national ke-cirt/cc cybersecurity updates 8th january … · arab emirates (uae) where other...
TRANSCRIPT
NATIONAL KE-CIRTCC CYBERSECURITY UPDATES
8th January 2020
Summary Headlines
Impact Metric Against Count of Events
Critical High Medium Informative
Regional Highlights 0 0 0 1
Top Stories 0 1 0 1
System Vulnerabilities
1 1 0 0
Malware 0 1 0 1
DDoSBotnets 0 0 0 0
Spam amp Phishing 0 2 0 0
Web Security 0 1 1 0
Updates amp Alerts 0 0 0 2
Regional Highlights
Source 1 Business Daily ( httpsbusinessdailyafrica ) httpswwwbusinessdailyafricacomcorporatecompaniesSafaricom-loses-fight-to-keep-supply4003102-5410506-8raehaindexhtmlImpact value InformativeSafaricom loses fight to keep supply deals secret Mobile service provider Safaricom haslost its bid to block sections of the competition law that demand the firm reveal secretsupplier deals to the market watchdog parliamentary records show The NationalAssemblyrsquos Committee on Finance and National Planning rejected Safaricomrsquos petition toremove a clause that makes it mandatory for companies to make business reports to theCompetition Authority of Kenya (CAK) The CAK says these reports are aimed at guardingagainst buyer power from dominant firms and includes sharing terms of payments pricingof goods and services interest payable as well as conditions of contract termination orvariation
Top Stories
Source Threatpost ( httpsthreatpostcom ) httpsthreatpostcomfacebook-cracks-down-deepfake-videos151590Impact value InformativeFacebook Cracks Down on Deepfake Videos Facebook is banning deepfake videos whichstem from a technique of human-image synthesis based on artificial intelligence (AI) tocreate fake content Over the past year security experts and lawmakers have voicedconcerns about malicious deepfake applications particularly as a vessel for disinformationon social-media platforms ahead of the 2020 elections Facebook on Monday said it willremove misleading videos from its platform mdash however it will not crack down on alldoctored content such as ldquosatirerdquo video as the company attempts to walk the thin linebetween free speech and misinformation
httpsthreatpostcomtotok-returned-to-google-play-spy-tool151576Impact value HighToTok Returned to Google Play Despite lsquoSpy Toolrsquo Claims ToTok a social app that wasreleased in 2019 and has been downloaded by millions gained rapid popularity in the UnitedArab Emirates (UAE) where other messaging platforms like WhatsApp and Skype are partiallyrestricted But despite the apprsquos popularity it was quickly take down from Google Play andthe Apple App Store after a report from the New York Times in December claimed that theapp is actually being used by the government of the United Arab Emirates as a spy tool usedto track usersrsquo conversations and location
System vulnerabilities
Source 1 Securityweek ( httpswwwsecurityweekcom ) httpswwwsecurityweekcompulse-secure-vpn-vulnerability-exploited-deliver-ransomwareImpact value Critical Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware A widely known arbitraryfile read flaw tracked as CVE-2019-11510 has been found to be exploited in the wild Thevulnerability which affects an enterprise VPN product from Pulse Secure is being used todeliver a piece of ransomware The first attempt to exploit the vulnerability was spotted onAugust 21 and 22 Pulse Secure has released a patch for CVE-2019-11510 in April 2019Therefore users are urged to apply the patches to mitigate attacks
Source 2 Tripwire ( httpswwwtripwirecom )httpswwwtripwirecomstate-of-securityvertcitrix-netscaler-adc-cve-2019-19781Impact value HighCitrix NetScalerADC Critical Flaw Citrix has indicated that an unauthenticated attacker canexploit this flaw to perform arbitrary code execution Although details from Citrix areminimal VERTrsquos research has identified three vulnerable behaviors which combine toenable code execution attacks on the NetScalerADC appliance These flaws ultimatelyallow the attacker to bypass an authorization constraint to create a file with user-controlled content which can then be processed through a server-side scripting languageOther paths towards code execution may also exist
Malware
Source 1 CBC News (httpswwwcbcca )httpswwwcbccanewscanadasaskatchewanehealth-hit-by-ransomware-attack-but-personal-health-data-is-secure-says-spokesperson-15416261Impact value HigheHealth hit by ransomware Some of the eHealth services have been affected following aransomware attack However it is maintained no patient data is affected in the incidenteHealth staff is examining 110 servers that may have been attacked They are working to assessand repair the damage and restore the information
