image
Microsoft has issued fixes for 36 CVEs for December 2019 Patch Tuesday across a range of products, with seven of them rated critical in severity – and one that’s already being exploited in the wild as a zero-day bug. The computing giant’s scheduled security update this month is relatively light, and includes patches for Microsoft Windows, Internet Explorer, Microsoft Office and related apps, SQL Server, Visual Studio and Skype for Business. In all, December Patch Tuesday addressed seven bugs that are rated critical, 28 that are rated important, and one that rated moderate in severity. Zero-Day Bug Exploited in the Wild CVE-2019-1458 is an elevation-of-privilege vulnerability in Win32k, which has a live zero-day exploit circulating in the wild. The exploit allows attackers to gain higher privileges on the attacked machine and avoid protection mechanisms in the Google Chrome browser, researchers said. “An attacker could exploit the flaw to execute arbitrary code in kernel mode on the victim’s system,” said Satnam Narang, senior research engineer at Tenable, via email. “From there, the attacker could perform a variety of actions, such as creating a new account with full user rights, installing programs, and viewing, changing or deleting data.” The one caveat is that to exploit the flaw, an attacker would need to have previously compromised the system using another vulnerability – thus, it’s rated only as important in severity and carries a CVSSv3 base score of 7.8 out of 10….

Source

image
The city of Pensacola, Fla., said it has been hit by a cyberattack that shut down the city’s computer networks and affected its systems. The attack occurs just days after a shooting occurred Friday at U.S. military base Naval Air Station Pensacola, leaving three dead. Pensacola’s mayor, Grover Robinson, told news outlets that he didn’t know if the cyberattack was connected to that incident. “In light of the shooting Friday at Naval Air Station Pensacola, the City of Pensacola notified the Federal Bureau of Investigation, Department of Homeland Security and Florida Department of Law Enforcement about the incident as a precaution,” the city said in a Monday evening press release. Pensacola, which has a total population of 51,923 (as of 2010), is the westernmost city in the Florida Panhandle. The city, which was first hit by the cyberattack on Saturday, said that the incident affected city email and landlines, the 311 customer service line, and online bill payments for Pensacola Energy and City of Pensacola Sanitation Services. “The City of Pensacola’s Technology Resources Department is continuing to work diligently to address a cyberattack that occurred early Saturday morning, Dec. 7,” the city said. “As a result of the incident, Technology Resources staff disconnected computers from the city’s network until the issue can be resolved.” The city said it does not yet have an estimate on when services will be fully restored. Pensacola also did not reveal any further information…

Source

image
A fresh ransomware variant known as “Snatch” has been spotted in campaigns, forcing Windows machines to reboot into Safe Mode before beginning the encryption process. It’s one of multiple components of a malware constellation being used in carefully orchestrated attacks that also feature rampant data collection. According to researchers with SophosLabs, Snatch runs itself in an elevated permissions mode, and sets registry keys that instruct Windows to run it following a Safe Mode reboot. “It the quickly reboots the computer into Safe Mode, and in the rarefied Safe Mode environment, where most software (including security software) doesn’t run, Snatch encrypts the victims’ hard drives,” explained Andrew Brandt, SophosLabs researcher, in a Monday posting. Snatch’s operators appear to have been active since the summer of 2018, according to the analysis – however, the Safe Mode aspect is a newly added feature. “SophosLabs feels that the severity of the risk posed by ransomware which runs in Safe Mode cannot be overstated,” Brandt said. Snatch Collection of Malware Snatch attacks Windows machines with a collection of malware that includes the ransomware executable; a custom-built data stealer; a Cobalt Strike reverse-shell; and several publicly available tools that are typically used by penetration testers, system administrators or technicians. It’s also all obfuscated by an open-source packer called UPX. The adversaries (which call themselves “Snatch Team” in an homage to the…

