Security daily (03-08-2020)

Cyber hygiene and MAS Notice 655

In this post, I will provide guidance and resources that will help you align to the expectations of the Monetary Authority of Singapore (MAS) Notice 655 – Notice on Cyber Hygiene. The Monetary Authority of Singapore (MAS) issued Notice 655 – Notice on Cyber Hygiene on 6 Aug 2019. This notice is applicable to all […] (AWS Security Blog)

Secure deployment of Amazon SageMaker resources

Amazon SageMaker, like other services in Amazon Web Services (AWS), includes security-related parameters and configurations that you can use to improve the security posture of resources as you deploy them. However, many of these security-related parameters are optional, allowing you to deploy resources without them. While this might be acceptable in the initial exploration stage, […] (AWS Security Blog)

Religious, political leaders in Togo allegedly targeted with NSO Group spyware

The list of people allegedly targeted by NSO Group surveillance software is growing by the day. Religious and political opposition leaders in Togo were targeted last year with spyware developed by Israeli software surveillance firm NSO Group, according to security researchers at University of Toronto Munk School’s Citizen Lab. Like many of the company’s past actions, the alleged NSO surveillance in Togo used Facebook’s WhatsApp to target religious clergy and politicians, Citizen Lab researchers said. The effort was part of a broader hacking campaign that targeted thousands of WhatsApp users with NSO Group spyware in 2019, according to Citizen Lab. NSO Group has repeatedly said that its software is only sold to law enforcement or intelligence agencies in order to target terrorists and criminals. But the revelations about surveillance in Togo are just the latest allegations that NSO Group spyware has enabled surveillance of political opponents and other perceived government […] The post Religious, political leaders in Togo allegedly targeted with NSO Group spyware appeared first on CyberScoop. (CyberScoop)

A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial?

It seemed like exactly the tech startup that so many conservatives said they wanted. AllSocial was an emerging social media network that garnered more than a million users, in part by alluding to the unfounded claim that existing sites like Facebook and Twitter censor conservative political thought. AllSocial users could connect with new friends with the understanding the site would never limit how far a user’s posts would spread based on their politics, an apparent reference to allegations that Republicans repeatedly have made against Facebook and Twitter. “Viewpoint censorship is when creative expression is suppressed, removed or banned on the internet,” said a June 13 post from the AllSocial Facebook account. “Unlike other social media platforms we do not ban or shadow-ban users based on personal or political beliefs. Yep, that’s the AllSocial way.” The site and its two mobile apps have been down for more than a month, though, […] The post A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial? appeared first on CyberScoop. (CyberScoop)

DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns

The U.S. government publicly put forth information Monday that exposed malware used in Chinese government hacking efforts for more than a decade. The Chinese government has been using malware, referred to as Taidoor, to target government agencies, entities in the private sector, and think tanks since 2008, according to a joint announcement from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Department of Defense, and the FBI. The Chinese Communist Party has been using the malware, in conjunction with proxy servers, “to maintain a presence on victim networks and to further network exploitation,” according to the U.S. government’s malware analysis report (MAR). In particular, Taidoor has been used to target government and private sector organizations that have a focus on Taiwan, according to previous FireEye analysis. It is typically distributed to victims through spearphishing emails that contain malicious attachments. U.S. Cyber Command, the DOD’s offensive cyber unit, has also shared samples […] The post DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns appeared first on CyberScoop. (CyberScoop)

Monday review – our recent stories revisited

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time. (Naked Security)

How to Write Your Own Bash Script to Automate Recon

Automation has been a buzz word for quite some time now, but the principles behind it are as strong as ever. For a hacker or pentester, Bash scripting is one form of automation that cannot be ignored. Virtually any command that can be run from the terminal can be scripted — and should be, in many cases — to save valuable time and effort. And a Bash script just happens to be great for recon.

Video: .

Step 1: Start the Script

To get started, create a Bash script and name it whatever you like. I'll call mine recon.sh. Using your favorite text editor, make the first line look like this:

[code]... more (Null Byte « WonderHowTo)

Feds Arrest Teen Twitter Hack Leader, Accomplices

(News ≈ Packet Storm)

Black Hat USA 2020 Preview: Election Security, COVID Disinformation

(News ≈ Packet Storm)

Meetup Critical Flaws Allow Group Takeover, Payment Theft

(News ≈ Packet Storm)

NSO Spyware Was Used To Hack Clergy In Togo

(News ≈ Packet Storm)

Vulnerabilities Digest: July 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0 – Arbitrary File Upload 7.0.5 70000 Real Estate 7 Reflected XSS 3.0.4 8000 CarePlus Reflected XSS — 5000 WooCommerce Subscriptions Unauthenticated Stored XSS 2.6.3 10000 Careerfy Reflected XSS 4.4.0 2300 JobSearch Reflected XSS 1.5.6 1300 TC Custom JavaScript Unauthenticated Stored XSS 1.2.2 10000 Email Subscribers & Newsletters Authenticated SQL injection 4.5.1 100000 WP-Live Chat by 3CX Authenticated Stored XSS 8.2.0 50000 InJob Reflected XSS 3.4.1 1880 Travel Booking Unauthenticated SQL Injection 2.8.4 8000 Travel Booking Unauthenticated XSS 2.8.4 8000 Monalisa Reflected XSS 2.1.3 600 Adning Advertising Arbitrary File Upload 1.5.6 8000 Security & Malware scan Security Nonce Leak 2.51 5000 Testimonials Widget Authenticated Stored XSS — 30000 Highlights for July 2020:

Cross site scripting is still the most common vulnerability in WordPress Plugins.

Continue reading Vulnerabilities Digest: July 2020 at Sucuri Blog. (Sucuri Blog)

Google Updates Ad Policies to Counter Influence Campaigns, Extortion

Starting Sept. 1, Google will crack down on misinformation, a lack of transparency and the ability to amplify or circulate politically influential content. (Threatpost)

Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw

Almost two months after a high-severity flaw was disclosed - and seven months after it was first reported - Netgear has yet to issue fixes for 45 of its router models. (Threatpost)

Garmin Pays Up to Evil Corp After Ransomware Attack — Reports

The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said. (Threatpost)

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the "holy grail" for attackers. (Threatpost)

Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft

Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup "Groups." (Threatpost)


/security-daily/ 04-08-2020 23:44:23