Source 2 Fortinet (httpswwwfortinetcom )httpswwwfortinetcomblogthreat-researchpredator-the-thief-recent-versionshtmlImpact value InformativePredator The Thief v334 The stealer lsquoPredator The Thiefrsquo has been upgraded to version 334with minor changes The malware is distributed via multiple phishing documents designed tolook like invoices It includes several anti-debug techniques to make it difficult for detection It isalso able to collect information in a file-less manner and delete itself immediately after sendinginformation to C2 This makes it more difficult for analysts to analyze its damage to the victimsystem It also has added new features to execute its additional modules and second stagemalware in different way
Spam amp Phishing
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityfake-windows-10-desktop-used-in-new-police-browser-lock-scamImpact value HighFake Windows 10 Desktop Used in New Police Browser Lock ScamScammers aretargeting victims using a new tactic that takes advantage of the web browserrsquos full-screen mode to show a fake Windows 10 desktop Termed as police browser lockersthe fake desktop screen states the victim that their computer has been locked on thepretext of illegal activity The scam asks the victims to pay a fine via a credit card inorder to unlock the computer These types of scams are easy to detect as they utilizefake and suspicious URLs and allow users to use other apps on their computer even ifthe browser is locked
Source 2 Naked Security ( httpsnakedsecuritysophoscom )httpsnakedsecuritysophoscom20200106dont-fall-for-the-start-your-2020-with-a-gift-from-us-scamImpact value HighNew year free gift scam Scammers are leveraging lsquoNew Year 2020rsquo phishing emails totrick users into sharing their payment card details The phishing email claims to offerthe recipient a lsquoMacBook Pro laptoprsquo for free In order to claim the offer the targetvictim is asked to pay a shipping fee of $1 through a fake payment page included inthe email
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Summary Headlines
Impact Metric Against Count of Events
Critical High Medium Informative
Regional Highlights 0 0 0 1
Top Stories 0 1 0 1
System Vulnerabilities
1 1 0 0
Malware 0 1 0 1
DDoSBotnets 0 0 0 0
Spam amp Phishing 0 2 0 0
Web Security 0 1 1 0
Updates amp Alerts 0 0 0 2
Regional Highlights
Source 1 Business Daily ( httpsbusinessdailyafrica ) httpswwwbusinessdailyafricacomcorporatecompaniesSafaricom-loses-fight-to-keep-supply4003102-5410506-8raehaindexhtmlImpact value InformativeSafaricom loses fight to keep supply deals secret Mobile service provider Safaricom haslost its bid to block sections of the competition law that demand the firm reveal secretsupplier deals to the market watchdog parliamentary records show The NationalAssemblyrsquos Committee on Finance and National Planning rejected Safaricomrsquos petition toremove a clause that makes it mandatory for companies to make business reports to theCompetition Authority of Kenya (CAK) The CAK says these reports are aimed at guardingagainst buyer power from dominant firms and includes sharing terms of payments pricingof goods and services interest payable as well as conditions of contract termination orvariation
Top Stories
Source Threatpost ( httpsthreatpostcom ) httpsthreatpostcomfacebook-cracks-down-deepfake-videos151590Impact value InformativeFacebook Cracks Down on Deepfake Videos Facebook is banning deepfake videos whichstem from a technique of human-image synthesis based on artificial intelligence (AI) tocreate fake content Over the past year security experts and lawmakers have voicedconcerns about malicious deepfake applications particularly as a vessel for disinformationon social-media platforms ahead of the 2020 elections Facebook on Monday said it willremove misleading videos from its platform mdash however it will not crack down on alldoctored content such as ldquosatirerdquo video as the company attempts to walk the thin linebetween free speech and misinformation
httpsthreatpostcomtotok-returned-to-google-play-spy-tool151576Impact value HighToTok Returned to Google Play Despite lsquoSpy Toolrsquo Claims ToTok a social app that wasreleased in 2019 and has been downloaded by millions gained rapid popularity in the UnitedArab Emirates (UAE) where other messaging platforms like WhatsApp and Skype are partiallyrestricted But despite the apprsquos popularity it was quickly take down from Google Play andthe Apple App Store after a report from the New York Times in December claimed that theapp is actually being used by the government of the United Arab Emirates as a spy tool usedto track usersrsquo conversations and location
