Upload File

weekly it security bulletin 01 march 2019c2csmartcompliance.com/wp-content/uploads/2018/11/... ·...

  • Home
  • Documents
  • WEEKLY IT SECURITY BULLETIN 01 March 2019c2csmartcompliance.com/wp-content/uploads/2018/11/... · 03/01/2019  · things you can track down in the Deep, including a DIY vasectomy
1
WEEKLY IT SECURITY BULLETIN 01 March 2019 Threat Level’s explained GREEN or LOW indicates a low risk. BLUE or GUARDED indicates a general risk of increased hacking, virus, or other malicious activity. YELLOW or ELEVATED indicates a significant risk due to increased hacking, virus, or other malicious activity that compromises systems or diminishes service. ORANGE or HIGH indicates a high risk of increased hacking, virus, or other malicious cyber activity that targets or compromises core infrastructure, causes multiple service outages, causes multiple system compromises, or compromises critical infrastructure. RED or SEVERE indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread outages and/or significantly destructive compromises to systems with no known remedy or debilitates one or more critical infrastructure sectors. Author: Chris Bester For Reporting Cyber Crime go to the Internet Crime Complaint Center (IC3) www.ic3.gov TOP Vulnerabilities listed last week in the USA # KNOWN AS (%) 1 Exploit.MSOffice.CVE-2017- 11882.gen 52.90% 2 Exploit.Script.Generic 27.55% 3 Exploit.Win32.CVE-2017-11882.gen 4.38% 4 Exploit.MSOffice.CVE-2017-11882.b 4.26% 5 Exploit.Java.Generic 0.70% 6 Exploit.AndroidOS.Lotoor.a 0.66% 7 Exploit.MSOffice.CVE-2018- 0802.gen 0.49% 8 Exploit.MSOffice.CVE-2017- 8570.gen 0.44% 9 Exploit.Script.CVE-2018-8174.a 0.31% 10 Exploit.MSOffice.Oleink.a 0.30% Source: Kaspersky Labs On February 13, 2019, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in PHP, Apple, Adobe, Microsoft, and Mozilla products. (Still no update from CIS at the time of publication, this means that the alert level will remain unchanged) What is the “Darknet” or “Deep Web”? I recently posted a news article that spoke about a database of more that 2.2 billion stolen private credentials that were for sale on the darknet. So, what is this Darknet everyone is speaking about? - Wikipedia describes the Darknet as follows: “Dark Net (or Darknet) is an umbrella term describing the portions of the Internet purposefully not open to public view or hidden networks whose architecture is superimposed on that of the Internet. "Darknet" is often associated with the encrypted part of the Internet called Tor network where illicit trading takes place such as the infamous online drug bazaar called Silk Road. It is also considered part of the Deep Web. Anonymous communication between whistle - blowers, journalists and news organisations is facilitated by the "Darknet" Tor network through use of applications including Secure Drop.” The term “dark net” was originally coined in the starting days of the Internet and it described computers on ARPANET that were hidden from normal web browsing and was basically designed to listen and receive but never responded back. These machines were in the dark so to speak and only accessible by those few who knew the location and access credentials/methods to get to them. The Internet, or “visible” public network consists of millions of websites distinguished by their unique web address names or URL’s (Uniform Resource Locator) that is searchable through search engines like Google, Yahoo, Bing and many more. As we all know, the internet is a massive repository of information and databases in various formats and forms. This “visible” Internet however, represents only a small portion of all websites, the Deep Web lurking in the dark, represents approximately 90 percent of all websites and that is only a rough estimate. An article by ZDNet a while back stated that in fact, this hidden Web is so large that it's impossible to discover exactly how many pages or sites are active at any one time. Following is an extract of an article from Kaspersky: (1) Defining the Deep/Dark Web - There are a number of terms surrounding the non - visible Web, but it's worth knowing how they differ if you're planning to browse off the beaten path. According to PC Advisor, the term "Deep Web" refers to all Web pages that that are unidentifiable by search engines. The "Dark Web," meanwhile, refers to sites with criminal intent or illegal content, and "trading" sites where users can purchase illicit goods or services. In other words, the Deep covers everything under the surface that's still accessible with the right software, including the Dark Web. (2) Use and Misuse - For some users, the Deep Web offers the opportunity to bypass local restrictions and access TV or movie services that may not be available in their local areas. Others go deep to download pirated music or grab movies that aren't yet in theatres. At the dark end of the Web, meanwhile, things can get scary, salacious and just plain...strange. As