Figure 1. Post asking about SCADA information to avoid expensive professional training
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/water-and-energy-sectors-through-the-lens-of-the-cybercriminal-underground/
2018年11月30日 星期五
2018年11月29日 星期四
ADMIN: Highly available storage virtualization
Virtualized vs. Software-Defined
Software-defined storage (SDS) technology goes one step further. For example, on each physical server involved, hardware-independent software responsible for storage virtualization is installed, which acts as a hypervisor, bundling and centrally orchestrating the storage resources of the servers. In the case of VMware with vSAN or Windows 2016 with Storage Space, such functions are already included in the operating system, which allows the storage resources of the individual servers to be completely decoupled from the hardware and grouped into pools. Services such as deduplication, compression, and data protection are also offered.
A kind of erasure coding (i.e., the intelligent storage of data on several instances) ensures that the data is stored in a fail-safe manner. Compared with conventional SAN storage virtualization, this also means that the local or directly connected hard drives of the individual servers can be managed. SDS solutions can even integrate the unused RAM of the servers as a kind of cache with extremely fast access times. SDS as a relatively new virtualization technology is generally considered to have the greatest potential for the future. However, it remains to be seen to what extent this technology can also be used for highly heterogeneous server environments or I/O-intensive applications.
REF: http://www.admin-magazine.com/Articles/Highly-available-storage-virtualization
TrendLabs: Fake Voice Apps on Google Play, Botnet Likely in Development
Figure 1. One of the apps posing as a legitimate voice messenger uploaded on Google Play
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/fake-voice-apps-on-google-play-botnet-likely-in-development/
2018年11月27日 星期二
[USN-3791-1] Git vulnerability
---------- Forwarded message ---------
From: Steve Beattie
Date: 2018年10月12日 週五 上午10:42
It was discovered that git did not properly validate git submodule
urls or paths. A remote attacker could possibly use this to craft a
git repository that causes arbitrary code execution when recursive
operations are used.
References:
https://usn.ubuntu.com/usn/usn-3791-1
CVE-2018-17456
From: Steve Beattie
Date: 2018年10月12日 週五 上午10:42
It was discovered that git did not properly validate git submodule
urls or paths. A remote attacker could possibly use this to craft a
git repository that causes arbitrary code execution when recursive
operations are used.
References:
https://usn.ubuntu.com/usn/usn-3791-1
CVE-2018-17456
2018年11月26日 星期一
TrendLabs: Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
Figure 3. One of the windows displayed during installation
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-uses-various-evasion-techniques-including-windows-installer-as-part-of-its-routine/
2018年11月25日 星期日
ADMIN: Is North Korea Hacking US ATM Machines?
By Swapnil Bhartiya
In a joint alert, which includes agencies like the FBI, DHS, and Treasury, US-CERT says they have identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme.
TrendLabs: Fake Banking App Found on Google Play Used in SMiShing Scheme
Figure 1. The app claimed that it is digital token
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/fake-banking-app-found-on-google-play-used-in-smishing-scheme/
2018年11月23日 星期五
ADMIN: Chinese Spy Chip in US Servers?
By Swapnil Bhartiya
A Bloomberg report [1] claims that Chinese spy chips were found on the hardware used by DoD (Department of Defense), CIA, and Navy warships.
According to Bloomberg, the chip, smaller than a grain of rice, was allegedly installed by manufacturing sub-contractors in China.
2018年11月22日 星期四
TrendLabs: TrickBot’s Bigger Bag of Tricks
Figure 1. TrickBot’s new module, psfin32
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/trickbots-bigger-bag-of-tricks/
2018年11月21日 星期三
[USN-3819-1] Linux kernel vulnerability
---------- Forwarded message ---------
From: Steve Beattie
Date: 2018年11月15日 週四 上午8:50
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel
did not properly perform input validation in some situations. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.
References:
https://usn.ubuntu.com/usn/usn-3819-1
CVE-2018-15471
From: Steve Beattie
Date: 2018年11月15日 週四 上午8:50
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel
did not properly perform input validation in some situations. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.
References:
https://usn.ubuntu.com/usn/usn-3819-1
CVE-2018-15471
2018年11月20日 星期二
TrendLabs: Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos
[USN-3814-2] ClamAV vulnerabilities
---------- Forwarded message ---------
From: Alex Murray
Date: 2018年11月13日 週二 下午12:06
It was discovered libmspack incorrectly handled certain malformed
CAB files.