System vulnerabilities
Source 1 Securityweek ( httpswwwsecurityweekcom ) httpswwwsecurityweekcompulse-secure-vpn-vulnerability-exploited-deliver-ransomwareImpact value Critical Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware A widely known arbitraryfile read flaw tracked as CVE-2019-11510 has been found to be exploited in the wild Thevulnerability which affects an enterprise VPN product from Pulse Secure is being used todeliver a piece of ransomware The first attempt to exploit the vulnerability was spotted onAugust 21 and 22 Pulse Secure has released a patch for CVE-2019-11510 in April 2019Therefore users are urged to apply the patches to mitigate attacks
Source 2 Tripwire ( httpswwwtripwirecom )httpswwwtripwirecomstate-of-securityvertcitrix-netscaler-adc-cve-2019-19781Impact value HighCitrix NetScalerADC Critical Flaw Citrix has indicated that an unauthenticated attacker canexploit this flaw to perform arbitrary code execution Although details from Citrix areminimal VERTrsquos research has identified three vulnerable behaviors which combine toenable code execution attacks on the NetScalerADC appliance These flaws ultimatelyallow the attacker to bypass an authorization constraint to create a file with user-controlled content which can then be processed through a server-side scripting languageOther paths towards code execution may also exist
Malware
Source 1 CBC News (httpswwwcbcca )httpswwwcbccanewscanadasaskatchewanehealth-hit-by-ransomware-attack-but-personal-health-data-is-secure-says-spokesperson-15416261Impact value HigheHealth hit by ransomware Some of the eHealth services have been affected following aransomware attack However it is maintained no patient data is affected in the incidenteHealth staff is examining 110 servers that may have been attacked They are working to assessand repair the damage and restore the information
Source 2 Fortinet (httpswwwfortinetcom )httpswwwfortinetcomblogthreat-researchpredator-the-thief-recent-versionshtmlImpact value InformativePredator The Thief v334 The stealer lsquoPredator The Thiefrsquo has been upgraded to version 334with minor changes The malware is distributed via multiple phishing documents designed tolook like invoices It includes several anti-debug techniques to make it difficult for detection It isalso able to collect information in a file-less manner and delete itself immediately after sendinginformation to C2 This makes it more difficult for analysts to analyze its damage to the victimsystem It also has added new features to execute its additional modules and second stagemalware in different way
Spam amp Phishing
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityfake-windows-10-desktop-used-in-new-police-browser-lock-scamImpact value HighFake Windows 10 Desktop Used in New Police Browser Lock ScamScammers aretargeting victims using a new tactic that takes advantage of the web browserrsquos full-screen mode to show a fake Windows 10 desktop Termed as police browser lockersthe fake desktop screen states the victim that their computer has been locked on thepretext of illegal activity The scam asks the victims to pay a fine via a credit card inorder to unlock the computer These types of scams are easy to detect as they utilizefake and suspicious URLs and allow users to use other apps on their computer even ifthe browser is locked
Source 2 Naked Security ( httpsnakedsecuritysophoscom )httpsnakedsecuritysophoscom20200106dont-fall-for-the-start-your-2020-with-a-gift-from-us-scamImpact value HighNew year free gift scam Scammers are leveraging lsquoNew Year 2020rsquo phishing emails totrick users into sharing their payment card details The phishing email claims to offerthe recipient a lsquoMacBook Pro laptoprsquo for free In order to claim the offer the targetvictim is asked to pay a shipping fee of $1 through a fake payment page included inthe email
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Regional Highlights
