Web / Internet Threats















        Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks. A vulnerability has been discovered in the
        Forcepoint VPN Client software for Windows. The flaw could enable an attacker – with an existing foothold on
        a system – to achieve an escalation of privilege, persistence and in some cases defense evasion. The
        vulnerability (CVE-2019-6145) stems from an un-patch issue in the Forcepoint VPN Client software. This
        software provides a secure virtual private network connection between end-user Windows computers and a
        Forcepoint’s VPN gateway. “This vulnerability could have been exploited by an attacker during a post-
        exploitation phase in order to achieve privilege escalation, persistence and in some cases defense evasion by
        using the technique of implanting an arbitrary unsigned executable which is executed by a signed service that
        runs as NT AUTHORITY\SYSTEM [the user account with the highest level of privileges],” researchers with
        SafeBreach said in a Friday analysis.

                Source: https://threatpost.com/forcepoint-vpn-client-is-vulnerable-to-privilege-escalation-
                attacks/148544/



        TFlower Ransomware - The Latest Attack Targeting Businesses. The latest ransomware targeting corporate
        environments is called TFlower and is being installed on networks after attackers hack into exposed Remote
        Desktop services. With the huge payments being earned by ransomware developers as they target businesses
        and government agencies, it is not surprising to see new ransomware being developed to take advantage of
        this surge in high ransoms. Such is the case with the TFlower ransomware, which was discovered in the wild in
        early August. At the time it was just thought to be another generic ransomware, but sources who have
        performed incident response involving this ransomware have told BleepingComputer that its activity is
        beginning to pick up.

                Source:  https://www.bleepingcomputer.com/news/security/tflower-ransomware-the-latest-attack-
                targeting-businesses/



        Critical Vulnerability Exposes Harbor Registries to Attacks. Harbor registries with default settings are
        impacted by a vulnerability that allows any user to elevate privileges to administrator, Palo Alto Networks
        reports. An open-source cloud native registry that integrates with Docker Hub, Docker Registry, Google
        Container Registry, and others, Harbor stores, signs and scans container images for vulnerabilities. Users are
        provided with a simple GUI to download, upload, and scan images. Tracked as CVE-2019-16097, the
        vulnerability could allow an attacker to take over Harbor registries via malicious requests. Palo Alto Networks’
        security researchers discovered around 1,300 registries that are open to the Internet and which also have
        default settings, meaning they are at risk.

                Source: https://www.securityweek.com/critical-vulnerability-exposes-harbor-registries-attacks










                                                    www.accumepartners.com
                                                                                                                    13