Latest News Articles

				
--- TLP:WHITE ---
(https://first.org/tlp/)

########################################################
#### CSIRT-IE End of Week Report ####
########################################################

Date   : Friday 02-08-2019 10:00 ; Friday 09-08-2019 10:00

=====================================
= News =
=====================================

− Welcoming the Irish Government to Have I Been Pwned
Over the last year and a bit I've been working to make more data in HIBP 
freely available to governments around the world that want to monitor 
their own exposure in data breaches. Like the rest of us, governments 
regularly rely on services that fall victim to attacks resulting in data 
being....

https://www.troyhunt.com/welcoming-the-irish-government-to-have-
i-been-pwned/

− Class-action sueball flung at Capital One and GitHub over theft of 106 
million folks' details
Data loss is lawyers' gain Code repository GitHub and credit-card-flinger 
Capital One are facing down a potential class-action lawsuit in the US 
accusing them of negligence over the loss of 106 million individuals' 
personal data .…

https://www.theregister.co.uk/2019/08/05/github_and_capital_one_hit_
by_class_action_suit/

− How 5G Networks Can Pave Way for Long-Promised Industry Strides
TREND ANALYSIS: Many new capabilities are on the horizon with 5G 
connectivity: 5G networks in vehicles and alongside roads will let 
autonomous cars and trucks see road far ahead of them, overtake safely 
and avoid obstacles. Robotic surgery will likely become more widespread. 
And that's not all.

https://www.eweek.com/networking/how-5g-networks-can-pave-way-for-long
-promised-industry-strides

− Googlers hate it! This one weird trick lets websites dodge Chrome 76's 
defenses, detect you're in Incognito mode
Three key words: File, write, benchmark A week ago, Google released 
Chrome 76, which included a change intended to prevent websites from 
detecting when browser users have activated Incognito mode.…

https://www.theregister.co.uk/2019/08/05/chrome_incognito_mode_fix_
falls_flat/

− It's 2019 – and you can completely pwn a Qualcomm-powered Android over 
the air
Grab security patches now from chip designer, Google Black Hat It is 
possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android 
phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This 
likely affects millions of Android devices.…

https://www.theregister.co.uk/2019/08/06/qualcomm_android_security
_patches/

− Farmers fighting cyber crime, fly-tipping and livestock theft - Irish 
Farmers Journal
The face of rural crime is changing, and it’s changing the countryside, 
according to a new NFU Mutual report on rural crime in the UK. Farmers 
and rural communities are now fighting criminals on a number of 
different fronts. NFU Mutual has highlighted four areas farmers are 
battling against on rural crime: Cyber crime.

https://www.farmersjournal.ie/farmers-fighting-cyber-crime-fly-tipping
-and-livestock-theft-484155

− Symantec sell enterprise security assets for US$ 10.7 billion to 
Broadcom
Symantec Corp. has entered into a definitive agreement to sell its 
Enterprise Security assets, which include the Symantec name, to Broadcom 
Inc., for US$ 10.7 billion in cash. The transaction, which was approved 
by Symantec’s Board of Directors, is expected to close before the end of 
the calendar year pending regulatory approvals.

https://www.geekzone.co.nz/content.asp?contentId=22095

=====================================
= Vulnerabilities =
=====================================

− CVE-2018-20900 (cpanel)
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair 
functionality (SEC-399).

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20900

− KDE Linux Desktops Could Get Hacked Without Even Opening Malicious 
Files
If you are running a KDE desktop environment on your Linux operating 
system, you need to be extra careful and avoid downloading any 
".desktop" or ".directory" file for a while. A cybersecurity researcher 
has disclosed an unpatched zero-day vulnerability in the KDE software 
framework that could allow maliciously crafted .desktop and .directory 
files to silently run arbitrary code on a user's

https://thehackernews.com/2019/08/kde-desktop-linux-vulnerability.html

− Millions of Devices With Intel CPUs Exposed to SWAPGS Attack
Researchers have discovered yet another speculative execution 
vulnerability that can allow attackers to steal potentially sensitive 
information from devices with Intel processors. read more

https://www.securityweek.com/millions-devices-intel-cpus-exposed-
swapgs-attack

− SA19080701 Cisco products Multiple Vulnerabilities
Multiple vulnerabilities have been identified in Cisco Products, which 
could be exploited by attackers to cause the following impact(s): Denial 
of Service Elevation of Privilege Remote Code Execution Security 
Restriction Bypass

https://www.hkcert.org/my_url/en/alert/19080701

− Your Apple iPhone could be hacked by a simple message, update now!
Aug 09, 2019 11:32:33 IST. A Google Project Zero security researcher has 
found multiple bugs in Apple’s iMessage platform that will allow a 
hacker to remotely hack into an iPhone with just a message. Natalie 
Silvanovich, the researcher in question, presented her findings at the 
Black Hat security conference in Las Vegas on 7 August.

https://www.firstpost.com/tech/news-analysis/your-apple-iphone-could-be
-hacked-by-a-simple-message-update-now-7136231.html


=====================================
= Community News =
=====================================

− Hack-age delivery! Wardialing, wardriving... Now warshipping: 
Wi-Fi-spying gizmos may lurk in future parcels
Maybe, maybe not. These hack-in-a-box widgets are something to think 
about at least, says Big Blue Black Hat IBM's X-Force hacking team have 
come up with an interesting variation on wardriving – you know, when you 
cruise a neighborhood scouting for Wi-Fi networks. Well, why not try 
using the postal service instead, and called it "warshipping," Big 
Blue's eggheads suggested earlier today.…

https://www.theregister.co.uk/2019/08/07/ibm_warshipping_wifi_package/

− Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V
A vulnerability in Microsoft's Remote Desktop Protocol (RDP) can also be 
used to escape virtual machines running on Hyper-V, the virtualization 
technology in Azure and Windows 10. [...]

https://www.bleepingcomputer.com/news/security/microsoft-ignored-rdp
-vulnerability-until-it-affected-hyper-v/

− Apple expands bug bounty to macOS, raises bug rewards
Apple also announces it will provide selected security researchers with 
access to special "hackable" phones. Three years after it launched its 
bug bounty program on the Black Hat 2016 stage, Apple returned today to 
the same security conference to announce it is expanding the program.

https://www.theverge.com/2019/8/8/20756638/apple-macos-security-
bug-bounty-rewards-program

--- TLP:WHITE ---