Why Outsmart Cyber Attackers When You Can Remove Them Entirely?

Cyber threat actors have gotten smarter–or lazier–depending on your perspective. It used to be fairly
common for attackers to spend days or even weeks probing targeted networks for vulnerabilities to
exploit. Once identified, they would break down traditional cybersecurity defenses around the network
perimeter and steal as much information as they could, or cause as much chaos as possible, before the
hole was patched and they were shut out.

New Linux Vulnerability Lets Attackers Hijack VPN Connections

An anonymous reader writes: Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

This security flaw “allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website,” according to William J. Tolley, Beau Kujath, and Jedidiah R. Crandall, Breakpointing Bad researchers at University of New Mexico. “Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections,” the researchers said.

Inside VSCO, a Gen Z-approved photo-sharing app, with CEO Joel Flory

Long before Instagram toyed with removing “likes,” VSCO, an Oakland-based photo-sharing and editing app, built a community devoid of likes, comments and follower counts. Perhaps known to many only because of this year’s “VSCO girl” meme explosion, the company has long been coaxing the creative community to its freemium platform. Turns out, if you can provide the disillusioned teens of Gen Z respite from the horrors of social media — they’ll pay for it.

Red Team Engagement Guide: How an Organization Should React

A lengthy Red Team engagement is coming. What should the defense do if they catch the offense? Reimage systems? Notify and allow? What is the course of action that allows the engagement to proceed and deliver maximum value to the organization? These can be difficult questions to answer, but ones that companies procuring these tests should be asking. This article is meant to be a preparation guide for an organization that has an upcoming Red Team engagement and wants to get the most out of it!

AA19-339A: Dridex Malware

This Alert is the result of recent collaboration between Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report to inform the sector about the Dridex malware and variants. The report provides an overview of the malware, related activity, and a list of previously unreported indicators of compromise derived from information reported to FinCEN by private sector financial institutions. Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this report warrant renewed attention. Treasury and CISA encourage network security specialists to incorporate these indicators into existing Dridex-related network defense capabilities and planning. For information regarding the malicious cyber actors responsible for the development and distribution of the Dridex malware, see the Treasury press release, Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware.

Atlassian Zero-day Vulnerability Exposed

Earlier this week, a cybersecurity Twitter account inadvertently revealed a zero-day vulnerability flaw affecting software company Atlassian. According to @SwiftOnSecurity, Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service. This vulnerability would allow anyone with sufficient technical knowledge to conduct a man-in-the-middle attack, redirecting app traffic to a malicious site.

Huawei Launches New Legal Challenge Against US Ban

Chinese telecoms giant Huawei has launched a legal challenge to a decision by US regulators to classify it as a national security threat. From a report: It comes after the US Federal Communications Commission put curbs on rural mobile providers using a $8.5bn government fund to buy Huawei equipment. The firm said evidence that it was a threat to security “does not exist.” The move is the latest in a series of challenges between Huawei and the US. The company has asked the US Court of Appeal to overturn the decision. Speaking at a news conference at Huawei’s headquarters in Shenzhen, the company’s chief legal officer, Song Liuping, said: “The US government has never presented real evidence to show that Huawei is a national security threat. That’s because this evidence does not exist.”