News – BU-CERT

Stable Channel Update for Desktop

Posted on 13 December 2018

From chromereleases.googleblog.com

The stable channel has been updated to 71.0.3578.98 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.

Security Fixes and Rewards

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix contributed by external researchers. Please see the Chrome Security Page for more information.

[$6000][901654] High CVE-2018-17481: Use after free in PDFium. Reported by Anonymous on 2018-11-04

(This issue was first addressed in the initial Stable release of Chrome 70, but received additional fixes in this release)

A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Hackers Actively Exploiting the Recently Patched Windows kernel Zero-day Vulnerability in Wild

Posted on 13 December 2018

From gbhackers.com

Threat actors exploiting the recently patched Windows Kernel Privilege Escalation Vulnerability (CVE-2018-8611) that allows attackers to run arbitrary code in kernel mode and install program with admin privileges.

The vulnerability is due to the improper file execution operations in the kernel mode. Security researchers from Kaspersky uncovered the zero-day vulnerability and it has been reported to Microsoft on October 29, 2018, and Microsoft patched with December security update.

A number of APT groups use the exploit including FruityArmor, CHAINSHOT, and the newly discovered SandCat.

UK white hats blacklisted by Cisco Talos after smart security code stumbles

Posted on 13 December 2018

From theregister.co.uk

UK security training company Hacker House briefly had its site blocked after being mistaken for malware by Cisco’s security wing Talos’ smart “threat intelligence” software.

Hacker House runs training classes on ethical hacking and defense techniques, as well as its own business security services in areas like penetration testing or network analysis. But on Wednesday morning things started to go awry.

The company’s training programs include things like security sandboxes and hands-on with code samples. This, apparently, triggered the Talos service to label the site as malicious and block it for customers.

Hacker House co-founder Matthew ‘Hacker Fantastic’ Hickey told The Register the issue began when some of his customers had reported being unable to access his site.

Deception technology: Authenticity and why it matters

Posted on 13 December 2018

From helpnetsecurity.com

This article is the second in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of the central role that authenticity plays in the establishment of deception as a practical defense and cyber risk reduction measure.

Requirements for authenticity in deception

The over-arching goal for any cyber deception system is to create target computing and networking systems and infrastructure that will be indistinguishable by an adversary from actual assets – including both live production and test environments. While this would seem an obvious consideration, it turns out to be quite challenging technically to build such deception in practice. Except for Attivo Networks, others will attempt to do achieve this through emulation.

The system attribute that best achieves this goal is authenticity, because once a human or automated malicious actor gains access to a planted deceptive system – whether purposefully or incidentally – no evidence should exist that a decoy or trap has been reached. It is also insufficient to suppress only obvious forms of evidence. Subtle indicators of inauthenticity often found in low-interaction, emulated environments are also unacceptable, especially in the presence of a capable adversary.

87 Vulnerabilities Fixed With Adobe December Security Update for Acrobat and Reader

Posted on 13 December 2018

From gbhackers.com

Adobe released security updates that fix 87 vulnerabilities with Acrobat and Reader for MacOS and Windows. The update covers both the critical and important vulnerabilities.

Successful exploitation of the vulnerability leads to arbitrary code execution with the context of the current user.

Critical Code Execution

The security update fixes multiple critical code execution flaws, that includes two buffer overflow vulnerability, two Untrusted pointers dereference, 4 Out-of-bounds write vulnerability, 3 Heap Overflow flaws and 24 Use After Free vulnerabilities.

Information Disclosure

Security update fixes multiple Information Disclosure vulnerabilities that include 43 out-of-bounds read flaws, Security Bypass, and four Integer Overflow Vulnerability. Here

Adobe also fixed the vulnerability(CVE-2018-15982) in Flash Player last week which was exploited in wild to execute the malicious flash object into victims machine.

The attackers primarily targeted Russian state healthcare clinic through the crafted document that contains several pages in order to forge employee to open it and exploiting this Flash 0day vulnerability.

Unlocking the potential of Big Data

Posted on 12 December 2018

From itproportal.com

As machine learning and predictive analytics become more sophisticated, companies can base decisions on evidence, and deep learning will push the boundaries even more, with better problem-solving and language comprehension. Are you ready?

Experts predict that the universe of data—or ‘dataverse’—will reach 180 zettabytes by 2025. It’s a truly mind-boggling number, highlighting the exponential growth of big data. Bernard Marr, author of Data Strategy: How to Profit from a World of Big Data, Analytics and The Internet of Things, offers some perspective, noting that 90 per cent of existing data in the world has been generated in the last two years.

Unfortunately, the volume and variety of data available does not always equate to value.

How can companies harness big data effectively? Harvard University’s Gary King suggests that “Big data is not about the data!” Instead, he writes, “Although the increase in the quantity and diversity of data is breath-taking, data alone does not a Big Data revolution make. The progress in analytics making data actionable over the last few decades is also essential.” That’s where Artificial Intelligence (AI) comes in.

Password-less security arrives on macOS with HYPR

Posted on 12 December 2018

From helpnetsecurity.com

HYPR released its Employee Access solution for macOS. The addition of macOS marks a milestone in expanding enterprise-wide coverage of HYPR’s Decentralized Authentication Platform, enabling businesses to secure password-less access to corporate resources, eliminate credential reuse and stop phishing attacks while improving workforce productivity on a global scale.

With existing support for Windows 7, 8 and 10, the launch of MacOS rounds off the HYPR Employee Access offering and accelerates HYPR’s continued transformation of enterprise security.

Unlike authentication providers that rely on centralized passwords, HYPR moves user authentication keys to their personal mobile devices and secures them against malicious hackers. Decentralized Authentication eliminates the hackers’ favorite target – the centralized password store – forcing attackers to focus on each device individually and diffusing the mass credential breach.