noted by The Guardian, for example, credit card data is available on the Dark Web for just a few dollars per record, while ZDNet notes that anything from fake citizenship documents to passports and even the services of professional hit men is available if you know where to look. Interested parties can also grab personal details and leverage them to blackmail ordinary Internet users. Vast amounts of stolen account data, including real names, addresses and phone numbers; ended up on the Dark Web for sale. Illegal drugs are also a popular draw on the Dark Web. As noted by Motherboard, drug marketplace the Silk Road; which has been shut down, replaced, shut down again and then rebranded. They offer any type of substance in any amount to interested parties. Hacking tools, custom made viruses and any cyber criminal resources can be found with minimal effort. Business Insider, meanwhile also details some of the strange things you can track down in the Deep, including a DIY vasectomy kit and a virtual scavenger hunts that culminated in the "hunter" answering a NYC payphone at 3 a.m. (3) Real Risks - Thanks to the use of encryption and anonymization tools by both users and websites, there's virtually no law enforcement presence down in the Dark. This means anything, even material well outside the bounds of good taste and common decency, can be found online. This includes offensive, illegal "adult" content that would likely scar the viewer for life. According to some articles, a large portion of Dark Web hits are connected to paedophilia and child pornography. Here, the notion of the Dark as a haven for privacy wears thin and shores up the notion that if you do choose to go Deep, always restrict access to your Tor - enabled device so children or other family members aren't at risk of stumbling across something no one should ever see. Visit the Deep Web if you're interested but do yourself a favour: don't let kids anywhere near it and tread carefully, it's a long way down. You can read the full Kaspersky article here : https://usa.kaspersky.com/resource-center/threats/deep-web In The News This Week Thailand passes internet security law decried as 'cyber martial law’ Thailand’s military-appointed parliament on Thursday passed a controversial cybersecurity law that gives sweeping powers to state cyber agencies, despite concerns from businesses and activists over judicial oversight and potential abuse of power. The Cybersecurity Act, approved unanimously, is the latest in a wave of new laws in Asian countries that assert government control over the internet. Civil liberties advocates, internet companies and business groups have protested the legislation, saying it would sacrifice privacy and the rule of law, and warning compliance burdens could drive foreign businesses out of Thailand. The military government has pushed for several laws it said would support the country’s digital economy, including an amendment to the Computer Crime Act in 2017, which has been used to crack down on dissent. Internet freedom activists have called the legislation a “cyber martial law,” as it encompasses all procedures from everyday encounters of slow internet connections to nationwide attacks on critical infrastructure. If a cybersecurity situation reached a critical level, the legislation allows the military-led National Security Council to override all procedures with its own law. (Read the full Reuters Article here: https://www.reuters.com/) Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal, WordPress, and others] to hack thousands of websites and wireless routers, and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking, to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background. Now, while explaining the reason to shut down in a note published on its website yesterday, the Coinhive team said mining Monero via internet browsers is no longer "economically viable.“ "The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the 'crash' of the cryptocurrency market with the value of XMR depreciating over 85% within a year," the service said. "This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive.“ So users who have an account on Coinhive website with above the minimum payout threshold balance can withdraw funds from their accounts before April 30, 2019 . Though Coinhive was launched as a legitimate service for website administrators to alternative generate more revenue from their websites, its extreme abuse in cyber criminals activities forced tech companies and security tools to label it as "malware" or "malicious tool.“ To prevent cryptojacking by browser extensions that mine digital currencies without users' knowledge, last year Google also banned all cryptocurrency mining extensions from its Chrome Web Store. A few months after that Apple also banned all cryptocurrency mining apps from its official app store. (Read the full story by Wang Wei here: https://thehackernews.com/ ) Source: Kaspersky Labs