Source 1 Business Daily ( httpsbusinessdailyafrica ) httpswwwbusinessdailyafricacomcorporatecompaniesSafaricom-loses-fight-to-keep-supply4003102-5410506-8raehaindexhtmlImpact value InformativeSafaricom loses fight to keep supply deals secret Mobile service provider Safaricom haslost its bid to block sections of the competition law that demand the firm reveal secretsupplier deals to the market watchdog parliamentary records show The NationalAssemblyrsquos Committee on Finance and National Planning rejected Safaricomrsquos petition toremove a clause that makes it mandatory for companies to make business reports to theCompetition Authority of Kenya (CAK) The CAK says these reports are aimed at guardingagainst buyer power from dominant firms and includes sharing terms of payments pricingof goods and services interest payable as well as conditions of contract termination orvariation
Top Stories
Source Threatpost ( httpsthreatpostcom ) httpsthreatpostcomfacebook-cracks-down-deepfake-videos151590Impact value InformativeFacebook Cracks Down on Deepfake Videos Facebook is banning deepfake videos whichstem from a technique of human-image synthesis based on artificial intelligence (AI) tocreate fake content Over the past year security experts and lawmakers have voicedconcerns about malicious deepfake applications particularly as a vessel for disinformationon social-media platforms ahead of the 2020 elections Facebook on Monday said it willremove misleading videos from its platform mdash however it will not crack down on alldoctored content such as ldquosatirerdquo video as the company attempts to walk the thin linebetween free speech and misinformation
httpsthreatpostcomtotok-returned-to-google-play-spy-tool151576Impact value HighToTok Returned to Google Play Despite lsquoSpy Toolrsquo Claims ToTok a social app that wasreleased in 2019 and has been downloaded by millions gained rapid popularity in the UnitedArab Emirates (UAE) where other messaging platforms like WhatsApp and Skype are partiallyrestricted But despite the apprsquos popularity it was quickly take down from Google Play andthe Apple App Store after a report from the New York Times in December claimed that theapp is actually being used by the government of the United Arab Emirates as a spy tool usedto track usersrsquo conversations and location
System vulnerabilities
Source 1 Securityweek ( httpswwwsecurityweekcom ) httpswwwsecurityweekcompulse-secure-vpn-vulnerability-exploited-deliver-ransomwareImpact value Critical Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware A widely known arbitraryfile read flaw tracked as CVE-2019-11510 has been found to be exploited in the wild Thevulnerability which affects an enterprise VPN product from Pulse Secure is being used todeliver a piece of ransomware The first attempt to exploit the vulnerability was spotted onAugust 21 and 22 Pulse Secure has released a patch for CVE-2019-11510 in April 2019Therefore users are urged to apply the patches to mitigate attacks
Source 2 Tripwire ( httpswwwtripwirecom )httpswwwtripwirecomstate-of-securityvertcitrix-netscaler-adc-cve-2019-19781Impact value HighCitrix NetScalerADC Critical Flaw Citrix has indicated that an unauthenticated attacker canexploit this flaw to perform arbitrary code execution Although details from Citrix areminimal VERTrsquos research has identified three vulnerable behaviors which combine toenable code execution attacks on the NetScalerADC appliance These flaws ultimatelyallow the attacker to bypass an authorization constraint to create a file with user-controlled content which can then be processed through a server-side scripting languageOther paths towards code execution may also exist
Malware
Source 1 CBC News (httpswwwcbcca )httpswwwcbccanewscanadasaskatchewanehealth-hit-by-ransomware-attack-but-personal-health-data-is-secure-says-spokesperson-15416261Impact value HigheHealth hit by ransomware Some of the eHealth services have been affected following aransomware attack However it is maintained no patient data is affected in the incidenteHealth staff is examining 110 servers that may have been attacked They are working to assessand repair the damage and restore the information
Source 2 Fortinet (httpswwwfortinetcom )httpswwwfortinetcomblogthreat-researchpredator-the-thief-recent-versionshtmlImpact value InformativePredator The Thief v334 The stealer lsquoPredator The Thiefrsquo has been upgraded to version 334with minor changes The malware is distributed via multiple phishing documents designed tolook like invoices It includes several anti-debug techniques to make it difficult for detection It isalso able to collect information in a file-less manner and delete itself immediately after sendinginformation to C2 This makes it more difficult for analysts to analyze its damage to the victimsystem It also has added new features to execute its additional modules and second stagemalware in different way
Spam amp Phishing
