Security Pop Quiz! q127.mp3

News

Packet Storm Security

* Qlik Sense Vulnerabilities Exploited In Ransomware Attacks
* Black Basta's Ransom Haul Tops $100M In Less Than 2 Years
* Zoom Flaw Enabled Hijacking Of Accounts With Access To Meetings, Team Chat
* Apple Patches WebKit Flaws Exploited On Older iPhones
* Interpol Makes First Border Arrest Using Biometric Hub To ID Suspect

Security Affairs

* Security Affairs newsletter Round 448 by Pierluigi Paganini - INTERNATIONAL EDITION
* Researchers devised an attack technique to extract ChatGPT training data
* Fortune-telling website WeMystic exposes 13M+ user records
* Expert warns of Turtle macOS ransomware
* US govt sanctioned North Korea-linked APT Kimsuky

Looking Glass Cyber

securingtomorrow.mcafee.com

Quick Heal

* Update: Quick Heal Products are Compatible with Windows 11 Version23H2
* How to Secure your WiFi
* MedusaLocker Ransomware: An In-Depth Technical Analysis and Prevention Strategies
* Why Your Privacy Score Matters More than Ever
* How can Your Security Score Help You Protect your Digital World Better

Threat Post

* Student Loan Breach Exposes 2.5M Records
* Watering Hole Attacks Push ScanBox Keylogger
* Tentacles of '0ktapus' Threat Group Victimize 130 Firms
* Ransomware Attacks are on the Rise
* Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Naked Security

ESET

* Teaching appropriate use of AI tech - Week in security with Tony Anscombe
* Very precisely lost - GPS jamming
* Executives behaving badly: 5 ways to manage the executive cyberthreat
* Telekopye's tricks of the trade - Week in security with Tony Anscombe
* Retail at risk: Top threats facing retailers this holiday season

CIS

• The LLM Misinformation Problem I Was Not Expecting Mon, 20 Nov 2023 22:27:00 Z
  Kathleen Moriarty discusses an unexpected LLM misinformation problem: students incorporating non-vetted AI results into their assignments.

Malware Patrol

* InfoSec Articles (11/21/23 - 11/28/23)
* InfoSec Articles (11/14/23 - 11/21/23)

SecList

• IT threat evolution in Q3 2023. Mobile statistics
  Mobile threat statistics for Q3 2023 include data on malware, adware, banking Trojans and ransomware for Android devices.

MySonicWall

Critical Infrastructure

* Critical infrastructure workers more likely to detect, report phishing
* Fill out the Security Benchmark Survey for 2023
* Critical infrastructure attacks are ramping up

* Cadisha Miceli | Women in Security 2023
* CISA MTS Guide may enhance critical infrastructure resilience
* DNV appoints Anette Roll Richardsen as Director of Cybersecurity

* 3 ways AI can handle third-party vendor and supplier risk challenges
* The 2023 Security Benchmark Leaders - Materion
* OSHA launches compliance assistance program for workplace safety

Case Studies

* Häfele recovers from ransomware attack with new SASE platform
* Ride-hailing company, inDrive, uses new platform to prevent fraud
* The Old Spaghetti Factory restaurant chain ups network & physical security

* New Jersey's largest school district adopts AI gun detection
* One of England's oldest boarding schools upgrades security system
* Michigan State Capitol deploys proactive AI gun detection

Tools

* Proxmark3 4.17511 Custom Firmware
* Web-Based Firewall Logging Tool 1.1.3
* Wireshark Analyzer 4.2.0
* Faraday 4.6.2
* TOR Virtual Network Tunneling Tool 0.4.8.9

* OSINT tutorial to Find Information from a Phone Number - PhoneInfoga Tool
* 5G - A Business Owner's Dream, A Hacker's Fantasy