Upload: others

Post on 21-Sep-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: WEEKLY IT SECURITY BULLETIN 01 March 2019c2csmartcompliance.com/wp-content/uploads/2018/11/... · 03/01/2019  · things you can track down in the Deep, including a DIY vasectomy

WEEKLY IT SECURITY BULLETIN01 March 2019

Threat Level’s explained• GREEN or LOW indicates a low risk.

• BLUE or GUARDED indicates a general risk of increased hacking, virus, or other malicious activity.

• YELLOW or ELEVATED indicates a significant risk due to increased hacking, virus, or other malicious

activity that compromises systems or diminishes service.

• ORANGE or HIGH indicates a high risk of increased hacking, virus, or other malicious cyber activity that

targets or compromises core infrastructure, causes multiple service outages, causes multiple system

compromises, or compromises critical infrastructure.

• RED or SEVERE indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread

outages and/or significantly destructive compromises to systems with no known remedy or debilitates

one or more critical infrastructure sectors.

Author: Chris Bester

For Reporting Cyber Crime go to the Internet Crime Complaint Center

(IC3) www.ic3.gov

TOP Vulnerabilities listed last week in the USA

# KNOWN AS (%)

1Exploit.MSOffice.CVE-2017-11882.gen

52.90%

2 Exploit.Script.Generic 27.55%

3 Exploit.Win32.CVE-2017-11882.gen 4.38%

4 Exploit.MSOffice.CVE-2017-11882.b 4.26%

5 Exploit.Java.Generic 0.70%

6 Exploit.AndroidOS.Lotoor.a 0.66%

7Exploit.MSOffice.CVE-2018-0802.gen

0.49%

8Exploit.MSOffice.CVE-2017-8570.gen

0.44%

9 Exploit.Script.CVE-2018-8174.a 0.31%

10 Exploit.MSOffice.Oleink.a 0.30%

Source: Kaspersky Labs

On February 13, 2019, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in PHP, Apple, Adobe, Microsoft, and Mozilla products. (Still no update from CIS at the time of publication, this means that the alert level will remain unchanged)

What is the “Darknet” or “Deep Web”? I recently posted a news article that spoke about a database of more that 2.2 billion stolen private credentials that were for sale on the darknet. So, what is this Darknet everyone is speaking about? - Wikipedia describes the Darknet as follows: “Dark Net (or Darknet) is an umbrella term describing the portions of the Internet purposefully not open to public view or hidden networks whose architecture is superimposed on that of the Internet. "Darknet" is often associated with the encrypted part of the Internet called Tor network where illicit trading takes place such as the infamous online drug bazaar called Silk Road. It is also considered part of the Deep Web. Anonymous communication between whistle-blowers, journalists and news organisations is facilitated by the "Darknet" Tor network through use of applications including Secure Drop.” The term “dark net” was originally coined in the starting days of the Internet and it described computers on ARPANET that were hidden from normal web browsing and was basically designed to listen and receive but never responded back. These machines were in the dark so to speak and only accessible by those few who knew the location and access credentials/methods to get to them. The Internet, or “visible” public network consists of millions of websites distinguished by their unique web address names or URL’s (Uniform Resource Locator) that is searchable through search engines like Google, Yahoo, Bing and many more. As we all know, the internet is a massive repository of information and databases in various formats and forms. This “visible” Internet however, represents only a small portion of all websites, the Deep Web lurking in the dark, represents approximately 90 percent of all websites and that is only a rough estimate. An article by ZDNet a while back stated that in fact, this hidden Web is so large that it's impossible to discover exactly how many pages or sites are active at any one time.Following is an extract of an article from Kaspersky: (1) Defining the Deep/Dark Web - There are a number of terms surrounding the non-visible Web, but it's worth knowing how they differ if you're planning to browse off the beaten path. According to PC Advisor, the term "Deep Web" refers to all Web pages that that are unidentifiable by search engines. The "Dark Web," meanwhile, refers to sites with criminal intent or illegal content, and "trading" sites where users can purchase illicit goods or services. In other words, the Deep covers everything under the surface that's still accessible with the right software, including the Dark Web. (2) Use and Misuse - For some users, the Deep Web offers the opportunity to bypass local restrictions and access TV or movie services that may not be available in their local areas. Others go deep to download pirated music or grab movies that aren't yet in theatres. At the dark end of the Web, meanwhile, things can get scary, salacious and just plain...strange. As noted by The Guardian, for example, credit card data is available on the Dark Web for just a few dollars per record, while ZDNet notes that anything from fake citizenship documents to passports and even the services of professional hit men is available if you know where to look. Interested parties can also grab personal details and leverage them to blackmail ordinary Internet users. Vast amounts of stolen account data, including real names, addresses and phone numbers; ended up on the Dark Web for sale. Illegal drugs are also a popular draw on the Dark Web. As noted by Motherboard, drug marketplace the Silk Road; which has been shut down, replaced, shut down again and then rebranded. They offer any type of substance in any amount to interested parties. Hacking tools, custom made viruses and any cyber criminal resources can be found with minimal effort. Business Insider, meanwhile also details some of the strange things you can track down in the Deep, including a DIY vasectomy kit and a virtual scavenger hunts that culminated in the "hunter" answering a NYC payphone at 3 a.m. (3) Real Risks - Thanks to the use of encryption and anonymization tools by both users and websites, there's virtually no law enforcement presence down in the Dark. This means anything, even material well outside the bounds of good taste and common decency, can be found online. This includes offensive, illegal "adult" content that would likely scar the viewer for life. According to some articles, a large portion of Dark Web hits are connected to paedophilia and child pornography. Here, the notion of the Dark as a haven for privacy wears thin and shores up the notion that if you do choose to go Deep, always restrict access to your Tor-enabled device so children or other family members aren't at risk of stumbling across something no one should ever see. Visit the Deep Web if you're interested but do yourself a favour: don't let kids anywhere near it and tread carefully, it's a long way down.

