VDA Lock Down: June 20, 2019



  • Security News
  • Latest Vulnerabilities
  • IR / DF West MI Training

Top Security News

We Warned You – The EXIM Worm is Here!

Last week Thursday the VDA Lock Down alerted our readers to the recent EXIM vulnerability (CVE-2019-10149) that had the potential to become a worm with millions of servers on the internet that were potentially vulnerable. It turns out we were correct to worry about that possibility – as of Friday the 14th a worm was detected spreading among Linux hosts and infecting them with a coin miner along the way.


Samsung tells users to virus check TVs

Over the past week Samsung put out a post on social media that advised end-users to run a virus scanning app on their Samsung smart TVs. At VDA we think this is a bit silly for a number of reasons, but chief among them is that Samsung is admitting that the security posture of their TVs (or potentially their app store) is weak enough that a 3rd party app is needed to ensure their product is secure. We would much rather see pro-active security measures like firmware signing, secure updating, and strong app review policies.


Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework

The new Software Security Development Framework at first glance appears very similar to the OWASP SAMM: there are 4 main categories, and within each category there are several criteria and implementation steps. Where the NIST SSDF goes further is the requirement that entities create roles and responsibilities within their organization, and ensure that the people selected to perform those roles are qualified and if not, receive the training and education necessary to do so. Another great addition is the requirement for protecting the integrity of software. Overall, the NIST SSDF is another great resource that developers can use to beef up their SDLC (software development lifecycle).


New Chrome Protections from Deceptions

Starting with Chrome version 75, Google will now be including a new feature that will warn users when they are visiting a potentially suspicious URL. It does this by comparing the URL to other sites that the user frequently visits, and then warning if there are characters in the URL that might be easily confused.

We use this sort of tactic regularly on penetration testing engagements to trick users into falling for our phishing attempts and it works. We are glad to hear that Google will be doing more to protect users.


Recent Vulnerabilities

TCP SACK PANIC – Kernel Vulnerabilities

Researchers at Netflix have discovered a series of vulnerabilities that have been named SACK Panic and SACK Slowness (CVE numbers: CVE-2019-11477, CVE-2019-11478, CVE-2019-5599, CVE-2019-11479 ) affect Linux and FreeBDD systems and the impact is potential for remote Denial of Service (DoS) attacks. There are patches that are currently available, and also other mitigations in place that could be applied to systems that can not be patched immediately, however some reports have indicated that these mitigations may require rebooting systems in order to have the systems come into effect.


Firefox 0day Spotted in the Wild

Over the past week a new Firefox 0day (CVE-2019-11707) was found being actively exploited in the wild. The vulnerability was initially discovered by engineers at Coinbase when a targeted phishing campaign attempted to hit Coinbase staff.


New IR / DF Course Offering

VDA Labs is excited to announce that we will be offering an Incident Handling/Digital Forensics class taught by our very own expert engineers, in West Michigan! If you or someone you know might be interested in this course, visit the link below to sign up for updates!

Sign Up for Updates


Posted on

June 20, 2019