DEF CON 27, Aviation Village, Exploding Lemur’s ‘In The Air And On The Air Aviation Radio Systems’

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2020/1/20/def-con-27-aviation-village-exploding-lemurs-in-the-air-and-on-the-air-aviation-radio-systems

DEF CON 27, Aviation Village, Art Manion’s ‘Ideas Whose Time Has Come CVD SBOM And SOTA’

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/nb1TOtXfwbA

Teardown: BilBot Bluetooth Robot

Historically, the subject of our January teardown has been a piece of high-tech holiday lighting from the clearance rack; after all, they can usually be picked up for pocket change once the trucks full of Valentine’s Day merchandise start pulling up around the back of your local Big Box retailer. But this year, we’ve got something a little different.

AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0 to address CVE-2019-19781. Citrix expects to release updates for other vulnerable versions of Citrix ADC, Gateway, and SD-WAN WANOP appliances through January 24, 2020. (See Mitigations for update schedule).[1]

Is SMS Two-Factor Authentication Secure?

With 2FA and MFA being adopted across the board, cybercriminals have devised a way to circumvent this security measure with a simple technique. By leveraging the easy security questions that mobile providers ask users when they wish to swap operator but maintain their phone number, threat actors are able to impersonate unsuspecting victims by effectively stealing their mobile number.

How companies can prepare for a heightened threat environment

With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any company could be a potential target for a cyberattack. Companies of all shapes, sizes, and varying security maturity are asking what they could and should be doing to ensure their safeguards are primed and ready. To help answer these questions, I created a list of actions companies can take and controls they can validate in light of the current level of threats—and during any period of heightened risk—through the Microsoft lens:

Defend Yourself Now and in the Future Against Mobile Malware

The world has gone mobile and the US is leading the way. It’s estimated that that the number of smartphone users alone topped 257 million in the States in 2018. That means three-quarters (74%) of households now boast at least one mobile device. And in this new digital world, it’s mobile applications that really matter. They’re a one-click gateway to our favorite videos, live messaging, email, banking, social media and much more.

The marketplace of ideas is a weapons market now

The most interesting thing I saw online this week was Venkatesh Rao’s “Internet of Beefs” essay. I don’t agree with all of it. I’m not even sure I agree with most of it. But it’s a sharp, perceptive, well-argued piece which offers an explanation for why online public spaces have almost all become battlefields, or, as he puts it:

Microsoft reports Zero-Day Internet Explorer vulnerability exploited in the wild

A Microsoft security advisory published last Friday warns users of a zero-day vulnerability affecting Internet Explorer 9, 10 and 11 when running on Windows 7 (recently discontinued), 8.1, 10, Server 2008, Server 2012, Server 2016, and Server 2019. 

The vulnerability, indexed as CVE-2020-0674, “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” reads the advisory. The bug, which poses a moderate risk, was identified in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.

Moreover, attackers “who successfully exploited the vulnerability could gain the same user rights as the current user and gain control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft also warns that, “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

To prevent attacks on vulnerable systems, Microsoft provides users a workaround until a patch is available, emphasizing that “reduced functionality for components or features that rely on jscript.dll” is possible. The company also mentions that the mitigations steps provided should only be applied “if there is indication that you are under elevated risk”.

Users can restrict access to Jscript.dll by following the steps below:

For 32-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N