You can read the full Kaspersky article here : https://usa.kaspersky.com/resource-center/threats/deep-web

In The News This WeekThailand passes internet security law decried as 'cyber martial law’Thailand’s military-appointed parliament on Thursday passed a controversial cybersecurity law that gives sweeping powers to state cyber agencies, despite concerns from businesses and activists over judicial oversight and potential abuse of power. The Cybersecurity Act, approved unanimously, is the latest in a wave of new laws in Asian countries that assert government control over the internet. Civil liberties advocates, internet companies and business groups have protested the legislation, saying it would sacrifice privacy and the rule of law, and warning compliance burdens could drive foreign businesses out of Thailand. The military government has pushed for several laws it said would support the country’s digital economy, including an amendment to the Computer Crime Act in 2017, which has been used to crack down on dissent. Internet freedom activists have called the legislation a “cyber martial law,” as it encompasses all procedures from everyday encounters of slow internet connections to nationwide attacks on critical infrastructure. If a cybersecurity situation reached a critical level, the legislation allows the military-led National Security Council to override all procedures with its own law. (Read the full Reuters Article here: https://www.reuters.com/)

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal, WordPress, and others] to hack thousands of websites and wireless routers, and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking, to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background. Now, while explaining the reason to shut down in a note published on its website yesterday, the Coinhive team said mining Monero via internet browsers is no longer "economically viable.“ "The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the 'crash' of the cryptocurrency market with the value of XMR depreciating over 85% within a year," the service said. "This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive.“So users who have an account on Coinhive website with above the minimum payout threshold balance can withdraw funds from their accounts before April 30, 2019. Though Coinhive was launched as a legitimate service for website administrators to alternative generate more revenue from their websites, its extreme abuse in cyber criminals activities forced tech companies and security tools to label it as "malware" or "malicious tool.“ To prevent cryptojacking by browser extensions that mine digital currencies without users' knowledge, last year Google also banned all cryptocurrency mining extensions from its Chrome Web Store. A few months after that Apple also banned all cryptocurrency mining apps from its official app store. (Read the full story by Wang Wei here: https://thehackernews.com/ )

Source: Kaspersky Labs

https://thehackernews.com/

WEEKLY IT SECURITY BULLETIN 19 April 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2019-04-23 · WEEKLY IT SECURITY BULLETIN 19 April 2019 Threat Level’s explained

Vasectomy and Female Sterilisation Services · Health Risks associated with sterilisation • Vasectomy: Vasectomy is generally considered a safe procedure. • Female sterilisation

Vasectomy Dr. Eben

Circumcision & Vasectomy Jelena Marinković Mentor: A. Žmegač Horvat 1

Surgical Atlas Vasovasostomydrguilhermeleme.com.br/wp-content/uploads/2016/01/atlas...vasectomy reversal [2–4], the most common indication for reconstructive microsurgery. Other

Jurnal Vasectomy

12nonsurgicalaspectsofsterilization · traception safer. cheaper, more comfortable, and less ... counseling was encouraged and vasectomy service of- fered along with female sterilization

Wright-Williams et al (2013) Effects of vasectomy & buprenorphine on cort and behaviour in C57 and C3H Mice

Can a vasectomy be reversed? Patient Guide for Vasectomy · 2017. 3. 14. · Do vasectomies cause any side effects? Safe and simple for men of all ages who desire permanent sterility,

