Welcome back to another edition of the Weekly Security Bulletins. We have a lot to review this week. Without further due, let's dive into it.
Microsoft has addressed 93 vulnerabilities on this week's patches, including some major ones similar to that of BlueKeep vulnerability which are targeting the Remote Desktop Service (RDS) which do not require user interaction. Unlike BlueKeep, these vulnerabilities affect newer versions from Windows 7 to the latest version of Windows 10 and are required to apply these patches to be secure against future exploitations as Microsoft insists that none of these vulnerabilities are currently being exploited.
AWS Security team has addressed the Kubernetes security issue associated with CVE-2019-11249 and recommend the users to refrain from using untrusted containers and Kubectl tool to manage them. Users are also recommended to upgrade to the latest recommended versions of Kubernetes. Another thing to note here is that the latest EKS AMI provided by AWS does not include Kubectl and also customers need to be updated to the latest EKS AMI.
Security Researchers have captured traces of a payload called MedusaHTTP, which is being distributed by the Rig Exploit Kit. It is written in .NET and is used for creating Distributed Denial of Service (DDoS) botnet. It is known for its somewhat interesting Command and Control (CnC) channel, which uses the "HTTP 100 Continue" response code which is not a common thing to see in your web traffic. So it shouldn't be too hard to discover it from your network.
Cylab has published an interesting blog post on using public sandbox sites to analyze confidential documents. These sandboxes are generally used to determine if a particular file is malicious or not before opening them. These files are then cross-matched with hashes of known malware samples from different detection engines. One key point most users of these sandbox sites is not paying attention is that the files which are submitted will be shared with the security community and usually involves an account or a fee. This means if you upload any confidential data, it can potentially fall into the hands of a malicious user. One thing we can do to address this is to search using the hash of the file which you wish to analyze. If you are sure that the file is malicious, you may keep using the file submission method.
There have been some recent activities regarding the security of Webmin, which is one of the most popular open-source web-based applications for managing Unix-based systems. The project's maintainers confirmed a remote code execution vulnerability that requires the ‘change expired password’ option to be enabled. It turns out to be the result of a compromised build infrastructure. Webmin versions from 1.882 to 1.920 are said to be vulnerable to this but as per Webmin, they have fixed this security issue with it's latest release 1.930.
Well, that about sums it up for our weekly security updates!