Source

image
Adobe Systems is stomping out 17 critical vulnerabilities in Acrobat Reader, Photoshop and Brackets, which could lead to arbitrary code execution if exploited. Overall, Adobe released patches – as part of its regularly-scheduled updates – addressing 25 CVEs across various products, including its Acrobat Reader PDF viewer; Photoshop editing tool; ColdFusion 2018 commercial rapid web-application development platform; and Brackets, its source-code editor primarily focused on web development. No exploits for these vulnerabilities have been detected in the wild thus far, said Adobe. In Adobe Acrobat and Reader, Adobe fixed 14 critical arbitrary code execution flaws, including out-of-bounds write glitches (CVE-2019-16450, CVE-2019-16454), use after free flaws (CVE-2019-16445, CVE-2019-16448, CVE-2019-16452, CVE-2019-16459, CVE-2019-16464), untrusted pointer dereference vulnerability (CVE-2019-16446, CVE-2019-16455, CVE-2019-16460, CVE-2019-16463), a heap overflow (CVE-2019-16451), buffer error (CVE-2019-16462) and a security bypass (CVE-2019-16453). Adobe also fixed seven “important”-rated flaws in Acrobat Reader. Users are encouraged to update to Acrobat DC and Acrobat Reader DC Continuous versions 2019.021.20058 (for Windows and MacOS); Acrobat and Acrobat Reader Classic 2017 version 2017.011.30156 (for Windows and MacOS) and Acrobat and Acrobat Reader Classic 2015 version 2015.006.30508 (for Windows and MacOS). The update is a Priority 2, which according to Adobe “resolves…

Source

image
Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things (IoT) cameras (not to be confused with the Blink open-source browser engine), consist of a wireless camera and monitoring system for consumers. The flaws could enable attackers without access to the devices to view camera footage, listen to audio output and hijack the device for use in a botnet, Tenable researchers disclosed on Tuesday. Amazon has been notified of the flaws and has rolled out patches. “Connected devices, like Blink cameras, are everywhere. Precisely for that reason, cybercriminals are focused on compromising them,” said Renaud Deraison, co-founder and CTO with Tenable, in a statement. “Manufacturers of IoT devices have an opportunity and an obligation to ensure that effective security is baked into the overall design from the start and not bolted on as an afterthought. This is especially critical when the device in question is a security camera.” Overall, seven CVEs were disclosed in Blink. The most serious vulnerability is a command injection flaw stemming from the sync module update (CVE-2019-3984), which exists in Blink’s cloud communication endpoints for providing updates to devices or obtaining network information. When checking for updates, the device first obtains an update helper script (sm_update) from the web, and then immediately runs the content…

Source

image
The 2020 Cybersecurity Salary Survey was an online survey published to gain insight into the details related to cybersecurity compensation. It was completed by over 1,500 security professional respondents. Today you can access the aggregated and analyzed 2020 Cybersecurity Salary Survey Results and gain insight into the main ranges and factors of current cybersecurity salaries. The data enabled the conductors of the survey to form a detailed salary profile for five security positions: Security Analyst/Threat Intelligence Specialist, Security/Cloud Security Architect, Penetration Tester and Security Director/Manager. This profile includes both the range and composition of salaries for these positions, as well as the relative impacts of organizational (geolocation, industry, etc.) and individual (gender, experience, certification) factors. Using the survey results (download here), any individual can go to the section relevant to his or her role and learn how their salary benchmarks against the respective range and factors and then utilize this knowledge in any decision making that involves a compensation aspect. Apart from this, the data collected both validated and refuted some previous assumptions regarding the relative weight of factors such as geolocation, certification, and others. Here is an assortment of interesting facts: Geolocation Matters. Security Analysts in NAM get a significantly higher salary than their counterparts in the EMEA and APAC, with more than 80%…