A remote attacker could use this issue to cause libmspack to
crash, resulting
in a denial of service. (CVE-2018-18584, CVE-2018-18585)
References:
https://usn.ubuntu.com/usn/usn-3814-2
https://usn.ubuntu.com/usn/usn-3814-1
CVE-2018-18584, CVE-2018-18585
From: Alex Murray
Date: 2018年11月13日 週二 下午12:06
It was discovered libmspack incorrectly handled certain malformed
CAB files.
A remote attacker could use this issue to cause libmspack to
crash, resulting
in a denial of service. (CVE-2018-18584, CVE-2018-18585)
References:
https://usn.ubuntu.com/usn/usn-3814-2
https://usn.ubuntu.com/usn/usn-3814-1
CVE-2018-18584, CVE-2018-18585
2018年11月18日 星期日
TrendLabs: Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
Figure 2. Gh0st RAT variants
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/using-machine-learning-to-cluster-malicious-network-flows-from-gh0st-rat-variants/
2018年11月17日 星期六
[USN-3804-1] OpenJDK vulnerabilities
---------- Forwarded message ---------
From: Steve Beattie
Date: 2018年10月31日 週三 上午4:02
Several security issues were fixed in OpenJDK.
References:
https://usn.ubuntu.com/usn/usn-3804-1
CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150,
CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
From: Steve Beattie
Date: 2018年10月31日 週三 上午4:02
Several security issues were fixed in OpenJDK.
References:
https://usn.ubuntu.com/usn/usn-3804-1
CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150,
CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
TrendLabs: Exploring Emotet: Examining Emotet’s Activities, Infrastructure
Figure 1. Countries wherein Emotet C&C servers are distributed
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/exploring-emotet-examining-emotets-activities-infrastructure/
[USN-3795-1] libssh vulnerability
---------- Forwarded message ---------
From: Marc Deslauriers
Date: 2018年10月17日 週三 下午10:14
Details:
Peter Winter-Smith discovered that libssh incorrectly handled
authentication when being used as a server. A remote attacker could use
this issue to bypass authentication without any credentials.
References:
https://usn.ubuntu.com/usn/usn-3795-1
CVE-2018-10933
From: Marc Deslauriers
Date: 2018年10月17日 週三 下午10:14
Details:
Peter Winter-Smith discovered that libssh incorrectly handled
authentication when being used as a server. A remote attacker could use
this issue to bypass authentication without any credentials.
References:
https://usn.ubuntu.com/usn/usn-3795-1
CVE-2018-10933
TrendLabs: November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities
As the year comes to a close, updates for both Microsoft and Adobe products and services are still ongoing via Patch Tuesday. This month’s round of updates, which fixes 63 bugs, includes a patch for a zero-day vulnerability that is already being used in malicious attacks. Perhaps the most notable vulnerability addressed this month is CVE-2018-8589, another Win32k Elevation of Privilege Vulnerability that is similar to October’s CVE-2018-8453, which allows an attacker to make use of specially crafted applications to take full control of a targeted machine. Kaspersky Lab researchers confirmed that threat actors are already actively exploiting this bug for their attacks.
REF: https://newsroom.trendmicro.com/blog/security-intelligence/november-patch-tuesday-fixes-another-zero-day-win32k-bug-other-public-vul
REF: https://newsroom.trendmicro.com/blog/security-intelligence/november-patch-tuesday-fixes-another-zero-day-win32k-bug-other-public-vul
Google Cloud and NASA hunt for life in the universe.
2018年11月11日 星期日
Updated Debian 9: 9.6 released
---------- Forwarded message ---------
From: Laura Arjona Reina
Date: 2018年11月10日 週六 下午11:54
The Debian project is pleased to announce the sixth update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
From: Laura Arjona Reina
Date: 2018年11月10日 週六 下午11:54
The Debian project is pleased to announce the sixth update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
2018年11月10日 星期六
Trello: Why You Need To Say 'No' At Work
Here’s a familiar scenario: You’re up to your ears in projects. Despite this, your boss comes up with a new initiative and is asking you to spearhead it, knowing full well you’re already overloaded. You somehow ignore the internal screaming inside your head and, to your own disbelief, you hear yourself saying yes to this request. Why?
REF: https://blog.trello.com/say-no-at-work-framework
[USN-3812-1] nginx vulnerabilities
---------- Forwarded message ---------
It was discovered that nginx incorrectly handled the HTTP/2 implementation.