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityfake-windows-10-desktop-used-in-new-police-browser-lock-scamImpact value HighFake Windows 10 Desktop Used in New Police Browser Lock ScamScammers aretargeting victims using a new tactic that takes advantage of the web browserrsquos full-screen mode to show a fake Windows 10 desktop Termed as police browser lockersthe fake desktop screen states the victim that their computer has been locked on thepretext of illegal activity The scam asks the victims to pay a fine via a credit card inorder to unlock the computer These types of scams are easy to detect as they utilizefake and suspicious URLs and allow users to use other apps on their computer even ifthe browser is locked
Source 2 Naked Security ( httpsnakedsecuritysophoscom )httpsnakedsecuritysophoscom20200106dont-fall-for-the-start-your-2020-with-a-gift-from-us-scamImpact value HighNew year free gift scam Scammers are leveraging lsquoNew Year 2020rsquo phishing emails totrick users into sharing their payment card details The phishing email claims to offerthe recipient a lsquoMacBook Pro laptoprsquo for free In order to claim the offer the targetvictim is asked to pay a shipping fee of $1 through a fake payment page included inthe email
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Top Stories
Source Threatpost ( httpsthreatpostcom ) httpsthreatpostcomfacebook-cracks-down-deepfake-videos151590Impact value InformativeFacebook Cracks Down on Deepfake Videos Facebook is banning deepfake videos whichstem from a technique of human-image synthesis based on artificial intelligence (AI) tocreate fake content Over the past year security experts and lawmakers have voicedconcerns about malicious deepfake applications particularly as a vessel for disinformationon social-media platforms ahead of the 2020 elections Facebook on Monday said it willremove misleading videos from its platform mdash however it will not crack down on alldoctored content such as ldquosatirerdquo video as the company attempts to walk the thin linebetween free speech and misinformation
httpsthreatpostcomtotok-returned-to-google-play-spy-tool151576Impact value HighToTok Returned to Google Play Despite lsquoSpy Toolrsquo Claims ToTok a social app that wasreleased in 2019 and has been downloaded by millions gained rapid popularity in the UnitedArab Emirates (UAE) where other messaging platforms like WhatsApp and Skype are partiallyrestricted But despite the apprsquos popularity it was quickly take down from Google Play andthe Apple App Store after a report from the New York Times in December claimed that theapp is actually being used by the government of the United Arab Emirates as a spy tool usedto track usersrsquo conversations and location
System vulnerabilities
Source 1 Securityweek ( httpswwwsecurityweekcom ) httpswwwsecurityweekcompulse-secure-vpn-vulnerability-exploited-deliver-ransomwareImpact value Critical Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware A widely known arbitraryfile read flaw tracked as CVE-2019-11510 has been found to be exploited in the wild Thevulnerability which affects an enterprise VPN product from Pulse Secure is being used todeliver a piece of ransomware The first attempt to exploit the vulnerability was spotted onAugust 21 and 22 Pulse Secure has released a patch for CVE-2019-11510 in April 2019Therefore users are urged to apply the patches to mitigate attacks
Source 2 Tripwire ( httpswwwtripwirecom )httpswwwtripwirecomstate-of-securityvertcitrix-netscaler-adc-cve-2019-19781Impact value HighCitrix NetScalerADC Critical Flaw Citrix has indicated that an unauthenticated attacker canexploit this flaw to perform arbitrary code execution Although details from Citrix areminimal VERTrsquos research has identified three vulnerable behaviors which combine toenable code execution attacks on the NetScalerADC appliance These flaws ultimatelyallow the attacker to bypass an authorization constraint to create a file with user-controlled content which can then be processed through a server-side scripting languageOther paths towards code execution may also exist
Malware
Source 1 CBC News (httpswwwcbcca )httpswwwcbccanewscanadasaskatchewanehealth-hit-by-ransomware-attack-but-personal-health-data-is-secure-says-spokesperson-15416261Impact value HigheHealth hit by ransomware Some of the eHealth services have been affected following aransomware attack However it is maintained no patient data is affected in the incidenteHealth staff is examining 110 servers that may have been attacked They are working to assessand repair the damage and restore the information
