Newsletters: @RISK

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data

A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.

January 2, 2020

=============================================================

     @RISK: The Consensus Security Vulnerability Alert

              January 02, 2020 - Vol. 20, Num. 01


Providing a reliable, weekly summary of newly discovered attack vectors,

vulnerabilities with active exploits, and explanations of how recent

attacks worked


Archived issues may be found at http://www.sans.org/newsletters/at-risk


=============================================================


CONTENTS:

NOTABLE RECENT SECURITY ISSUES

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

MOST PREVALENT MALWARE FILES Dec. 26 - Jan. 2

============================================================


TOP VULNERABILITY THIS WEEK: Bug in Citrix leaves corporate local networks open to attack


******************** Sponsored By SANS *******************


Attend SANS Open-Source Intelligence Summit | Alexandria, VA | February 18-24

Hear leading security practitioners and investigators share proven techniques and tools that can be applied to OSINT gathering and analysis. http://www.sans.org/info/215140


============================================================

TRAINING UPDATE

 

-- SANS Security East 2020 | New Orleans, LA | February 1-8 | https://www.sans.org/event/security-east-2020


-- SANS Threat Hunting & IR Summit & Training | London, UK | January 13-19, 2020 | https://www.sans.org/event/threat-hunting-europe-2020


-- SANS Tokyo January 2020 | January 20-25 | https://www.sans.org/event/tokyo-january-2020


-- SANS Amsterdam January 2020 | January 20-25 | https://www.sans.org/event/amsterdam-january-2020

    

-- SANS Scottsdale 2020 | February 17-22 | https://www.sans.org/event/scottsdale-2020


-- Open-Source Intelligence Summit & Training 2020 | Alexandria, VA | February 18-24 | https://www.sans.org/event/osint-summit-2020


-- SANS Northern VA-Reston Spring 2020 | March 2-7 | https://www.sans.org/event/northern-va-spring-reston-2020


-- Blue Team Summit & Training 2020 | Louisville, KY | March 2-9 | https://www.sans.org/event/blue-team-summit-2020


-- ICS Security Summit & Training 2020 | Orlando, FL | March 2-9 | https://www.sans.org/event/ics-security-summit-2020


-- SANS Secure Singapore 2020 | 16-28 March | https://www.sans.org/event/secure-singapore-2020


-- SANS OnDemand and vLive Training

Get an iPad Mini, a Samsung Galaxy Tab S2, or Take $300 Off through January 8 with OnDemand or vLive training.

https://www.sans.org/online-security-training/specials/


-- Can't travel? SANS offers online instruction for maximum flexibility

-- Live Daytime training with Simulcast - https://www.sans.org/simulcast

-- Evening training 2x per week for 6 weeks with vLive | https://www.sans.org/vlive

-- Anywhere, Anytime access for 4 months with OnDemand format | https://www.sans.org/ondemand/


-- Single Course Training

SANS Mentor |  https://www.sans.org/mentor/about

Community SANS | https://www.sans.org/community/

 

-- View the full SANS course catalog and Cyber Security Skills Roadmap

https://www.sans.org/courses

https://www.sans.org/cyber-security-skills-roadmap



********************** Sponsored Links: ********************


1) Attend this free event in Austin, TX with discount code AUTO20: Automation & Orchestration Solutions Forum. http://www.sans.org/info/215145


2) Webcast January 14th at 1 PM ET: What Really Matters to Security Teams: Endpoint Security Priorities for 2020. http://www.sans.org/info/215150


3) Missed this webcast? Pivotal Platform - Getting Started with Native Runtime Protection for PAS. View here: http://www.sans.org/info/215155


============================================================


NOTABLE RECENT SECURITY ISSUES

SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP


Title: Arbitrary code execution vulnerability in Citrix

Description: The Citrix Application Delivery Controller (ADC) and Citrix Gateway contain remote code execution vulnerability that could allow an attacker to infiltrate a large-scale LAN. The digital workspace and enterprise network vendor said the bug does not require the use of any credentials, so therefore could be carried out by anyone. Citrix released a set of measures to mitigate the vulnerability, including software updates. These products are installed in more than 150,000 companies' networks across the globe.

