SANS Institute | Newsletters

@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data

A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.

January 2, 2020

=============================================================

@RISK: The Consensus Security Vulnerability Alert

January 02, 2020 - Vol. 20, Num. 01

Providing a reliable, weekly summary of newly discovered attack vectors,

vulnerabilities with active exploits, and explanations of how recent

attacks worked

Archived issues may be found at http://www.sans.org/newsletters/at-risk

=============================================================

CONTENTS:

NOTABLE RECENT SECURITY ISSUES

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

MOST PREVALENT MALWARE FILES Dec. 26 - Jan. 2

============================================================

TOP VULNERABILITY THIS WEEK: Bug in Citrix leaves corporate local networks open to attack

******************** Sponsored By SANS *******************

Attend SANS Open-Source Intelligence Summit | Alexandria, VA | February 18-24

Hear leading security practitioners and investigators share proven techniques and tools that can be applied to OSINT gathering and analysis. http://www.sans.org/info/215140

============================================================

TRAINING UPDATE

-- SANS Security East 2020 | New Orleans, LA | February 1-8 | https://www.sans.org/event/security-east-2020

-- SANS Threat Hunting & IR Summit & Training | London, UK | January 13-19, 2020 | https://www.sans.org/event/threat-hunting-europe-2020

-- SANS Tokyo January 2020 | January 20-25 | https://www.sans.org/event/tokyo-january-2020

-- SANS Amsterdam January 2020 | January 20-25 | https://www.sans.org/event/amsterdam-january-2020

-- SANS Scottsdale 2020 | February 17-22 | https://www.sans.org/event/scottsdale-2020

-- Open-Source Intelligence Summit & Training 2020 | Alexandria, VA | February 18-24 | https://www.sans.org/event/osint-summit-2020

-- SANS Northern VA-Reston Spring 2020 | March 2-7 | https://www.sans.org/event/northern-va-spring-reston-2020

-- Blue Team Summit & Training 2020 | Louisville, KY | March 2-9 | https://www.sans.org/event/blue-team-summit-2020

-- ICS Security Summit & Training 2020 | Orlando, FL | March 2-9 | https://www.sans.org/event/ics-security-summit-2020

-- SANS Secure Singapore 2020 | 16-28 March | https://www.sans.org/event/secure-singapore-2020

-- SANS OnDemand and vLive Training

Get an iPad Mini, a Samsung Galaxy Tab S2, or Take $300 Off through January 8 with OnDemand or vLive training.

https://www.sans.org/online-security-training/specials/

-- Can't travel? SANS offers online instruction for maximum flexibility

-- Live Daytime training with Simulcast - https://www.sans.org/simulcast

-- Evening training 2x per week for 6 weeks with vLive | https://www.sans.org/vlive

-- Anywhere, Anytime access for 4 months with OnDemand format | https://www.sans.org/ondemand/

-- Single Course Training

SANS Mentor | https://www.sans.org/mentor/about

Community SANS | https://www.sans.org/community/

-- View the full SANS course catalog and Cyber Security Skills Roadmap

https://www.sans.org/courses

https://www.sans.org/cyber-security-skills-roadmap

********************** Sponsored Links: ********************

1) Attend this free event in Austin, TX with discount code AUTO20: Automation & Orchestration Solutions Forum. http://www.sans.org/info/215145

2) Webcast January 14th at 1 PM ET: What Really Matters to Security Teams: Endpoint Security Priorities for 2020. http://www.sans.org/info/215150

3) Missed this webcast? Pivotal Platform - Getting Started with Native Runtime Protection for PAS. View here: http://www.sans.org/info/215155

============================================================

NOTABLE RECENT SECURITY ISSUES

SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Arbitrary code execution vulnerability in Citrix

Description: The Citrix Application Delivery Controller (ADC) and Citrix Gateway contain remote code execution vulnerability that could allow an attacker to infiltrate a large-scale LAN. The digital workspace and enterprise network vendor said the bug does not require the use of any credentials, so therefore could be carried out by anyone. Citrix released a set of measures to mitigate the vulnerability, including software updates. These products are installed in more than 150,000 companies' networks across the globe.

Reference: https://threatpost.com/critical-citrix-bug-80000-corporate-lans-at-risk/151444/

Snort SIDs: 52512, 51513

============================================================

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Russia's meddling in the 2016 American presidential election may trace back to a breach at a Florida tech company, according to a new report.

https://www.politico.com/news/magazine/2019/12/26/did-russia-really-hack-2016-election-088171

U.S. Congress passed a law aimed at cracking down on the companies and individuals behind robocalls, but the legislation is unlikely to actually help most users.

https://www.wsj.com/articles/washingtons-new-anti-robocall-law-wont-stop-the-calls-heres-why-11577367931

The British government apologized to the high-profile individuals whose information was leaked online, all of whom had received a prestigious award in the past, including Sir Elton John.

https://www.bbc.com/news/uk-50929543

New Orleans says it is raising its cyber insurance coverage in 2020 after a crippling ransomware attack in mid-December.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/new-orleans-cyber-insurance-plan/

Home security company Wyze says it mistakenly left 2.4 million users' information exposed over the course of three weeks, including email addresses, SSIDs and API tokens.

https://www.theverge.com/2019/12/30/21042974/wyze-server-breach-cybersecurity-smart-home-security-camera

A government agency in South Korea is launching an investigation into the TikTok social media app after an official raised concerns about how the Chinese company behind the app handles personal data.

https://news.softpedia.com/news/security-risks-trigger-tiktok-investigation-in-south-korea-528726.shtml

Several individuals and groups have already filed lawsuits against Wawa after they say their credit card information was stolen and used in the data breach the gas station chain disclosed in December.

https://www.inquirer.com/business/wawa-data-breach-class-action-lawsuit-20191226.html

A deadline in Russia is quickly approaching that would require smart device manufacturers to install Russian-made software on their devices before they can hit store shelves, including a web browser that would restrict access to some social media apps.

https://www.hollywoodreporter.com/news/new-russian-legislation-targets-apple-facebook-twitter-netflix-1264747

=========================================================

MOST PREVALENT MALWARE FILES Dec. 26 - Jan. 2:

COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3

MD5: 47b97de62ae8b2b927542aa5d7f3c858

VirusTotal: https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/details

Typical Filename: qmreportupload.exe

Claimed Product: qmreportupload

Detection Name: Win.Trojan.Generic::in10.talos

SHA 256: 1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871

MD5: c2406fc0fce67ae79e625013325e2a68