Tor Weaponized to Steal Bitcoin

A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
Source: DarkReading
Tor Weaponized to Steal Bitcoin

In A Crowded Endpoint Security Market, Consolidation Is Underway

Experts examine the drivers pushing today’s endpoint security market to consolidate as its many players compete to meet organizations’ changing demands and transition to the cloud.
Source: DarkReading
In A Crowded Endpoint Security Market, Consolidation Is Underway

US Girl Scouts Launch First National Cybersecurity Challenge

US Girl Scouts Launch First National Cybersecurity Challenge

Girls across the United States of America will take part in the country’s first ever National Girl Scouts Cyber Challenge tomorrow. 



Over 3,000 girls have signed up to practice their cybersecurity skills by solving a hypothetical ransomware attack on a moon base. Participants will form an incident response team that must find out who hacked the system and how they did it.



The adrenaline-filled simulation will incorporate both “plugged” stations that will require the girls to utilize traditional coding and hacking skills on laptops and tablets, as well as “unplugged” stations where they must solve written codes. 



The exciting event will allow girls to gain first-hand experience of how coding and cybersecurity are applied in the real world. No prior cybersecurity experience is necessary to take part, as organizers hope to inspire girls who haven’t ever tried their hand at cybersecurity to give it a go and see if they like it. 



The challenge is being piloted at participating councils in Georgia, Colorado, Maryland, Texas, California, Arizona, Alabama, Ohio, Massachusetts, and Florida. If it proves successful, Girl Scouts of the USA (GSUSA) plans to roll the event out to all 111 of their councils.  



Presenting the challenge is US defense contractor Raytheon, which in November 2018 committed to a multi-year partnership with GSUSA to encourage girls to pursue computer science careers. Last year, with Raytheon’s support, GSUSA launched its first ever national computer science program for middle and high school girls.



A spokesperson for Raytheon said: “Our future needs innovators, engineers and cybersecurity experts and we’re finding them right here in today’s Girl Scouts. They are cracking cyber challenges while fulfilling their potential. 



“Thanks to events like the Girl Scouts Cyber Challenge brought to you by Raytheon, more girls are seeing themselves as tomorrow’s innovators, engineers, cybersecurity experts and tech leaders.”



A spokesperson for GSUSA said: “Raytheon is collaborating with Girl Scouts to help close the gender gap in STEM fields by helping prepare girls to pursue careers in fields like cybersecurity, computer science, artificial intelligence, and robotics. 



“Together, Raytheon and Girl Scouts are reaching girls during formative school years, where research shows peer pressure can sometimes deter girls from pursing their interest in STEM.” 


Source: Infosecurity
US Girl Scouts Launch First National Cybersecurity Challenge

CVE-2019-17393

The Customer’s Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.
Source: NIST
CVE-2019-17393

CVE-2019-17367

OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
Source: NIST
CVE-2019-17367

CVE-2019-17526

** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__(‘os’).popen(‘whoami’).read() line. NOTE: the vendor’s position is that the product is “vulnerable by design” and the current behavior will be retained.
Source: NIST
CVE-2019-17526

Italians Rocked by Ransomware

Italians Rocked by Ransomware

Italy is experiencing a rash of ransomware attacks that play dark German rock music while encrypting victims’ files. 



The musical ransomware, called FTCode, was detected by security analysts at AppRiver in malicious email campaigns directed at Italian Office 365 customers. 



Targeted inboxes have received emails with malicious content posing as resumes, invoices, or documents scans. The emails include a Visual Basic script (.vbs) file that downloads and blasts out Rammstein hits while encrypting files on the victim’s computer. 



“The .vbs file initially launches PowerShell to download and play an mp3 file from archive.org. At first glance, we suspected it was just a renamed file extension for malware, a common practice to help evade some network gateways. However, we were amused to find it launches a Rammstein song mix,” wrote AppRiver researchers.



As victims are treated to rousing renditions of “Du Hast” and “Engel,” the script reaches out to a different domain to pull down a Jasper malware loader. This .vbs file enables threat actors to load additional malware of their choosing.



Once the files on the user’s computer have been encrypted, a note is left on the victim’s desktop, directing the user to download, install, and visit an onion site for further instructions. 



In an attempt to establish trust with the user and show that decryption is actually possible, the onion site offers the visitor a chance to test file decryption with one file before they pay the full ransom. 



The cost of the ransom is set at $500 if paid within the first three days, after which it rapidly increases to $25,000. 



David Pickett, security analyst at AppRiver, warned users not to take risks on links sent by strangers and to be particularly wary of any content that asks to be enabled. 



He said: “Users should be vigilant to never click on or open unsolicited links or documents, especially with file types they aren’t familiar with, such as script files (.vbs, .js, .ps1, .bat, etc.).  



“Any Office file that, once opened, urges the user to Enable Content or Enable Editing should be treated with the utmost caution and verified from the sender out of band before doing so. If the file is malicious, enabling content or editing disables Microsoft’s protected view and can allow a malicious payload contained within to execute.”  


Source: Infosecurity
Italians Rocked by Ransomware

CVE-2019-17207

A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action.
Source: NIST
CVE-2019-17207

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.
Source: NIST
CVE-2019-15900

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids.
Source: NIST
CVE-2019-15901