Top Security News for 16/08/2022
Attacking Google's Titan M Security Key with Only One Byte
https://www.reddit.com/r/netsec/comments/woqida/attacking_googles_titan_m_security_key_with_only/
SOVA Android Banking Trojan Returns With New Capabilities and Targets
https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html
EvilPLC Attack: Using a PLC to Gain Code Execution on Engineering Workstation
https://www.reddit.com/r/netsec/comments/woybqk/evilplc_attack_using_a_plc_to_gain_code_execution/
Iron Tiger's supply chain campaign. TikTok and espionage. Shuckworm's focus on Ukraine. Killnet's dubious proof-of-work.
https://thecyberwire.com/newsletters/daily-briefing/11/156
SOVA Android malware now also encrypts victims’ files
https://securityaffairs.co/wordpress/134392/malware/sova-android-malware-v5.html
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.
https://thecyberwire.com/podcasts/daily-podcast/1641/notes
A week in security (August 8 - August 14)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-8-august-14
Google pays up for misrepresenting customer data handling. Update on the alleged AT&T data breach. Outdated Veterans Affairs platform putting patient data at risk.
https://thecyberwire.com/newsletters/privacy-briefing/4/156
Signals and Space: USAF and NRO coordinate space operations as they expand use of commercial services. Space conflict. Small business opportunities.
https://thecyberwire.com/newsletters/signals-and-space/6/15
Tracking Internet facing Industrial Control System devices
https://www.reddit.com/r/netsec/comments/wp5dhh/tracking_internet_facing_industrial_control/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Attacking Google's Titan M Security Key with Only One Byte
https://www.reddit.com/r/netsec/comments/woqida/attacking_googles_titan_m_security_key_with_only/
SOVA Android Banking Trojan Returns With New Capabilities and Targets
https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html
EvilPLC Attack: Using a PLC to Gain Code Execution on Engineering Workstation
https://www.reddit.com/r/netsec/comments/woybqk/evilplc_attack_using_a_plc_to_gain_code_execution/
Iron Tiger's supply chain campaign. TikTok and espionage. Shuckworm's focus on Ukraine. Killnet's dubious proof-of-work.
https://thecyberwire.com/newsletters/daily-briefing/11/156
SOVA Android malware now also encrypts victims’ files
https://securityaffairs.co/wordpress/134392/malware/sova-android-malware-v5.html
Shuckworm and Killnet continue to hack in the interest of Russia. Iron Tiger's supply chain campaign. TikTok and national security. And an arrest in the case of the Tornado Cash crypto mixer.
https://thecyberwire.com/podcasts/daily-podcast/1641/notes
A week in security (August 8 - August 14)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-8-august-14
Google pays up for misrepresenting customer data handling. Update on the alleged AT&T data breach. Outdated Veterans Affairs platform putting patient data at risk.
https://thecyberwire.com/newsletters/privacy-briefing/4/156
Signals and Space: USAF and NRO coordinate space operations as they expand use of commercial services. Space conflict. Small business opportunities.
https://thecyberwire.com/newsletters/signals-and-space/6/15
Tracking Internet facing Industrial Control System devices
https://www.reddit.com/r/netsec/comments/wp5dhh/tracking_internet_facing_industrial_control/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
Attacking Google's Titan M Security Key with Only One Byte
Posted in r/netsec by u/sanitybit • 171 points and 10 comments
Top Security News for 16/08/2022
Credential Theft Is (Still) A Top Attack Method
https://thehackernews.com/2022/08/credential-theft-is-still-top-attack.html
3 ways China's access to TikTok data is a security risk
https://www.csoonline.com/article/3670110/3-ways-chinas-access-to-tiktok-data-is-a-security-risk.html#tk.rss_all
Why Action Bias Is Damaging Your Security Response
https://www.reddit.com/r/netsec/comments/wp32zn/why_action_bias_is_damaging_your_security_response/
Signals and Space: USAF and NRO coordinate space operations as they expand use of commercial services. Space conflict. Small business opportunities.
https://thecyberwire.com/newsletters/signals-and-space/6/15
Top 5 security risks of Open RAN
https://www.csoonline.com/article/3670078/top-5-security-risks-of-open-ran.html#tk.rss_all
Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
https://thehackernews.com/2022/08/newly-uncovered-pypi-package-drops.html
EvilPLC Attack: Using a PLC to Gain Code Execution on Engineering Workstation
https://www.reddit.com/r/netsec/comments/woybqk/evilplc_attack_using_a_plc_to_gain_code_execution/
Viral video drives malvertising on social media platform
https://www.malwarebytes.com/blog/threat-intelligence/2022/08/viral-video-drives-malvertising-on-social-media-platform
IT threat evolution in Q2 2022. Mobile statistics
https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/
Tracking Internet facing Industrial Control System devices
https://www.reddit.com/r/netsec/comments/wp5dhh/tracking_internet_facing_industrial_control/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Credential Theft Is (Still) A Top Attack Method
https://thehackernews.com/2022/08/credential-theft-is-still-top-attack.html
3 ways China's access to TikTok data is a security risk
https://www.csoonline.com/article/3670110/3-ways-chinas-access-to-tiktok-data-is-a-security-risk.html#tk.rss_all
Why Action Bias Is Damaging Your Security Response
https://www.reddit.com/r/netsec/comments/wp32zn/why_action_bias_is_damaging_your_security_response/
Signals and Space: USAF and NRO coordinate space operations as they expand use of commercial services. Space conflict. Small business opportunities.