Source 2 Fortinet (httpswwwfortinetcom )httpswwwfortinetcomblogthreat-researchpredator-the-thief-recent-versionshtmlImpact value InformativePredator The Thief v334 The stealer lsquoPredator The Thiefrsquo has been upgraded to version 334with minor changes The malware is distributed via multiple phishing documents designed tolook like invoices It includes several anti-debug techniques to make it difficult for detection It isalso able to collect information in a file-less manner and delete itself immediately after sendinginformation to C2 This makes it more difficult for analysts to analyze its damage to the victimsystem It also has added new features to execute its additional modules and second stagemalware in different way
Spam amp Phishing
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityfake-windows-10-desktop-used-in-new-police-browser-lock-scamImpact value HighFake Windows 10 Desktop Used in New Police Browser Lock ScamScammers aretargeting victims using a new tactic that takes advantage of the web browserrsquos full-screen mode to show a fake Windows 10 desktop Termed as police browser lockersthe fake desktop screen states the victim that their computer has been locked on thepretext of illegal activity The scam asks the victims to pay a fine via a credit card inorder to unlock the computer These types of scams are easy to detect as they utilizefake and suspicious URLs and allow users to use other apps on their computer even ifthe browser is locked
Source 2 Naked Security ( httpsnakedsecuritysophoscom )httpsnakedsecuritysophoscom20200106dont-fall-for-the-start-your-2020-with-a-gift-from-us-scamImpact value HighNew year free gift scam Scammers are leveraging lsquoNew Year 2020rsquo phishing emails totrick users into sharing their payment card details The phishing email claims to offerthe recipient a lsquoMacBook Pro laptoprsquo for free In order to claim the offer the targetvictim is asked to pay a shipping fee of $1 through a fake payment page included inthe email
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
System vulnerabilities
Source 1 Securityweek ( httpswwwsecurityweekcom ) httpswwwsecurityweekcompulse-secure-vpn-vulnerability-exploited-deliver-ransomwareImpact value Critical Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware A widely known arbitraryfile read flaw tracked as CVE-2019-11510 has been found to be exploited in the wild Thevulnerability which affects an enterprise VPN product from Pulse Secure is being used todeliver a piece of ransomware The first attempt to exploit the vulnerability was spotted onAugust 21 and 22 Pulse Secure has released a patch for CVE-2019-11510 in April 2019Therefore users are urged to apply the patches to mitigate attacks
Source 2 Tripwire ( httpswwwtripwirecom )httpswwwtripwirecomstate-of-securityvertcitrix-netscaler-adc-cve-2019-19781Impact value HighCitrix NetScalerADC Critical Flaw Citrix has indicated that an unauthenticated attacker canexploit this flaw to perform arbitrary code execution Although details from Citrix areminimal VERTrsquos research has identified three vulnerable behaviors which combine toenable code execution attacks on the NetScalerADC appliance These flaws ultimatelyallow the attacker to bypass an authorization constraint to create a file with user-controlled content which can then be processed through a server-side scripting languageOther paths towards code execution may also exist
Malware
Source 1 CBC News (httpswwwcbcca )httpswwwcbccanewscanadasaskatchewanehealth-hit-by-ransomware-attack-but-personal-health-data-is-secure-says-spokesperson-15416261Impact value HigheHealth hit by ransomware Some of the eHealth services have been affected following aransomware attack However it is maintained no patient data is affected in the incidenteHealth staff is examining 110 servers that may have been attacked They are working to assessand repair the damage and restore the information
Source 2 Fortinet (httpswwwfortinetcom )httpswwwfortinetcomblogthreat-researchpredator-the-thief-recent-versionshtmlImpact value InformativePredator The Thief v334 The stealer lsquoPredator The Thiefrsquo has been upgraded to version 334with minor changes The malware is distributed via multiple phishing documents designed tolook like invoices It includes several anti-debug techniques to make it difficult for detection It isalso able to collect information in a file-less manner and delete itself immediately after sendinginformation to C2 This makes it more difficult for analysts to analyze its damage to the victimsystem It also has added new features to execute its additional modules and second stagemalware in different way
