Learn cyber security skills you can implement immediately! Seven courses offered Jan. 20-25 in Anaheim, CA

Newsletters: @RISK

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data

A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.

April 18, 2019

=============================================================

     @RISK: The Consensus Security Vulnerability Alert

                April 18, 2019 - Vol. 19, Num. 16


Providing a reliable, weekly summary of newly discovered attack vectors,

vulnerabilities with active exploits, and explanations of how recent

attacks worked


Archived issues may be found at http://www.sans.org/newsletters/at-risk


=============================================================


CONTENTS:

NOTABLE RECENT SECURITY ISSUES

INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE

MOST PREVALENT MALWARE FILES April 11 - 17

============================================================


TOP VULNERABILITY THIS WEEK: Internet Explorer vulnerability could allow attackers to steal files


******************** Sponsored By Ixia *******************


Webcast, April 24th, 1 PM ET:  SANS expert Serge Borso to review Ixia's Vision ONE(TM) platform and how it can provide enhanced #security for your organization.   http://www.sans.org/info/211843


============================================================

TRAINING UPDATE

 

-- SANS Security West 2019 | San Diego, CA | May 9-16 | https://www.sans.org/event/security-west-2019


-- SANSFIRE 2019 | Washington, DC | June 15-22 | https://www.sans.org/event/sansfire-2019


-- SANS Amsterdam May 2019 | May 20-25 | https://www.sans.org/event/amsterdam-may-2019


-- SANS San Antonio 2019 | May 28-June 2 | https://www.sans.org/event/san-antonio-2019


-- SANS London June 2019 | June 3-8 | https://www.sans.org/event/london-june-2019


-- Enterprise Defense Summit & Training 2019 | Redondo Beach, CA | June 3-10 | https://www.sans.org/event/enterprise-defense-summit-2019


-- Security Operations Summit 2019 | New Orleans, LA | June 24-July 1 | https://www.sans.org/event/security-operations-summit-2019


-- SANS Cyber Defence Canberra 2019 | June 24-July 13 | https://www.sans.org/event/cyber-defence-canberra-2019


-- SANS Cyber Defence Japan 2019 | July 1-13 | https://www.sans.org/event/cyber-defence-japan-2019


-- SANS OnDemand and vLive Training 

Get an iPad Mini, Surface Go, or Take $300 Off your OnDemand or vLive course. Offer ends May 1.

https://www.sans.org/online-security-training/specials/


-- Can't travel? SANS offers online instruction for maximum flexibility

-- Live Daytime training with Simulcast - https://www.sans.org/simulcast

-- Evening training 2x per week for 6 weeks with vLive | https://www.sans.org/vlive

-- Anywhere, Anytime access for 4 months with OnDemand format | https://www.sans.org/ondemand/ 


-- Single Course Training

SANS Mentor |  https://www.sans.org/mentor/about

Community SANS | https://www.sans.org/community/

 

-- View the full SANS course catalog and Cyber Security Skills Roadmap

https://www.sans.org/courses

https://www.sans.org/cyber-security-skills-roadmap


********************** Sponsored Links: ********************


1) Register to be one of the first to experience MGT516: Managing Security Vulnerabilities: Enterprise and Cloud - a new SANS course developed for CISOs, cybersecurity managers, and aspiring information security leaders.  Learn More:  http://www.sans.org/info/211848


2) What challenges do you face with incidents and breaches? Take the 2019 SANS Integrated Incident Response Survey and enter for a chance to win a $400 Amazon gift card.

http://www.sans.org/info/211853


3) Don't Miss "A Better Way to Answer the Question 'Are We Secure?"  Register:  http://www.sans.org/info/211858


============================================================


NOTABLE RECENT SECURITY ISSUES

SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP


Title: Zero-day in Internet Explorer could be exploited even if user isn't running web browser

Description: A vulnerability in the way Microsoft Internet Explorer handles MHT files. If a user were to open a specially crafted MHT file, an attacker could gain the ability to exfiltrate local files and carry out additional spying on locally installed program version information. The interaction could even be carried out automatically withou any user interaction.

Reference: https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/

Snort SIDs: 49799, 49800


Title: New HawkEye Reborn variant emerges after ownership change

Description: Over the past several months, Cisco Talos observed ongoing malware distribution campaigns attempting to leverage the latest version of the HawkEye keylogger/stealer, HawkEye Reborn v9, against organizations to steal sensitive information and account credentials for use in additional attacks and account compromise. HawkEye is a malware kit that has been around for several years and has seen continuous development and iterations since at least 2013. It is commonly sold on various hacking forums as a keylogger and stealer that can be used to monitor systems and exfiltrate information from those systems.

Reference: https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html

Snort SIDs: 49777 - 49779


============================================================


INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY


Law enforcement agencies are increasingly using location data from Google to track down lists of potential suspects, often wrapping up innocent parties in investigations.

https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html


A new spear-phishing campaign targeted members of Ukraine's military and government, a continuation of an attack from 2014. 

https://www.fireeye.com/blog/threat-research/2019/04/spear-phishing-campaign-targets-ukraine-government.html


WikiLeaks founder Julian Assange's arrest drew mixed reactions from U.S. researchers and politicians. Some politicians want greater investigation into his actions, while others are worried about the potential impact this could have on future prosecutions against journalists.

https://www.politico.com/newsletters/morning-cybersecurity/2019/04/12/whats-next-for-julian-assange-581816


Ecuador said it was targeted by 40 million cyber attacks Saturday after Assange's arrest. Assange was being held in the Ecuadorian embassy in the U.K.

http://www.securityweek.com/ecuador-says-hit-40-million-cyber-attacks-assange-arrest


Several fake apps that claim to help users increase their number of Instagram followers are actually stealing their login credentials.

https://threatpost.com/fake-instagram-apps-google-play/143786/


A massive outsourcing company in India says it's investigating a possible breach of its own IT systems.

https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/


=========================================================


RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE 

COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM


This is a list of recent vulnerabilities for which exploits are

available. System administrators can use this list to help in

prioritization of their remediation activities. The Qualys Vulnerability

Research Team compiles this information based on various exploit

frameworks, exploit databases, exploit kits and monitoring of internet

activity.


ID:

7.1 (AV:N/AC:H/Au:S/C:C/I:C/A:C)



ID:

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

CVSS v2 Base Score:

CVSS v2 Base Score:

CVSS v2 Base Score:

CVSS v2 Base Score:

CVSS v2 Base Score:

CVSS v2 Base Score:

free posters) or to update a current subscription, visit

https://www.sans.org/account


SANS Institute, 8120 Woodmont Ave., Suite 310, Bethesda, MD 20814-2743