Threat Roundup for March 22 to March 29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 22 and March 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

KB4465659 BitLocker Security Feature Bypass Vulnerability

The remote Windows host is missing security update 4465659. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploi...

Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities

LockerGoga, the malware that took down Norsk Hydro last week, has taken the industrial world by storm, as researchers race to uncover more about the mysterious ransomware that crippled several of the aluminum maker’s plants. Questions still remain about how the malware first infects the system it...

ThreatList: Remote Workers Threaten 1 in 3 Organizations

While IT leaders see the benefits of remote working and understand that millennial-friendly telecommuting is unlikely to go anywhere anytime soon, many still fear that the potential of employees to access corporate resources via public Wi-fi and the use of personal devices opens their organizatio...

MGASA-2019-0105 Updated python-gnupg packages fix security vulnerability

When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

Nextcloud: Predictable Random Number Generator

Description: The mobile application uses a predictable Random Number Generator RNG. Under certain conditions this weakness may jeopardize mobile application data encryption or other protection based on randomization. For example, if encryption tokens are generated inside of the application and an...

RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope

SAN FRANCISCO – An insidious reconnaissance campaign discovered in 2018, dubbed Operation Sharpshooter, is much more widespread than previously thought, researchers said. Operation Sharpshooter was first disclosed in December 2018, using a never-before-seen implant framework to infiltrate global...

On the Security of Password Managers

There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? Al...

Payroll Provider Gives Extortionists a Payday

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...

Hacker destroys VFEmail service, wipes backups

An email service called VFEmail was essentially put out of business after a hack intended to delete everything in and out of sight. "Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and...

Solving the TLS 1.0 problem

The use of Transport Layer Security TLS encryption for data in transit is a common way to help ensure the confidentiality and integrity of data transmitted between devices, such as a web server and a computer. However, in recent years older versions of the protocol have been shown to have...

CVE-2018-1959

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633...

CVE-2019-0030

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

DEBIAN-CVE-2018-20217

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...

Zero Trust part 1: Identity and access management

Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, Ill define Zero Trust and then discuss the first step to enabling a Zero Trust modelstrong identity and access management. In subsequent blogs, well cove...

Nextcloud: Retrieval and alteration of exposed media on Android Oreo

Good afternoon. Any media downloaded from the cloud server within the Android app is subject to third party modification and server re-upload without explicit user consent. This happens at least on Android Oreo, as data is automatically stored on shared folder...

Google Beefs Up Android Key Security for Mobile Apps

Google is making a few tweaks to its tools for Android mobile developers to boost the security of their wares – an apropos announcement against the backdrop of recent security issues stemming from poor development practices. Cryptographical changes this week for Android Keystore give developers...

CVE-2018-1887

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM...

Security Bulletin: The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Summary The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Vulnerability Details CVEID: CVE-2018-1650 Description: IBM QRadar Incide...