From Paul's Security Weekly
Recorded June 18, 2019 at G-Unit Studios in Rhode Island!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149) - I think its awesome that Microsoft is doing a good job of protecting Azure customers running Linux, so much so they've made an announcement and put protections in place: This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Azure customers running VMs with Exim 4.92 are not affected by this vulnerability. Azure has controls in place to help limit the spread of this worm from work we’ve already done to combat SPAM, but customers using the vulnerable software would still be susceptible to infection.
- Yubico recalls FIPS Yubikey tokens after flaw found - Yubico stated: Where the first set of random values used by YubiKey FIPS applications after each device power-up have reduced randomness … for the first operations performed after YubiKey FIPS power-up. The buffer holding random values contains some predictable content left over from the FIPS power-up self-tests which could affect cryptographic operations which require random data until the predictable content is exhausted. If you own one of the affected devices, The weakness exists only in the YubiKey FIPS, YubiKey Nano FIPS, YubiKey C FIPS, and YubiKey C Nano FIPS, you can get a replacement from Yubico, depending on where you purchased the device.
- Mirai Offspring "Echobot" Uses 26 Different Exploits | SecurityWeek.Com - Now, Akamai’s Larry Cashdollar says that a newer version of Echobot uses 26 different exploits for infection, most of which target well-known command execution vulnerabilities in various networked devices. No CVE numbers were assigned for some of the flaws, although public advisories for them had been published. The exploits targeted devices from ADM, Ubiquity (AirOS), ASMAX, ASUS, Belkin, Blackbot, DD-WRT, Dell, D-Link, Dreambox, Geutebruck, Hootoo, Linksys
- Samsung reminds rabble to scan smart TVs for viruses then tries to make them forget - Hrm...Samsung on Sunday sent out a tweet urging people to check their Sammy smart TVs for viruses – and then deleted the message, as if someone realized that highlighting the risks posed by connected TVs may be bad for business. The Twitter post, sent via the South Korean manufacturer's @SamsungSupport account, remains preserved for posterity thanks to the Internet Archive's Wayback Machine. "Scanning your computer for malware viruses is important to keep it running smoothly," the message warned. "This also is true for your QLED TV if it's connected to Wi-Fi! Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks. Here's how:"
- Serious Vulnerabilities in Linux Kernel Allow Remote DoS Attacks | SecurityWeek.Com - The flaws, related to how the kernel handles TCP Selective Acknowledgement (SACK) packets with a low minimum segment size (MSS), could impact many devices, including servers, Android smartphones and embedded devices. Exploitation involves sending specially crafted packets to the targeted device and some believe the flaws could have significant and widespread impact. More detailed technical information is available from Red Hat: https://access.redhat.com/security/vulnerabilities/tcpsack and worth a read, especially if you are a packet nerd.
- Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks | SecurityWeek.Com - This is a really easy flaw to exploit, pass a system command in the User-Agent field and you execute commands as root: The issue affecting TP-Link extenders, tracked as CVE-2019-7406, can be exploited by a remote and unauthenticated attacker via specially crafted user agent fields in HTTP headers. Since all processes on the impacted extenders run with root privileges, an attacker can execute arbitrary shell commands with elevated permissions and take complete control of the device.
- Venmo transaction scraped in privacy warning to consumers | SC Media - Independent researcher Dan Salmon was able to scrape together millions of Venmo transactions over the course of six months and warned users to set their payments to private after privacy researchers warned the company that users’ public activity can still be easily obtained in a similar demonstration. Of course, this is on purpose and not the first time researchers have pointed this out. Still, Venmo, in my opinion, should give the user a clear notification that transactions are being shared, or event better default to private.
- New Chrome Protections from Deception - Looks like two new features, one is an extension: With the Suspicious Site Reporter extension, you can help Safe Browsing protect web users by reporting suspicious sites. You can install the extension to start seeing an icon when you’re on a potentially suspicious site, and more information about why the site might be suspicious. By clicking the icon, you’re now able to report unsafe sites to Safe Browsing for further evaluation. and the other is just common sense: This new warning works by comparing the URL of the page you’re currently on to URLs of pages you’ve recently visited. If the URL looks similar, and might cause you to be confused or deceived, we’ll show a warning that helps you get back to safety.
Expert Commentary: Using Automation To Improve Your Overall Security Posture - Sagi Bar-Zvi, Tufin
Sagi brings over ten years of experience in the networking and information security fields in various engineering and architect roles. He holds a bachelor’s degree in Electrical and Electronics Engineering from Holon Institute of Technology and is a certified CCNA and CCNP.