CIRCL (Twitter feed) @circl@mastodon.opencloud.lu
- Web site:
- https://www.circl.lu/
- Twitter:
- https://twitter.com/circl_lu
CIRCL is the #CERT (Computer Emergency Response Team) for the private sector, communes and non-governmental entities in #Luxembourg.
Joined Nov 2019
Unbound 1.10.1 has been released with fixes for two vulnerabilities discovered in Unbound: CVE-2020-12662 and CVE-2020-12663.
Background information on #NXNSATTACK see
http://www.nxnsattack.com
For release notes, see
https://www.nlnetlabs.nl/news/2020/May/19/unbound-1.10.1-released/ …
"OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact"
"An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125."
"An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community."
Improper fix to the RDP vulnerability (CVE-2019-0887) "fixed' with CVE-2020-0655 but, "as we’ve seen when analyzing Microsoft’s patch for CVE-2020-0655, this fix does not address the core vulnerability in the PathCchCanonicalize function."
https://research.checkpoint.com/2020/reverse-rdp-the-path-not-taken/ …
One more TLP:WHITE Memo for the road!
Read up on the recent spate of data breaches affecting several digital services companies and the single threat actor claiming to be behind it.
"An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps "
If you want to run your own @MISPProject server to consume threat intel feeds - here is a blog describing how to stand one up and add the Microsoft COVID-19 feed as well as instructions on how automatically ingest data from MISP into Azure #Sentinel
https://techcommunity.microsoft.com/t5/azure-sentinel/integrating-open-source-threat-feeds-with-misp-and-sentinel/ba-p/1350371 …
"The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. "
The SnT Annual Report is out! Learn more about our strategic research areas, activities and interdisciplinary projects, such as our work on @MISPProject in collaboration with @circl_lu @secin_lu (p. 30)
https://twitter.com/snt_uni_lu/status/1260532900619059200 …
"SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting."
"It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered."
"Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to."
Don't hesitate to submit your suspicious url to url-abuse
https://www.circl.lu/urlabuse/ these can be also analysed in Lookyloo to give a graphical overview including screenshot of the url.pic.twitter.com/1M3fkREZO9
Red Canary's @forensicitguy looks at 'Blue Mockingbird', a cluster of attacks against Windows machines to install Monero miners
https://redcanary.com/blog/blue-mockingbird-cryptominer/ …pic.twitter.com/S2RBZblZcP
"...this activity is consistent with our assessment that MAZE operates under an affiliate model and is not distributed by a single group..." #Ransomware
https://twitter.com/tiskimber/status/1258561113962225664 …pic.twitter.com/grlFyoG2fE
"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control."
"An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30"
"There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone..."
The agenda of the EU ATT&CK Community workshop is online now
https://attack-community.org/event/ . Registration is open until this weekend. @CERTEU @MITREattack @circl_lu
- Web site:
- https://www.circl.lu/
- Twitter:
- https://twitter.com/circl_lu
CIRCL is the #CERT (Computer Emergency Response Team) for the private sector, communes and non-governmental entities in #Luxembourg.
Joined Nov 2019
