Latest News Articles

				
--- TLP:WHITE ---
(https://first.org/tlp/)

########################################################
#### CSIRT-IE End of Week Report ####
########################################################

Date   : Friday 19-07-2019 10:00 ; Friday 26-07-2019 10:00

Concerns regarding the continued development of exploits for the Windows RDP 
Vulnerability (CVE-2019-0708) known as BlueKeep, remain prevalent and the NCSC
would urge you to patch affected systems as a matter of urgency.

Another vulnerability that caught our eye this week is CVE-2019-12815 (article 
below). This vulnerability, with a base score of 9.8, allows attackers to 
connect to vulnerable instances of ProFTPd and potentially execute arbitrary
code. There are roughly 28,000 servers worldwide that allow anonymous access
to ProFTPd (circa 56 in IE). A patch addressing this vulnerability is 
available and there is also a workaround available where admins can disable 
the mod_copy module in the ProFTPd configuration file.

=====================================
= News =
=====================================
− Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens
Forcefully
If you are in Kazakhstan and unable to access the Internet service
without installing a certificate, you're not alone. The Kazakhstan
government has once again issued an advisory to all major local Internet
Service Providers (ISPs) asking them to make it mandatory for all their
customers to install government-issued root certificates on their
devices in order to regain access to the Internet

https://thehackernews.com/2019/07/kazakhstan-https-security-certificate
.html


− Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed
A contractor for the Russian Federal Security Service (FSB) has been
hacked and secret projects that were being developed for the
intelligence agency were leaked to Russian Media. These projects detail
Russia's attempt to de-anonymize users on the Tor network, collect data
from social networks, and how to isolate the Russian internet

https://www.bleepingcomputer.com/news/security/russian-fsb-intel-agency
-contractor-hacked-secret-projects-exposed/


− Louisiana Declares Cybersecurity State of Emergency
A series of attacks on school district systems leads the governor to
declare the state’s first cybersecurity state of emergency.

https://www.darkreading.com/attacks-breaches/louisiana-declares-
cybersecurity-state-of-emergency/d/d-id/1335350


− South Africans shivering in the dark after file-scrambling nasty
hits Johannesburg power biz
City says no data stolen in ransomware outbreak, some prepaid punters
without 'leccy The city of Johannesburg in South Africa is battling to
get electricity to some customers left in the dark by a ransomware
infection.…

https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/


=====================================
= Vulnerabilites =
=====================================

− ProFTPD Vulnerability Lets Users Copy Files Without Permission
Under certain conditions, ProFTPD servers are vulnerable to remote code
execution and information disclosure attacks after successful
exploitation of an arbitrary file copy vulnerability in the mod_copy
module. ProFTPd is an open-source and cross-platform FTP server with
support for most UNIX-like....

https://www.bleepingcomputer.com/news/security/proftpd-vulnerability-
lets-users-copy-files-without-permission/


− Critical Flaw in VLC Media Player Discovered by German Cybersecurity
Agency
A critical security flaw in VLC Media Player has recently been
discovered by German cybersecurity watchdog CERT-Bund, who warns that a
successful attack would allow for remote code execution. The
vulnerability exists in VLC Media Player version 3.0.7.1, according to
the official CVE-2019-13615, which is the latest stable release of the
application. “VideoLAN VLC media player 3.0.7.1 has a heap-based buffer
over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.
cpp when ...

https://news.softpedia.com/news/critical-flaw-in-vlc-media-player-
discovered-by-german-cybersecurity-agency-526768.shtml


− Hackers Exploit Recent WordPress Plugin Bugs for Malvertising
An ongoing malvertising campaign is targeting an unauthenticated stored
cross-site scripting (XSS) vulnerability in the Coming Soon Page &
Maintenance Mode WordPress plugin according to Wordfence's Defiant
Threat Intelligence team. The now patched flaw allows unauthenticated
attackers to inject....

https://www.bleepingcomputer.com/news/security/hackers-exploit-recent-
wordpress-plugin-bugs-for-malvertising/


− Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target
List
Cybersecurity researchers have discovered a new variant of WatchBog, a
Linux-based cryptocurrency mining malware botnet, which now also
includes a module to scan the Internet for Windows RDP servers
vulnerable to the Bluekeep flaw. BlueKeep is a highly-critical,
wormable, remote code execution vulnerability in the Windows Remote
Desktop Services that could allow an unauthenticated remote

https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html


=====================================
= Community News =
=====================================
− Software used against online extremists to tackle anti-vaxxers
that confronts anti-vaccination theories under development by UK’s
MoonshotTechnology used to counter violent messages online from Islamic
State and the far right is being adapted to counter the spread of
“anti-vax” conspiracy theories.

https://www.theguardian.com/society/2019/jul/21/software-used-against-
online-extremists-to-tackle-anti-vaxxers


− New York City moves to protect citizens’ location data
New York City is considering a law that could stop cellphone carriers
and smartphone app vendors from selling their location data.

https://nakedsecurity.sophos.com/2019/07/25/nyc-moves-to-protect-citizens
-location-data


− Facebook Agrees to Pay $5 Billion Fine and Setup New Privacy Program
for 20 Years
The Federal Trade Commission (FTC) today officially confirmed that
Facebook has agreed to pay a record-breaking $5 billion fine over
privacy violations surrounding the Cambridge Analytica scandal. Besides
the multibillion-dollar penalty, the company has also accepted a 20-year
-long agreement that enforces it to implement a new organizational
framework designed to strengthen its data privacy

https://thehackernews.com/2019/07/ftc-facebook-privacy-program.html



--- TLP:WHITE ---