Security News for 9Jun2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #callstranger #upnp #ransomware #ragnarlocker #lockbit #magecart #r3dr0x #darkbasin #ics #sgaxe #cacheout #patchtuesday #youtube
Image by https://threatpost.com

Active Threats

Data Breaches/Ransomware

Vulnerabilities

Patching & Remediation

  • “Two Critical Remote Code Execution flaws fixed in IBM WebSphere” https://securityaffairs.co/wordpress/104504/security/ibm-websphere-rces.html
  • “Intel addressed 25 vulnerabilities today as part of its June 2020 Patch Tuesday, with two of them affecting Intel’s Active Management Technology (AMT) being rated as critical security flaws after receiving CVSS scores of 9.8.  These issues were detailed in the five security advisories Intel published on its Product Security Center, with fixes addressing them having been delivered to users through the Intel Platform Update (IPU) process before public disclosure.” https://www.bleepingcomputer.com/news/security/intel-patched-22-vulnerabilities-in-the-june-2020-platform-update/
  • “Today is Microsoft’s June 2020 Patch Tuesday, and as many Windows administrators will be routinely screaming at computers, please be nice to them!  With the release of the June 2020 Patch Tuesday security updates, Microsoft has released one advisory for an Adobe Flash Player update and fixes for 129 vulnerabilities in Microsoft products.  Of these vulnerabilities, 11 are classified as Critical, 109 as Important, 7 as Moderate, and 2 as Low.” https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2020-patch-tuesday-largest-ever-with-129-fixes/
  • “Microsoft has fixed a vulnerability in all current Windows versions that allows an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability affects all Windows versions since Windows Server 2008.  Windows administrators can remotely manage all of the Windows devices on a network through the Group Policy feature. This feature allows administrators to create a centralized global configuration policy for their organization that is pushed out to all of the Windows devices on their network.  These policies allow an administrator to control how a computer can be used, such as disabling settings in apps, prohibiting apps from running, enabling and disabling Windows features, and even deploying the same wallpaper on every Windows computer.” https://www.bleepingcomputer.com/news/security/windows-group-policy-flaw-lets-attackers-gain-admin-privileges/
  • “Dubbed “SMBleed” (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in SMB’s decompression function — the same function as with SMBGhost or EternalDarkness bug (CVE-2020-0796), which came to light three months ago, potentially opening vulnerable Windows systems to malware attacks that can propagate across networks.  The newly discovered vulnerability impacts Windows 10 versions 1903 and 1909, for which Microsoft today released security patches as part of its monthly Patch Tuesday updates for June.”  https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html

Bug Bounty

  • No updates

Privacy

Darkweb

Standards, Guidelines, Best Practices

Red/Blue Teaming

  • “Adversaries may modify file or directory permissions/attributes to evade intended DACLs. Modifications may include changing specific access rights, which may require taking ownership of a file or directory and/or elevated permissions such as Administrator/root depending on the file or directory’s existing permissions to enable malicious activity such as modifying, replacing, or deleting specific files/directories. Specific file and directory modifications may be a required step for many techniques, such as establishing Persistence via Accessibility Features, Logon Scripts, or tainting/hijacking other instrumental binary/configuration files.” https://www.threathunting.se/2020/06/09/detect-file-directory-permissions-modification-free-splunk-detection-rules/
  • “A persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10.” https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/

#security #cybersecurity #itsecurity #privacy #risk #compliance #callstranger #upnp #ransomware #ragnarlocker #lockbit #magecart #r3dr0x #darkbasin #ics #sgaxe #cacheout #patchtuesday #youtube