@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data
A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.
April 18, 2019=============================================================
@RISK: The Consensus Security Vulnerability Alert
April 18, 2019 - Vol. 19, Num. 16
Providing a reliable, weekly summary of newly discovered attack vectors,
vulnerabilities with active exploits, and explanations of how recent
attacks worked
Archived issues may be found at http://www.sans.org/newsletters/at-risk
=============================================================
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES April 11 - 17
============================================================
TOP VULNERABILITY THIS WEEK: Internet Explorer vulnerability could allow attackers to steal files
******************** Sponsored By Ixia *******************
Webcast, April 24th, 1 PM ET: SANS expert Serge Borso to review Ixia's Vision ONE(TM) platform and how it can provide enhanced #security for your organization. http://www.sans.org/info/211843
============================================================
TRAINING UPDATE
-- SANS Security West 2019 | San Diego, CA | May 9-16 | https://www.sans.org/event/security-west-2019
-- SANSFIRE 2019 | Washington, DC | June 15-22 | https://www.sans.org/event/sansfire-2019
-- SANS Amsterdam May 2019 | May 20-25 | https://www.sans.org/event/amsterdam-may-2019
-- SANS San Antonio 2019 | May 28-June 2 | https://www.sans.org/event/san-antonio-2019
-- SANS London June 2019 | June 3-8 | https://www.sans.org/event/london-june-2019
-- Enterprise Defense Summit & Training 2019 | Redondo Beach, CA | June 3-10 | https://www.sans.org/event/enterprise-defense-summit-2019
-- Security Operations Summit 2019 | New Orleans, LA | June 24-July 1 | https://www.sans.org/event/security-operations-summit-2019
-- SANS Cyber Defence Canberra 2019 | June 24-July 13 | https://www.sans.org/event/cyber-defence-canberra-2019
-- SANS Cyber Defence Japan 2019 | July 1-13 | https://www.sans.org/event/cyber-defence-japan-2019
-- SANS OnDemand and vLive Training
Get an iPad Mini, Surface Go, or Take $300 Off your OnDemand or vLive course. Offer ends May 1.
https://www.sans.org/online-security-training/specials/
-- Can't travel? SANS offers online instruction for maximum flexibility
-- Live Daytime training with Simulcast - https://www.sans.org/simulcast
-- Evening training 2x per week for 6 weeks with vLive | https://www.sans.org/vlive
-- Anywhere, Anytime access for 4 months with OnDemand format | https://www.sans.org/ondemand/
-- Single Course Training
SANS Mentor | https://www.sans.org/mentor/about
Community SANS | https://www.sans.org/community/
-- View the full SANS course catalog and Cyber Security Skills Roadmap
https://www.sans.org/cyber-security-skills-roadmap
********************** Sponsored Links: ********************
1) Register to be one of the first to experience MGT516: Managing Security Vulnerabilities: Enterprise and Cloud - a new SANS course developed for CISOs, cybersecurity managers, and aspiring information security leaders. Learn More: http://www.sans.org/info/211848
2) What challenges do you face with incidents and breaches? Take the 2019 SANS Integrated Incident Response Survey and enter for a chance to win a $400 Amazon gift card.
http://www.sans.org/info/211853
3) Don't Miss "A Better Way to Answer the Question 'Are We Secure?" Register: http://www.sans.org/info/211858
============================================================
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Zero-day in Internet Explorer could be exploited even if user isn't running web browser
Description: A vulnerability in the way Microsoft Internet Explorer handles MHT files. If a user were to open a specially crafted MHT file, an attacker could gain the ability to exfiltrate local files and carry out additional spying on locally installed program version information. The interaction could even be carried out automatically withou any user interaction.
Reference: https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/
Snort SIDs: 49799, 49800
Title: New HawkEye Reborn variant emerges after ownership change
Description: Over the past several months, Cisco Talos observed ongoing malware distribution campaigns attempting to leverage the latest version of the HawkEye keylogger/stealer, HawkEye Reborn v9, against organizations to steal sensitive information and account credentials for use in additional attacks and account compromise. HawkEye is a malware kit that has been around for several years and has seen continuous development and iterations since at least 2013. It is commonly sold on various hacking forums as a keylogger and stealer that can be used to monitor systems and exfiltrate information from those systems.
Reference: https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html
Snort SIDs: 49777 - 49779
============================================================
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
Law enforcement agencies are increasingly using location data from Google to track down lists of potential suspects, often wrapping up innocent parties in investigations.
https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html
A new spear-phishing campaign targeted members of Ukraine's military and government, a continuation of an attack from 2014.
WikiLeaks founder Julian Assange's arrest drew mixed reactions from U.S. researchers and politicians. Some politicians want greater investigation into his actions, while others are worried about the potential impact this could have on future prosecutions against journalists.
Ecuador said it was targeted by 40 million cyber attacks Saturday after Assange's arrest. Assange was being held in the Ecuadorian embassy in the U.K.
http://www.securityweek.com/ecuador-says-hit-40-million-cyber-attacks-assange-arrest
Several fake apps that claim to help users increase their number of Instagram followers are actually stealing their login credentials.
https://threatpost.com/fake-instagram-apps-google-play/143786/
A massive outsourcing company in India says it's investigating a possible breach of its own IT systems.
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
=========================================================
RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM
This is a list of recent vulnerabilities for which exploits are
available. System administrators can use this list to help in
prioritization of their remediation activities. The Qualys Vulnerability
Research Team compiles this information based on various exploit
frameworks, exploit databases, exploit kits and monitoring of internet
activity.
ID:
7.1 (AV:N/AC:H/Au:S/C:C/I:C/A:C)
ID:
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
CVSS v2 Base Score:
CVSS v2 Base Score:
CVSS v2 Base Score:
CVSS v2 Base Score:
CVSS v2 Base Score:
CVSS v2 Base Score:
free posters) or to update a current subscription, visit
SANS Institute, 8120 Woodmont Ave., Suite 310, Bethesda, MD 20814-2743