Security News for 10Jun2020

Security News for 10Jun2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #skimmer #greenworks #vdp #snake #ransomware #ekans #thanos #riplace #mozilla #firefox #hakbit #raas #cryptojacking #kingminer #eternalblue #govnet #naka #trickbot
Image by https://bleepingcomputer.com

Active Threats

Data Breaches/Ransomware

Vulnerabilities

  • “The Mozilla Firefox web browser contains a vulnerability in its SharedWorkerService function that could allow an attacker to gain the ability to remotely execute code on a target’s machine. This vulnerability can be triggered if the user visits a malicious web page. The attacker can design this page in a way that it would cause a race condition, eventually leading to a use-after-free vulnerability and remote code execution.  https://blog.talosintelligence.com/2020/06/vuln-spotlight-firefox-shared-service-june-2020.html
  • “We’re coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it’s been 20+ years since the encrypted web really started up and that’s the lifetime of a Root CA certificate. This will catch some organizations off guard in a big way,”  https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/
  • “ESXi, Workstation and Fusion are affected by an out-of-bounds read vulnerability that can be exploited by an attacker with non-admin access to a virtual machine to read privileged information from memory.  The flaw resides in the NVMe functionality. NVMe (nonvolatile memory express) is a new storage access and transport protocol for flash and next-generation solid-state drives (SSDs) that delivers the highest throughput and fastest response times yet for all types of enterprise workloads.”  https://securityaffairs.co/wordpress/104579/security/vmware-products-flaw.html

Patching & Remediation

Bug Bounty

  • No updates

Privacy

Darkweb

  • “During this research, we observed an overlap between our detections and a ransomware family called Hakbit. Based on code similarity, string reuse, and core functionality, Insikt Group assesses with high confidence that ransomware samples tracked as Hakbit are built using the Thanos ransomware builder developed by Nosophoros.”  https://www.recordedfuture.com/thanos-ransomware-builder/

Standards, Guidelines, Best Practices

  • “If you suspect you have been hacked, the sooner you act the better. If the hack is work related, do not try to fix the problem yourself; instead, report it immediately. If it is a personal system or account that has been hacked” https://www.sans.org/security-awareness-training/resources/am-i-hacked
  • “Any business launched online in the cyber network is inevitably at risk of vulnerabilities — bugs and issues that can endanger the business infrastructure as well as public information and create irreparable damage. Consequently, many organizations are now using vulnerability rewards programs (VRP) such as Bug Bounties in order to have a safer business online by patching and remediating these vulnerabilities before publication and creating further damage. Though, in these programs, an undeniable need for a Vulnerability Disclosure Philosophy (VDP) is tangible.” https://www.threathunting.se/2020/06/10/vulnerability-disclosure-philosophy/

Red/Blue Teaming

  • “Testing with Atomic Red Team may seem daunting at first, but it’s really quite simple—and easier than ever with all the recent improvements to Invoke-Atomic, the open source PowerShell module for executing tests. However, even if you don’t use Invoke-Atomic, testing is still as simple as cloning the Atomic Red Team repository and following simple instructions (mostly just copy and pasting command-line scripts) that are included with the tests you want to run. However you use it, the platform is a great resource for checking your visibility, validating assumptions about security controls, and learning about what suspicious or malicious behavior might look like in your endpoint telemetry.” https://redcanary.com/blog/top-atomic-red-team-tests/

#security #cybersecurity #itsecurity #privacy #risk #compliance #skimmer #greenworks #vdp #snake #ransomware #ekans #thanos #riplace #mozilla #firefox #hakbit #raas #cryptojacking #kingminer #eternalblue #govnet #naka #trickbot