https://thecyberwire.com/newsletters/signals-and-space/6/15
Top 5 security risks of Open RAN
https://www.csoonline.com/article/3670078/top-5-security-risks-of-open-ran.html#tk.rss_all
Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
https://thehackernews.com/2022/08/newly-uncovered-pypi-package-drops.html
EvilPLC Attack: Using a PLC to Gain Code Execution on Engineering Workstation
https://www.reddit.com/r/netsec/comments/woybqk/evilplc_attack_using_a_plc_to_gain_code_execution/
Viral video drives malvertising on social media platform
https://www.malwarebytes.com/blog/threat-intelligence/2022/08/viral-video-drives-malvertising-on-social-media-platform
IT threat evolution in Q2 2022. Mobile statistics
https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/
Tracking Internet facing Industrial Control System devices
https://www.reddit.com/r/netsec/comments/wp5dhh/tracking_internet_facing_industrial_control/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CSO Online
3 ways China's access to TikTok data is a security risk
The security community weighs in on real-world scenarios in which China or other nations could operationalize data collected by online platforms and how to mitigate the risk.
👍1
Top Security News for 17/08/2022
RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
https://thehackernews.com/2022/08/rubygems-makes-multi-factor.html
ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-august-1st-2022-august-7th-2022/62673/1
Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware
https://thehackernews.com/2022/08/russian-state-hackers-continue-to.html
Microsoft Warns About Phishing Attacks by Russia-linked Hackers
https://thehackernews.com/2022/08/microsoft-warns-about-phishing-attacks.html
Two more malicious Python packages in the PyPI
https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/
Signal informs customers of third-party data breach. North Carolina healthcare system says Meta Pixel exposed patient data. Shanghai COVID-19 app allegedly hacked.
https://thecyberwire.com/podcasts/privacy-briefing/648/notes
U.K. Water Supplier Hit With Clop Ransomware Attack
https://packetstormsecurity.com/news/view/33738/U.K.-Water-Supplier-Hit-With-Clop-Ransomware-Attack.html
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks
https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html
A Deep Dive Into Black Basta Ransomware
https://www.reddit.com/r/netsec/comments/wpv3r0/a_deep_dive_into_black_basta_ransomware/
RedAlpha targets think tanks and humanitarian organizations. Golden Chickens operator discovered. BlueSky ransomware rapidly encrypts data.
https://thecyberwire.com/podcasts/research-briefing/130/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
https://thehackernews.com/2022/08/rubygems-makes-multi-factor.html
ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-august-1st-2022-august-7th-2022/62673/1
Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware
https://thehackernews.com/2022/08/russian-state-hackers-continue-to.html
Microsoft Warns About Phishing Attacks by Russia-linked Hackers
https://thehackernews.com/2022/08/microsoft-warns-about-phishing-attacks.html
Two more malicious Python packages in the PyPI
https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/
Signal informs customers of third-party data breach. North Carolina healthcare system says Meta Pixel exposed patient data. Shanghai COVID-19 app allegedly hacked.
https://thecyberwire.com/podcasts/privacy-briefing/648/notes
U.K. Water Supplier Hit With Clop Ransomware Attack
https://packetstormsecurity.com/news/view/33738/U.K.-Water-Supplier-Hit-With-Clop-Ransomware-Attack.html
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks
https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html
A Deep Dive Into Black Basta Ransomware
https://www.reddit.com/r/netsec/comments/wpv3r0/a_deep_dive_into_black_basta_ransomware/
RedAlpha targets think tanks and humanitarian organizations. Golden Chickens operator discovered. BlueSky ransomware rapidly encrypts data.
https://thecyberwire.com/podcasts/research-briefing/130/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info…
Top Security News for 17/08/2022
Suing Spam Texters for Fun and Profit
https://www.vice.com/en_us/article/jgp5ak/suing-spam-texters-for-fun-and-profit
Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable
https://www.csoonline.com/article/3669810/vulnerability-exploitability-exchange-explained-how-vex-makes-sboms-actionable.html#tk.rss_all
ISC Stormcast For Wednesday, August 17th, 2022 https://isc.sans.edu/podcastdetail.html?id=8134, (Wed, Aug 17th)
https://isc.sans.edu/diary/rss/28948
What is Private DNS Mode on Android and how do you enable it?