A remote attacker could possibly use this issue to cause excessive memory
consumption, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
excessive CPU usage, leading to a denial of service. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module
module. A remote attacker could possibly use this issue with a specially
crafted mp4 file to cause nginx to crash, stop responding, or access
arbitrary memory. (CVE-2018-16845)
References:
https://usn.ubuntu.com/usn/usn -3812-1
CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
From: Marc Deslauriers
Date: 2018年11月8日 週四 上午12:02
Date: 2018年11月8日 週四 上午12:02
It was discovered that nginx incorrectly handled the HTTP/2 implementation.
A remote attacker could possibly use this issue to cause excessive memory
consumption, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
excessive CPU usage, leading to a denial of service. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module
module. A remote attacker could possibly use this issue with a specially
crafted mp4 file to cause nginx to crash, stop responding, or access
arbitrary memory. (CVE-2018-16845)
References:
https://usn.ubuntu.com/usn/usn
CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
2018年11月8日 星期四
TrendLabs: Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response
Figure 1. The top 15 malware detections in North America for the third quarter of 2018
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/gathering-insights-on-the-reemergence-and-evolution-of-old-threats-through-managed-detection-and-response/
2018年11月7日 星期三
[USN-3809-1] OpenSSH vulnerabilities
---------- Forwarded message ---------
From: Leonidas S. Barbosa
Date: 2018年11月6日 週二 下午10:48
Robert Swiecki discovered that OpenSSH incorrectly handled certain
messages. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10708)
It was discovered that OpenSSH incorrectly handled certain requests.
An attacker could possibly use this issue to access sensitive
information. (CVE-2018-15473)
References:
https://usn.ubuntu.com/usn/usn-3809-1
CVE-2016-10708, CVE-2018-15473
From: Leonidas S. Barbosa
Date: 2018年11月6日 週二 下午10:48
Robert Swiecki discovered that OpenSSH incorrectly handled certain
messages. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10708)
It was discovered that OpenSSH incorrectly handled certain requests.
An attacker could possibly use this issue to access sensitive
information. (CVE-2018-15473)
References:
https://usn.ubuntu.com/usn/usn-3809-1
CVE-2016-10708, CVE-2018-15473
2018年11月6日 星期二
TrendLabs: Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
Figure 1. Screenshot of an exposed HMI for controlling/configuring a water treatment plant
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/disrupting-the-flow-exposed-and-vulnerable-water-and-energy-infrastructures/
2018年11月5日 星期一
LXM: A command-line presentation app with purpose
Impress and PowerPoint slide shows have limited options for design or presentation. By contrast, Impressive offers users more formatting options. Impressive also has a small, but effective set of practical tools to make a presentation more effective.
REF: http://www.linux-magazine.com/Issues/2018/217/Eye-Candy
REF: http://www.linux-magazine.com/Issues/2018/217/Eye-Candy
TrendLabs: Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
Figure 2. Comparison between the malicious email and a legitimate one. Note the difference in language and the changed signature
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-campaign-uses-hijacked-emails-to-deliver-ursnif-by-replying-to-ongoing-threads/
2018年11月3日 星期六
NewTek Now Shipping Connect Spark™ Pro
|
2018年11月2日 星期五
LXM: IBM Purchase of Red Hat Software: There is No Fear Except Fear Itself – with Thanks to FDR
IBM bought Red Hat Software.
The world wide web is alive with the news, and many of the people who have worked and used Red Hat in the last 25 years are lamenting the “fall” of their beloved company and software.
REF: http://www.linux-magazine.com/Online/Blogs/Paw-Prints-Writings-of-the-maddog/IBM-Purchase-of-Red-Hat-Software-There-is-No-Fear-Except-Fear-Itself-with-Thanks-to-FDR
The world wide web is alive with the news, and many of the people who have worked and used Red Hat in the last 25 years are lamenting the “fall” of their beloved company and software.
REF: http://www.linux-magazine.com/Online/Blogs/Paw-Prints-Writings-of-the-maddog/IBM-Purchase-of-Red-Hat-Software-There-is-No-Fear-Except-Fear-Itself-with-Thanks-to-FDR
2018年11月1日 星期四
TrendLabs: Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
Figure 3. A screen capture of the contents of a .Z file
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
訂閱:
文章 (Atom)