" in the research revealing the security flaw. "

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

  • Command Injection in Huawei FusionCompute

"The vulnerability exists due to improper input validation in CMA service module when processing the default certificate file. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system."

Link

TLP1 : Green

  • Google Patches Four Severe Vulnerabilities in Chrome

"Google this week announced the release of an updated Chrome version for Windows, Mac and Linux, to address a total of four high-severity vulnerabilities in the browser."

Link

TLP1 : Green

  • CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping

"It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11."

Link

TLP1 : Green

  • CVE-2021-41830: Apache OpenOffice: Double Certificate Attack

"It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • Strengthening firmware security with hardware RoT

"Hackers are growing smarter and more sophisticated in their attempts to avoid detection. With IT security and visibility efforts still largely focused higher in the stack at the application layer, bad actors are seeking to breach systems further down the stack at the firmware level."

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • Agrius Group Uses Updated Arsenal to Create Havoc

"Agrius, a suspected Iranian threat actor, had recently carried out a ransomware attack on the Bar-Ilan University in Israel. The group reportedly used a new variant of Apostle ransomware."

Link

TLP1 : Green

  • Qu1cksc0pe - All-in-One Static Malware Analysis Tool

"This tool allows you to statically analyze Windows, Linux, OSX executables and APK files. Qu1cksc0pe aims to get even more information about suspicious files and helps user realize what that file is capable of."

Link

TLP1 : Green

  • FUSE - A Penetration Testing Tool For Finding File Upload Bugs

"FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE, see the followings."

Link

TLP1 : Green

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

 

Infosec News