BuzzSec

Daniel R. Coats, Director of National Intelligence reported on Threats to US national security on January 29, 2019. He gave big picture, geo-politics data and had a few paragraphs specifically dedicated to cyber threats. I'm quoting them below, and there is a link to the full PDF at the end. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/worldwide-threat-assessments-of-the-us-intelligence-community-cyber

A year ago , the Norwegian Consumer Council published an excellent security analysis of children's GPS-connected smart watches. The security was terrible. Not only could parents track the children, anyone else could also track the children. A recent analysis checked if anything had improved after that torrent of bad press. Short answer: no. Guess what: a train wreck. Anyone could access the entire database, including real time child location, name, parents details etc. Not just Gator watches either -- the same back end covered multiple brands and tens of thousands of watches The Gator web backend was passing the user level as a parameter. Changing that value to another number gave super admin access throughout the platform. The system failed to validate that the user had the appropriate permission to take admin control! This means that an attacker could get full access to all account information and all watch information. They could view any user of the system and any device

A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection devices, because it's entirely legit by using the Docusign infrastructure. Prime example of an info grabbing phish that does not use a malicious payload.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/brilliant-new-social-engineering-phish-please-docusign-funding-for-your-business

The security is terrible : In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private key have been extracted. Boing Boing post . from Schneier on Security https://www.schneier.com/blog/archives/2019/01/security_analys_6.html

Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/hacking-humans-is-the-no.-1-podcast-covering-social-engineering

Original release date: January 30, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below: Wednesday, February 6 Friday, February 22 CISA encourages MSPs and their customers to register for the briefing by clicking on one of the dates listed above. The briefing will provide a background on the identified cyber activity and mitigation techniques.    This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/01/30/NCCIC-Awareness-Briefing-Chinese-Malicious-Cyber-Activity

Original release date: January 30, 2019 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension Mechanisms Protocol for DNS (EDNS). While the updates will improve DNS operations, some domains served by DNS servers operating out-of-date software may become unavailable. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review MS-ISAC's Cyber Alert: DNS Flag Day for more information and the DNS Flag Day website to determine whether a domain name will be affected. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Rea

Original release date: January 30, 2019 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/01/30/Mozilla-Releases-Security-Update-Thunderbird

Original release date: January 29, 2019 Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.   The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/01/29/Google-Releases-Security-Updates-Chrome

We are pleased to announce the latest ModStore publisher, Syntrio with 8 new modules live already and 17 more to come in the coming weeks.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/modstore-release-announcement-8-new-courses-from-syntrio

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xxi/8

Original release date: January 29, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/01/29/Mozilla-Releases-Security-Updates-Firefox

This is kind of a crazy iPhone vulnerability : it's possible to call someone on FaceTime and listen on their microphone -- and see from their camera -- before they accept the call. This is definitely an embarrassment , and Apple was right to disable Group FaceTime until it's fixed. But it's hard to imagine how an adversary can operationalize this in any useful way. New York governor Andrew M. Cuomo wrote: "The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk." Kinda, I guess. from Schneier on Security https://www.schneier.com/blog/archives/2019/01/iphone_facetime.html

  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-9-5-infographic-q4-2018-top-clicked-phishing-email-subjects-from-knowbe4

Today saw the arrival of yet another interesting variant of the gift card phishing campaigns that have grown into a deluge over the past few months (see below). Today's email demonstrates that bad guys are actively adapting and evolving their pitch. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/bad-guys-now-bribing-users

Original release date: January 28, 2019 The CERT Coordination Center (CERT/CC) has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Note VU#465632 and apply the necessary workarounds. This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2019/01/28/CERTCC-Reports-Microsoft-Exchange-2013-and-Newer-are-Vulnerable

Original release date: January 28, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium sever