Source

image
The Department of Homeland Security (DHS) has reconsidered a plan to use facial-recognition technology on all U.S. citizens traveling internationally through airports, deciding to roll back the plan after meeting with privacy experts. Last week the DHS said it would expand facial recognition checks to all travelers entering and leaving the U.S., including previously-exempt U.S. citizens. However, now the agency is saying it won’t be required after hearing feedback from privacy advocates, according to an online statement. “U.S. citizens may opt out of the biometric facial comparison process by notifying a CBP officer or airline representative,” according to the statement. “Individuals who opt out simply present their passport for visual inspection, as is standard practice at ports of entry today.” Various airports have implemented facial-recognition checks through the “Biometric Exit” program, which the U.S. Customs and Border Protection (CBP) first introduced in 2015. As of April, the program was operational in 17 airports, with the agency reportedly planning to expand that number to 20 by 2021. The CBP is currently required by law to biometrically record the entry of foreigners into the United States, according to the DHS. Agents compare traveler photos taken at the gate with existing images that have been stored “in a secure environment” – including photographs taken during the entry inspection, photographs from U.S. passports and visas, and images “from previous DHS…

Source

image
A third-party government supplier has exposed hundreds of thousands of applications containing birth-certificate data. The trove of information is owned by a company that provides an online platform to state governments – including California, New York and Texas – that allows residents to request copies of vital records. Fidus Information Security found the database hosted in an Amazon Web Services (AWS) storage bucket that was left open to the internet. The bucket contained more than 752,000 applications, with names, addresses, email, phone numbers, family member info, dates of birth and the reason for making the application. According to TechCrunch, which verified the data, the bucket is still open – and updates daily. In one week, it added 9,000 applications to the database. The owner didn’t respond to multiple contact efforts; Amazon said that it would notify the owner, but no action has been taken, according to Fidus. For that reason, the company has not been named. “That repeated contacts went unanswered is a clue that the company delivering this service likely is being operated using a high degree of automation and with a limited understanding of how valuable the data they interact with might be,” said Tim Mackey, principal security strategist, Synopsys CyRC, via email. “Properly securing any data store is 101 level work, but we consistently see companies omitting this critical task from their ‘go-live’ checklist.” This is only the latest incident of data being left…

Source

image
A Romanian duo has been sentenced to jailtime for infecting 400,000 computers with malware that stole credentials and financial information, and scammed victims out of millions of dollars. The two Romanian hackers, Bogdan Nicolescu, 37, and Radu Miclaus, 37, were sentenced to 20 years and 18 years in prison, respectively, on Friday. The sentencing comes after the pair were each convicted in April by a federal jury in Ohio on 21 charges, including conspiracy to commit wire fraud, conspiracy to traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and 12 counts each of wire fraud. “These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” said FBI Special Agent in Charge Eric Smith in a statement on Friday. “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.” Since 2007, the two allegedly operated a cybercrime ring called “Bayrob Group” out of Bucharest, Romania. The group developed malware and distributed it through malicious emails to victims, purporting to be from companies like Western Union, Norton AntiVirus and the IRS. But when recipients clicked on an attached file, malware was installed…

Source

image
Phishers are out in force to scam aficionados of the Elder Scrolls Online video game into giving up their account details. The crooks are posing as developers for the game under the moniker “ElderScrollDevs,” and targeting those with PlayStation consoles (and possibly others), according to a Reddit post by a scam recipient. They’re sending random private messages to users warning of a purported security issue. “We have noticed some unusual activity involving this account,” reads the “warning.” “To be sure you are the rightful owner, we require you to response [sic] to this alert with the following Account information so that you may be verified.” The victims are then told that they have 15 minutes to fill in their email address, password and date of birth on the account, or else they will be blocked from the game: The phishing message. Click to enlarge. “Under the current circumstances, you have 15 minutes from opening this alert to respond with the required information. Failure to do so will result in an immediate Account Ban, permanently losing online access to our servers on all platforms, along with all characters associated with the account in question. Please be sure to double check your information spelling before sending.” The Elder Scrolls Online is a high-fantasy role-playing game (complete with elves, dwarves, orcs and so on), set on the continent of Tamriel. It was developed by ZeniMax Online Studios, and features a storyline indirectly connected with the…

Source