Spam amp Phishing
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityfake-windows-10-desktop-used-in-new-police-browser-lock-scamImpact value HighFake Windows 10 Desktop Used in New Police Browser Lock ScamScammers aretargeting victims using a new tactic that takes advantage of the web browserrsquos full-screen mode to show a fake Windows 10 desktop Termed as police browser lockersthe fake desktop screen states the victim that their computer has been locked on thepretext of illegal activity The scam asks the victims to pay a fine via a credit card inorder to unlock the computer These types of scams are easy to detect as they utilizefake and suspicious URLs and allow users to use other apps on their computer even ifthe browser is locked
Source 2 Naked Security ( httpsnakedsecuritysophoscom )httpsnakedsecuritysophoscom20200106dont-fall-for-the-start-your-2020-with-a-gift-from-us-scamImpact value HighNew year free gift scam Scammers are leveraging lsquoNew Year 2020rsquo phishing emails totrick users into sharing their payment card details The phishing email claims to offerthe recipient a lsquoMacBook Pro laptoprsquo for free In order to claim the offer the targetvictim is asked to pay a shipping fee of $1 through a fake payment page included inthe email
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Malware
Source 1 CBC News (httpswwwcbcca )httpswwwcbccanewscanadasaskatchewanehealth-hit-by-ransomware-attack-but-personal-health-data-is-secure-says-spokesperson-15416261Impact value HigheHealth hit by ransomware Some of the eHealth services have been affected following aransomware attack However it is maintained no patient data is affected in the incidenteHealth staff is examining 110 servers that may have been attacked They are working to assessand repair the damage and restore the information
Source 2 Fortinet (httpswwwfortinetcom )httpswwwfortinetcomblogthreat-researchpredator-the-thief-recent-versionshtmlImpact value InformativePredator The Thief v334 The stealer lsquoPredator The Thiefrsquo has been upgraded to version 334with minor changes The malware is distributed via multiple phishing documents designed tolook like invoices It includes several anti-debug techniques to make it difficult for detection It isalso able to collect information in a file-less manner and delete itself immediately after sendinginformation to C2 This makes it more difficult for analysts to analyze its damage to the victimsystem It also has added new features to execute its additional modules and second stagemalware in different way
Spam amp Phishing
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityfake-windows-10-desktop-used-in-new-police-browser-lock-scamImpact value HighFake Windows 10 Desktop Used in New Police Browser Lock ScamScammers aretargeting victims using a new tactic that takes advantage of the web browserrsquos full-screen mode to show a fake Windows 10 desktop Termed as police browser lockersthe fake desktop screen states the victim that their computer has been locked on thepretext of illegal activity The scam asks the victims to pay a fine via a credit card inorder to unlock the computer These types of scams are easy to detect as they utilizefake and suspicious URLs and allow users to use other apps on their computer even ifthe browser is locked
Source 2 Naked Security ( httpsnakedsecuritysophoscom )httpsnakedsecuritysophoscom20200106dont-fall-for-the-start-your-2020-with-a-gift-from-us-scamImpact value HighNew year free gift scam Scammers are leveraging lsquoNew Year 2020rsquo phishing emails totrick users into sharing their payment card details The phishing email claims to offerthe recipient a lsquoMacBook Pro laptoprsquo for free In order to claim the offer the targetvictim is asked to pay a shipping fee of $1 through a fake payment page included inthe email
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Spam amp Phishing
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom )httpswwwbleepingcomputercomnewssecurityfake-windows-10-desktop-used-in-new-police-browser-lock-scamImpact value HighFake Windows 10 Desktop Used in New Police Browser Lock ScamScammers aretargeting victims using a new tactic that takes advantage of the web browserrsquos full-screen mode to show a fake Windows 10 desktop Termed as police browser lockersthe fake desktop screen states the victim that their computer has been locked on thepretext of illegal activity The scam asks the victims to pay a fine via a credit card inorder to unlock the computer These types of scams are easy to detect as they utilizefake and suspicious URLs and allow users to use other apps on their computer even ifthe browser is locked
