*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2020/1/20/def-con-27-aviation-village-exploding-lemurs-in-the-air-and-on-the-air-aviation-radio-systems
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/nb1TOtXfwbA
Historically, the subject of our January teardown has been a piece of high-tech holiday lighting from the clearance rack; after all, they can usually be picked up for pocket change once the trucks full of Valentine’s Day merchandise start pulling up around the back of your local Big Box retailer. But this year, we’ve got something a little different.
Ubuntu Security Notice USN-4242-1
January 20, 2020
On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0 to address CVE-2019-19781. Citrix expects to release updates for other vulnerable versions of Citrix ADC, Gateway, and SD-WAN WANOP appliances through January 24, 2020. (See Mitigations for update schedule).
With 2FA and MFA being adopted across the board, cybercriminals have devised a way to circumvent this security measure with a simple technique. By leveraging the easy security questions that mobile providers ask users when they wish to swap operator but maintain their phone number, threat actors are able to impersonate unsuspecting victims by effectively stealing their mobile number.
Last week on Malwarebytes Labs, we taught you how to prevent a rootkit attack, explained what data enrichment means, informed you about new rules on deepfakes in the US, and demonstrated how backdoors in elastic servers expose private data.
With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any company could be a potential target for a cyberattack. Companies of all shapes, sizes, and varying security maturity are asking what they could and should be doing to ensure their safeguards are primed and ready. To help answer these questions, I created a list of actions companies can take and controls they can validate in light of the current level of threats—and during any period of heightened risk—through the Microsoft lens:
A bizarre sextortion scam is attempting to trick victims that not only has their smartphone been hacked to spy upon their private lives, but also every other device they have encountered which contains a built-in camera.
Introduction Attackers are well known to install malicious software, or malware, onto compromised systems during a cyberattack. But what many may not know is that this is not the first opportunity…
The world has gone mobile and the US is leading the way. It’s estimated that that the number of smartphone users alone topped 257 million in the States in 2018. That means three-quarters (74%) of households now boast at least one mobile device. And in this new digital world, it’s mobile applications that really matter. They’re a one-click gateway to our favorite videos, live messaging, email, banking, social media and much more.
The most interesting thing I saw online this week was Venkatesh Rao’s “Internet of Beefs” essay. I don’t agree with all of it. I’m not even sure I agree with most of it. But it’s a sharp, perceptive, well-argued piece which offers an explanation for why online public spaces have almost all become battlefields, or, as he puts it:
By Kobi Eisenkraft and Asaf Fried, Threat Prevention R&D
A ransomware attack targeting the city of New Orleans has inflicted $7 million in losses so far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a recent update.
A Microsoft security advisory published last Friday warns users of a zero-day vulnerability affecting Internet Explorer 9, 10 and 11 when running on Windows 7 (recently discontinued), 8.1, 10, Server 2008, Server 2012, Server 2016, and Server 2019.
The vulnerability, indexed as CVE-2020-0674, “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” reads the advisory. The bug, which poses a moderate risk, was identified in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.
Moreover, attackers “who successfully exploited the vulnerability could gain the same user rights as the current user and gain control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Microsoft also warns that, “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
To prevent attacks on vulnerable systems, Microsoft provides users a workaround until a patch is available, emphasizing that “reduced functionality for components or features that rely on jscript.dll” is possible. The company also mentions that the mitigations steps provided should only be applied “if there is indication that you are under elevated risk”.
Users can restrict access to Jscript.dll by following the steps below:
For 32-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance.
Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks. Until a fix becomes available, the company has shared some workarounds and mitigations.