Reference: https://threatpost.com/critical-citrix-bug-80000-corporate-lans-at-risk/151444/

Snort SIDs: 52512, 51513


============================================================


INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY


Russia's meddling in the 2016 American presidential election may trace back to a breach at a Florida tech company, according to a new report.

https://www.politico.com/news/magazine/2019/12/26/did-russia-really-hack-2016-election-088171


U.S. Congress passed a law aimed at cracking down on the companies and individuals behind robocalls, but the legislation is unlikely to actually help most users.

https://www.wsj.com/articles/washingtons-new-anti-robocall-law-wont-stop-the-calls-heres-why-11577367931


The British government apologized to the high-profile individuals whose information was leaked online, all of whom had received a prestigious award in the past, including Sir Elton John.

https://www.bbc.com/news/uk-50929543


New Orleans says it is raising its cyber insurance coverage in 2020 after a crippling ransomware attack in mid-December.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/new-orleans-cyber-insurance-plan/


Home security company Wyze says it mistakenly left 2.4 million users' information exposed over the course of three weeks, including email addresses, SSIDs and API tokens.

https://www.theverge.com/2019/12/30/21042974/wyze-server-breach-cybersecurity-smart-home-security-camera


A government agency in South Korea is launching an investigation into the TikTok social media app after an official raised concerns about how the Chinese company behind the app handles personal data.

https://news.softpedia.com/news/security-risks-trigger-tiktok-investigation-in-south-korea-528726.shtml


Several individuals and groups have already filed lawsuits against Wawa after they say their credit card information was stolen and used in the data breach the gas station chain disclosed in December.

https://www.inquirer.com/business/wawa-data-breach-class-action-lawsuit-20191226.html


A deadline in Russia is quickly approaching that would require smart device manufacturers to install Russian-made software on their devices before they can hit store shelves, including a web browser that would restrict access to some social media apps.

https://www.hollywoodreporter.com/news/new-russian-legislation-targets-apple-facebook-twitter-netflix-1264747


=========================================================


MOST PREVALENT MALWARE FILES Dec. 26 - Jan. 2:

COMPILED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP


SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3

MD5: 47b97de62ae8b2b927542aa5d7f3c858

VirusTotal: https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/details

Typical Filename: qmreportupload.exe

Claimed Product: qmreportupload

Detection Name: Win.Trojan.Generic::in10.talos


SHA 256: 1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871

MD5: c2406fc0fce67ae79e625013325e2a68

VirusTotal: https://www.virustotal.com/gui/file/1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871/details

Typical Filename: SegurazoIC.exe

Claimed Product: Digital Communications Inc.

Detection Name: PUA.Win.Adware.Ursu::95.sbx.tg


SHA 256: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f

MD5: e2ea315d9a83e7577053f52c974f6a5a

VirusTotal: https://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/details

Typical Filename: c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin

Claimed Product: N/A

Detection Name: W32.AgentWDCR:Gen.21gn.1201


SHA 256: 252555d28366ea4d2d2066ea1f66b1250b7cc297a2b0066a595f5a2b240a0637

MD5: 3e1e9579a3b11547adc012d9b1caf273

VirusTotal: https://www.virustotal.com/gui/file/252555d28366ea4d2d2066ea1f66b1250b7cc297a2b0066a595f5a2b240a0637/details

Typical Filename: cloudnet.exe

Claimed Product: EpicNet Cloud Office

Detection Name: W32.252555D283-100.SBX.TG


SHA 256: d8b594956ed54836817e38b365dafdc69aa7e07776f83dd0f706278def8ad2d1

MD5: 56f11ce9119632ba360e5b3dd0a89acd

VirusTotal: https://www.virustotal.com/gui/file/d8b594956ed54836817e38b365dafdc69aa7e07776f83dd0f706278def8ad2d1/details

Typical Filename: xme64-540.exe

Claimed Product: N/A

Detection Name: W32.D8B594956E-100.SBX.TG


=============================================================


(c) 2019.  All rights reserved.  The information contained in this

newsletter, including any external links, is provided "AS IS," with no

express or implied warranty, for informational purposes only.


Please feel free to share this with interested parties via email, but

no posting is allowed on web sites. For a free subscription, (and for

free posters) or to update a current subscription, visit

https://www.sans.org/account


SANS Institute, 8120 Woodmont Ave., Suite 310, Bethesda, MD 20814-2743