Source 2 Naked Security ( httpsnakedsecuritysophoscom )httpsnakedsecuritysophoscom20200106dont-fall-for-the-start-your-2020-with-a-gift-from-us-scamImpact value HighNew year free gift scam Scammers are leveraging lsquoNew Year 2020rsquo phishing emails totrick users into sharing their payment card details The phishing email claims to offerthe recipient a lsquoMacBook Pro laptoprsquo for free In order to claim the offer the targetvictim is asked to pay a shipping fee of $1 through a fake payment page included inthe email
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Web Security
Source 1 Cyware ( httpscywarecom )httpscywarecomnews50-percent-of-websites-using-webassembly-show-malicious-behavior-report-51afc49aImpact value Medium50 Percent of Websites Using WebAssembly Show Malicious Behavior An academic researchproject titled ldquoNew Kid on the Web A Study on the Prevalence of WebAssembly in theWildrdquo looks at WebAssemblys use on the Alexa Top 1 Million popular sites on the internetin an attempt to gauge its popularity Around half of the websites that use WebAssembly anew web technology use it for malicious purposes according to academic researchpublished last year
Source 2 Government Technology ( httpswwwgovtechcom )httpswwwgovtechcomsecurityTexas-Department-of-Agriculture-Website-Briefly-DefacedhtmlImpact value HighTexas Department of Agriculture Website Briefly Defaced The Texas Department ofAgriculturersquos website was briefly defaced Tuesday morning with an image of a high-rankingIranian general killed in a recent US drone strike The brief changes to the agencyswebsite showed the words Hacked by Iranian Hacker and Hacked by Shield Iran xtheloserteam and a black-and-white image of Iranian Maj Gen Qassem Soleimani whowas killed in Baghdad Friday
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Bulletins
Source 1 US-CERT - Security Bulletin Mailing List ( httpwwwus-certgovcasbulletins )
httpswwwus-certgovncasbulletinssb20-006Vulnerability Summary for the Week of December 30 2019 Recorded by National Institute of Standards and Technology and National Vulnerability
Source 2 Oracle Security Bulletins ( httpwwworaclecomtechnetworktopicssecurityalerts-086861html )
httpswwworaclecomsecurity-alertscpuoct2019htmlOracle Critical Patch Update Advisory - October 2019 advised action to run available security updates
httpswwworaclecomsecurity-alertsalert-cve-2019-2729htmlOracle Security Alert Advisory - CVE-2019-2729 Decentralization vulnerability in Oracle WebLogic Server exploitable without authentication requirements advised action to run security updates
httpswwworaclecomsecurity-alertsbulletinoct2019htmlOracle Solaris Third Party Bulletin - October 2019 advised action to apply necessary patches
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle Linux Bulletin - October 2019 advised action to apply necessary Oracle Linux Bulletin fixes
httpswwworaclecomsecurity-alertspublic-vuln-to-advisory-mappinghtmlMap of CVE to AdvisoryAlert advised action to apply the critical patch update for protection against known vulnerabilities
httpswwworaclecomsecurity-alertslinuxbulletinoct2019htmlOracle VM Server for x86 Bulletin - October 2019 advised action to apply necessary Oracle VM Server for x86 Bulletin fixes
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
Updates ampAlerts
Source 1 Bleeping Computer ( httpswwwbleepingcomputercom ) httpswwwbleepingcomputercomnewssecuritymicrosoft-releases-january-2020-office-updates-with-crash-fixesImpact value InformativeMicrosoft Releases January 2020 Office Updates With Crash Fixes Microsoft released theJanuary 2020 non-security Microsoft Office updates that come with crash and memory leakfixes as well as performance and stability improvements for Windows Installer (MSI) editionsof Office 2016
httpswwwbleepingcomputercomnewslinuxtails-42-fixes-numerous-security-flaws-improves-direct-upgradesImpact value InformativeTails 42 Fixes Numerous Security Flaws Improves Direct Upgrades Tails (short for The AmnesicIncognito Live System) is a Linux distro focused on guarding its users anonymity and help themcircumvent censorship by forcing all Internet connections through the Tor network The TailsProject released a new version of the security-focused Tails Linux distribution and advises usersto upgrade as soon as possible to fix multiple security vulnerabilities impacting the previousTails 411 version
wwwke-cirtgoke
wwwke-cirtgoke