Monthly Archives: December 2022

Advisories

DSA-5295 chromium – security update

Read Time:5 Second

A security issue was discovered in Chromium, which could result in the
execution of arbitrary code.

Read More

Advisories

CVE-2021-37533 (commons_net)

Read Time:27 Second

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

Read More

Advisories

Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability

Read Time:16 Second

Posted by Egidio Romano on Dec 03

——————————————————————
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
——————————————————————

[-] Software Link:

https://www.drupal.org/project/h5p

[-] Affected Versions:

Version 2.0.0-alpha2 and prior versions.
Version 7.x-1.50 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the…

Read More

News

‘Tis the Season for Holiday Scams

Read Time:3 Minute, 52 Second

This time of year, the air not only gets chillier but a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift givers. 

Here are three common holiday scams to watch out for this year, plus a few tips to help you stay safe online. 

1. Gift Card Cracking

Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts or social media direct messages to trick people into divulging gift card information. 

To avoid gift card cracking, encourage gift receivers to redeem their gift card quickly to shorten the amount of time a scammer has to guess the code correctly. Or, you could opt for a paper gift certificate from a small business that doesn’t require online redeeming at all. To avoid gift card phishing scams, do not engage with any type of correspondence that claims they can double the value of your gift card or claims that there’s a problem with it. Be instantly on alert if anyone asks for the activation code. If the gift card-issuing business really needs to replace your purchase, they’ll issue you a new code. They’ll never ask for your existing one. 

2. Last-minute Shopping Scams

Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant or shipping company.  

While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishers rely on people’s excitement or inattention to trick them into giving up their credit card or banking information. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry, there are often typos and grammar mistakes, and the tone of the message will seem “off.” Either it will sound very formal and impersonalized or it will sound very informal and seem pushy. 

To protect your finances during the holiday season, consider putting a lock on your credit. This is easy to do with McAfee credit lock. You can still use your credit card and shop as you normally would. A credit lock is useful because, in case a criminal gets ahold of your PII, they won’t be able to open lines of credit in your name. This protects your credit score, which is essential to keep in good standing if you hope to buy a house or take out a loan anytime soon. 

3. Social Media Ads and Fake Shopping Sites

Just because a “company” has an ad on Facebook or Instagram doesn’t mean that it’s a legitimate establishment. Before buying from an online store you’ve never heard of, do some background research on it and read customer reviews to make sure that it’s real and will deliver you a quality product.  

Take note of the online store’s URL before entering it. (You can preview the link by hovering over it with your cursor.) If the URL is a string of letters and numbers, it could be a malware site in disguise. One way to alert you to suspicious sites is McAfee Web Protection. Web Protection color codes links to identify potential malware and phishing sites and alert you to steer clear. 

Shop Safely This Holiday Season 

Your mind is already drawn in a bunch of different directions this holiday season (cooking, traveling, shopping, wrapping, tidying) so give yourself a respite from worrying about the safety of your identity and finances. McAfee+ Ultimate includes a VPN, Web Protection, credit lock, antivirus and more to cover all your bases to keep your devices and your PII safe. 

The post ‘Tis the Season for Holiday Scams appeared first on McAfee Blog.

Read More

Advisories

Alert (AA22-335A) #StopRansomware: Cuba Ransomware

Read Time:1 Minute, 58 Second

FortiGuard Labs is aware of that the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory for Cuba ransomware as part of their #StopRansomware effort. The advisory states that the number of organizations in the United States that were victimized by Cuba ransomware has increased since December 2021. Why is this Significant?This is significant because Cuba ransomware has reportedly victimized over 100 organizations across multiple industries including, but not limited to – infrastructure in the U.S. since December 2021 and extorted large sums of money from the victims.What is Cuba Ransomware?Cuba is a ransomware strain that has been around since at least 2019 and has reportedly victimized more than 100 organizations globally. According to the advisory, infection vectors used by the Cuba threat actors include emails, use of stolen credentials, RDP (Remote Desktop Protocol) session hijacking, exploitation of vulnerabilities such as CVE-2022-24521 and CVE-2020-1472. Also, the use of Hancitor malware was reportedly observed to deploy Cuba ransomware after victims’ network were breached.Once Cuba ransomware is deployed, it encrypts files on compromised machines, adds a “.cuba” file extension to the affected files, and drops a ransom note named “!! READ ME !!.txt”. The primary contact channel is Tox (a peer-to-peer instant messaging protocol). An alternative e-mail address is typically included in the ransom notes.FortiGuard Labs previously released a ransomware roundup blog on Cuba ransomware on August 18, 2022. See the Appendix for a link to “Alert (AA22-335A) #StopRansomware: Cuba Ransomware (CISA)”.What is the Status of Protection?FortiGuard Labs provides the following AV signatures for Cuba ransomware:W32/Agent.FEDD!trW32/Filecoder.OAE!trW32/Filecoder.OAE!tr.ransomW32/Filecoder.OHL!trW32/GenKryptik.EMOA!trW32/Injector.EQGY!trW32/Kryptik.HFMU!trW32/Kryptik.HGXH!trW32/PossibleThreatSome of the available files listed in the IOC section of the CISA advisory are detected by the following AV signatures:W32/Agent.ADBQ!trW64/Agent.CP!tr.dldrW32/GenKryptik.FSCS!trW32/PossibleThreatPossibleThreatPossibleThreat.PALLAS.HFortiGuard Labs provides the following IPS coverage for the vulnerabilities reportedly leveraged by Cuba ransomware threat actors:MS.Windows.CVE-2022-24521.Privilege.Elevation (CVE-2022-24521)MS.Windows.Server.Netlogon.Elevation.of.Privilege (CVE-2020-1472)FortiEDR protects customers from Cuba ransomware. See the Appendix for a link to “Threat Coverage: How FortiEDR protects against Cuba ransomware”.

Read More