WEEKLY IT SECURITY BULLETIN 1 February 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly-Stor… · WEEKLY IT SECURITY BULLETIN 1 February 2019 Threat Level’s explained

Vasectomy reversal surgery in India: Get it

NEW EVIDENCE ON VASECTOMY AND MALE INVOLVEMENT IN FAMILY PLANNING IN RWANDA Joshua Davis, MSPH

Title Microsurgical two-layer vasovasotomyの経験 …repository.kulib.kyoto-u.ac.jp/dspace/bitstream/2433/...Key word: Microsurgical vasovasostomy (vasectomy reversal) 386

Contraception Potpourri. Sterilization Sterilization: Vasectomy Vasectomy blocks sperm from traveling through the vas deferens, preventing sperm from

vasectomy leaflet WJC - stocksurgery.co.uk · (0 qo SPOfT$ n gaGC(01JJÀ psa Àorr S bGLIJJSIJGIJ( IJJG(POCI COIJtLSCGb(101J. qoca IJO$ (3: SI.G SqhSIJtSKGe 01 ASaGC(01Jñ3 occrrr

An Updates on Techniques of Microsurgical Vasectomy ...vitro fertilization)/ICSI (Intracytoplasmic injection). Still the success of Vasectomy reversal is based on good clinical judgement,

Common Questions about Vasectomy - AAFP HomeCommon Questions About Vasectomy BRIAN Z. RAYALA, MD, and ANTHONY J. VIERA, MD, MPH University of North Carolina School of Medicine, Chapel

WEEKLY IT SECURITY BULLETIN 13 December 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2019. 12. 13. · WEEKLY IT SECURITY BULLETIN 13 December 2019 Threat Level’s

CURRICULUM VITAE: 06/01/2014 Rick Chavez, M.D. · PDF fileCURRICULUM VITAE: 06/01/2014 Rick Chavez, ... ASSISTANT CLINICAL PROFESSOR OF FAMILY MEDICINE ... and Vasectomy, Newborn circumcision

Public views on our proposals to restrict access to ...test.bathandnortheastsomersetccg.nhs.uk/assets/... · restrict access to fertility, vasectomy and sterilisation services Full

World Vasectomy Day...good? From that simple idea, World Vasectomy Day launched on May 9, 2012. Tubukoreye Today, six years later, with over 1 ,200 providers in 50+ countries doing

2. anatomi dan fisiologi gen pria (vasectomy)140709

CONTENT Sl. No. Page No. ItemsChhaya - Centchroman (weekly pills) Female sterilization - Mini-lap, Laparoscopic, Puperal Sterilization, Male Sterilization - Conventional Vasectomy,

Current status of vasectomy reversalandrologie-zentrum.de/wp-content/uploads/2011/05/nrurol...Vasectomy reversal is more cost ‑effective than assisted reproduction techniques (ART)

Portable model for vasectomy reversal training...IBJU | VASECTOMY REVERSAL TRAINING 1014 standard procedure, with patency and pregnancy rates of up to 89.4% and 73.0% respectively

Vasectomy وازکتومی NSV

· PDF fileUROLOGY CLINICS OF NORTH TEXAS UROLOGYCLINICS.COM Specializing in: Prostate Bladder Kidney Testicular Cancers Vasectomy Vasectomy Reversal Urinary

10 Key Aspects of A Vasectomy Reversal Clinic

Packet Mar2015.pdf · FACTS ABOUT VASECTOMY What is a vasectomy? As you probably know already, a vasectomy is a surgical procedure that renders a man sterile. What you may not know

Vasectomy ligation of vas deferens prevent the passage of ...doctor2016.jumedicine.com/wp-content/uploads/sites/6/2019/01/lhgd.pdf · You must be careful when you use hormonal contraceptive

No-Scalpel Vasectomy - Trainer's Guide

Fibrin Glue Vasectomy Reversal®. Who am I? Why am I here?

Don’t Get Faked Out: 9 Must Know Vasectomy Facts

WEEKLY IT SECURITY BULLETIN 18 January 2019c2csmartcompliance.com/wp-content/uploads/2018/11/Weekly... · 2019-01-18 · WEEKLY IT SECURITY BULLETIN 18 January 2019 Threat Level’s

Opinion study on Vasectomy, Sterilized Version of Male