From Paul's Security Weekly
Recorded November 12, 2019 at G-Unit Studios in Rhode Island!
- Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
- Apple to fix Siri bug that exposed parts of encrypted emails - For a better user experience, Apple stores some of your email in clear-text: Apple IT specialist Bob Gendler was tinkering around in the macOS operating system to understand more about how Apple personalizes Siri for each user. During the process, he found that the operating system was storing portions of user emails in plaintext, even when they were supposed to be encrypted. According to Gendler’s Medium post revealing the issue, Apple uses a system process called suggestd. Apple explains (as part of a help file system in the underlying BSD OS) that the program, which runs constantly, slurps content from various apps. These include Spotlight (the macOS indexing system), Mail, and Messages.
- Hackers Breach ZoneAlarm's Forum Site Outdated vBulletin to Blame - I had no idea people still used this software! Apparently ZoneAlarm, a Checkpoint company, has over 100 million users. Go figure. They forgot to patch the forum, with 4,500 users: Upon reaching out to the company, a spokesperson confirmed with The Hacker News that attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm's website and gain unauthorized access. For those unaware, this flaw affected vBulletin versions 5.0.0 up to the latest 5.5.4, for which the project maintainers later released patch updates, but only for recent versions 5.5.2, 5.5.3, and 5.5.4.
- BlueKeep freakout had little to no impact on patching, say experts - Over the last week or so, researchers spotted active exploits for BlueKeep being sent to their 'honeypot' systems. These attacks were The attempts aimed to infect machines with cryptocoin-mining software and led to a series of media reports urging users to patch their machines now that BlueKeep exploits had arrived. According to The SANS Institute, the reports did not get people motivated to patch. SANS says the rate of BlueKeep-vulnerable boxes it tracks on Shodan has been on a pretty steady downward slope since May, and the media's rush to sound alarms over active attacks did not change that.
- Experts warn of spike in TCP DDoS reflection attacks targeting Amazon, SoftLayer and telco infrastructure - Ols school stuff right here, an amazing that egress filters did not stop this: “This means the recent attackers...used a rapid rate of falsified SYN packets to a wide range of the IPv4 address space with a spoofed source originating from either bots or servers hosted on subnets and by providers that do not implement BCP 38 to prevent IP source address spoofing on their servers or networks.” concludes the analysis. “The spoofed source in these attacks were the entire network ranges of the intended targets which resulted in the targeted reflectors retransmitting SYN-ACK packets in a carpet bombing attack as long as RST packets were not received.”
- Hosting Provider SmarterASP.NET Recovering From Ransomware Attack | SecurityWeek.Com - Yikes: Operating since 1999, SmarterASP.NET has datacenters in the United States and Europe and serves over 440,000 customers worldwide. On Saturday, the company fell victim to a ransomware attack that resulted in its customers’ data being encrypted. Impacted customers reported that even the hosting provider’s website was inaccessible in the beginning. However, even after the site was restored, the control panel could not be opened. Apparently, SmarterASP.NET failed to inform customers on the incident right away. On its live chat box page, the company did say it suffered from a major outage, but did not provide additional information. Be transparent and able to communicate clearly and effectively. As a result, some customers are reported to be leaving SmarterASP.NET for other providers as a result of this incident. Who's to say the other providers are more secure, but maybe they are better at response and communication.
- Nvidia patches graphics products and GeForce Experience update tool - The three with the highest severity – CVE‑2019‑5690, CVE‑2019‑5691 and CVE‑2019‑5692 – are kernel mode flaws in the Nvidia Windows GPU display driver and which could be exploited to cause a crash or escalation of privileges...Nvidia’s GeForce Experience application is vulnerable to two flaws of its own, CVE‑2019‑5701 and CVE‑2019‑5689, plus one, CVE‑2019‑5695, shared with the Windows driver discussed above.
Expert Commentary: Dan DeCloss, Plextrac
Dan has a Master’s Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.
Latest Breaches and the Importance of Pentesting!