Exploits

* Packet Storm New Exploits For November, 2023
* Kopage Website Builder 4.4.15 Cross Site Scripting
* WBCE CMS 1.6.1 Shell Upload
* CE Phoenix 1.0.8.20 Remote Code Execution
* Online Student Clearance System 1.0 Shell Upload
* WordPress Royal Elementor Addons And Templates Remote Shell Upload
* Fortra Digital Guardian Agent Uninstaller Cross Site Scripting / UninstallKey Cached
* etcd-browser 87ae63d75260 Directory Traversal
* Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
* Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

• Debian Security Advisory 5569-1 Fri, 01 Dec 2023 14:32:22 GMT
  Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
• Ubuntu Security Notice USN-6502-4 Fri, 01 Dec 2023 14:30:52 GMT
  Ubuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-6496-2 Fri, 01 Dec 2023 14:30:35 GMT
  Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-6495-2 Fri, 01 Dec 2023 14:30:18 GMT
  Ubuntu Security Notice 6495-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6494-2 Fri, 01 Dec 2023 14:30:03 GMT
  Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
• Red Hat Security Advisory 2023-7617-02 Fri, 01 Dec 2023 14:28:59 GMT
  Red Hat Security Advisory 2023-7617-02 - Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available.
• Red Hat Security Advisory 2023-7616-01 Fri, 01 Dec 2023 14:28:41 GMT
  Red Hat Security Advisory 2023-7616-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7341-01 Fri, 01 Dec 2023 14:28:33 GMT
  Red Hat Security Advisory 2023-7341-01 - An update is now available for Red Hat Quay 3.
• Ubuntu Security Notice USN-6527-1 Thu, 30 Nov 2023 12:44:46 GMT
  Ubuntu Security Notice 6527-1 - Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-6528-1 Thu, 30 Nov 2023 12:44:31 GMT
  Ubuntu Security Notice 6528-1 - It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions.
• Ubuntu Security Notice USN-6526-1 Thu, 30 Nov 2023 12:44:08 GMT
  Ubuntu Security Notice 6526-1 - It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6519-2 Thu, 30 Nov 2023 12:43:38 GMT
  Ubuntu Security Notice 6519-2 - USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.
• Ubuntu Security Notice USN-6525-1 Thu, 30 Nov 2023 12:43:26 GMT
  Ubuntu Security Notice 6525-1 - Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6524-1 Thu, 30 Nov 2023 12:42:56 GMT
  Ubuntu Security Notice 6524-1 - Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6522-1 Thu, 30 Nov 2023 12:42:27 GMT
  Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6521-1 Thu, 30 Nov 2023 12:42:08 GMT
  Ubuntu Security Notice 6521-1 - It was discovered that GIMP incorrectly handled certain image files. If a user were tricked into opening a specially crafted image, an attacker could use this issue to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6523-1 Thu, 30 Nov 2023 12:41:29 GMT
  Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2023-7587-01 Thu, 30 Nov 2023 12:38:58 GMT
  Red Hat Security Advisory 2023-7587-01 - An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2023-7581-01 Thu, 30 Nov 2023 12:38:37 GMT
  Red Hat Security Advisory 2023-7581-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7580-01 Thu, 30 Nov 2023 12:38:26 GMT
  Red Hat Security Advisory 2023-7580-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7579-01 Thu, 30 Nov 2023 12:38:13 GMT
  Red Hat Security Advisory 2023-7579-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
• Red Hat Security Advisory 2023-7578-01 Thu, 30 Nov 2023 12:38:00 GMT
  Red Hat Security Advisory 2023-7578-01 - An update for squid is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2023-7577-01 Thu, 30 Nov 2023 12:37:46 GMT
  Red Hat Security Advisory 2023-7577-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2023-7576-01 Thu, 30 Nov 2023 12:37:33 GMT
  Red Hat Security Advisory 2023-7576-01 - An update for squid is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2023-7574-01 Thu, 30 Nov 2023 12:37:21 GMT
  Red Hat Security Advisory 2023-7574-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.