https://malware.news/t/what-is-private-dns-mode-on-android-and-how-do-you-enable-it/62671/1
Threat in your browser: what dangers innocent-looking extensions hold for users
https://securelist.com/threat-in-your-browser-extensions/107181/
U.K. Water Supplier Hit With Clop Ransomware Attack
https://packetstormsecurity.com/news/view/33738/U.K.-Water-Supplier-Hit-With-Clop-Ransomware-Attack.html
ISC StormCast for Wednesday, August 17th, 2022
https://isc.sans.edu/podcastdetail.html?id=8134
ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-august-1st-2022-august-7th-2022/62673/1
RedAlpha update. Evil PLC proof-of-concept . Cl0p hits English water utility. "SEABORGIUM" Russian cyberespionage activity.
https://thecyberwire.com/newsletters/daily-briefing/11/157
SOVA malware is back and is evolving rapidly
https://www.reddit.com/r/netsec/comments/wpognw/sova_malware_is_back_and_is_evolving_rapidly/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Suing Spam Texters for Fun and Profit
https://www.vice.com/en_us/article/jgp5ak/suing-spam-texters-for-fun-and-profit
Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable
https://www.csoonline.com/article/3669810/vulnerability-exploitability-exchange-explained-how-vex-makes-sboms-actionable.html#tk.rss_all
ISC Stormcast For Wednesday, August 17th, 2022 https://isc.sans.edu/podcastdetail.html?id=8134, (Wed, Aug 17th)
https://isc.sans.edu/diary/rss/28948
What is Private DNS Mode on Android and how do you enable it?
https://malware.news/t/what-is-private-dns-mode-on-android-and-how-do-you-enable-it/62671/1
Threat in your browser: what dangers innocent-looking extensions hold for users
https://securelist.com/threat-in-your-browser-extensions/107181/
U.K. Water Supplier Hit With Clop Ransomware Attack
https://packetstormsecurity.com/news/view/33738/U.K.-Water-Supplier-Hit-With-Clop-Ransomware-Attack.html
ISC StormCast for Wednesday, August 17th, 2022
https://isc.sans.edu/podcastdetail.html?id=8134
ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-august-1st-2022-august-7th-2022/62673/1
RedAlpha update. Evil PLC proof-of-concept . Cl0p hits English water utility. "SEABORGIUM" Russian cyberespionage activity.
https://thecyberwire.com/newsletters/daily-briefing/11/157
SOVA malware is back and is evolving rapidly
https://www.reddit.com/r/netsec/comments/wpognw/sova_malware_is_back_and_is_evolving_rapidly/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Vice
Suing Spam Texters for Fun and Profit
An interview with David Weekly, the man who sued a spam texter for $1,200 and won.
Top Security News for 23/08/2022
Keylogger or debugger? Data breach adds insult to injury for injured workers. US medical data breaches rise.
https://thecyberwire.com/podcasts/privacy-briefing/652/notes
"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered
https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html
New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data
https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html
STRIDE Threat Modelling vs DREAD Threat Modelling
https://www.reddit.com/r/netsec/comments/wune8n/stride_threat_modelling_vs_dread_threat_modelling/
Criminals socially engineer their way to bank details with fake arrest warrants
https://www.malwarebytes.com/blog/news/2022/08/criminals-socially-engineer-their-way-to-bank-details-with-fake-arrest-warrants
Cyber Signals: Defend against the new ransomware landscape
https://www.microsoft.com/security/blog/2022/08/22/cyber-signals-defend-against-the-new-ransomware-landscape/
Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
https://www.microsoft.com/security/blog/2022/08/22/microsoft-recognized-as-a-leader-in-the-2022-gartner-magic-quadrant-for-unified-endpoint-management-tools/
Information Security Checklist for Small to Medium Organizations
https://www.reddit.com/r/netsec/comments/wv81pp/information_security_checklist_for_small_to/
Trivy: Enhanced with AWS scan integration
https://www.reddit.com/r/netsec/comments/wumn8c/trivy_enhanced_with_aws_scan_integration/
Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability
https://thehackernews.com/2022/08/hackers-stole-crypto-from-bitcoin-atms.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Keylogger or debugger? Data breach adds insult to injury for injured workers. US medical data breaches rise.
https://thecyberwire.com/podcasts/privacy-briefing/652/notes
"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered
https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html
New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data
https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html
STRIDE Threat Modelling vs DREAD Threat Modelling
https://www.reddit.com/r/netsec/comments/wune8n/stride_threat_modelling_vs_dread_threat_modelling/
Criminals socially engineer their way to bank details with fake arrest warrants
https://www.malwarebytes.com/blog/news/2022/08/criminals-socially-engineer-their-way-to-bank-details-with-fake-arrest-warrants
Cyber Signals: Defend against the new ransomware landscape
https://www.microsoft.com/security/blog/2022/08/22/cyber-signals-defend-against-the-new-ransomware-landscape/
Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
https://www.microsoft.com/security/blog/2022/08/22/microsoft-recognized-as-a-leader-in-the-2022-gartner-magic-quadrant-for-unified-endpoint-management-tools/
Information Security Checklist for Small to Medium Organizations
https://www.reddit.com/r/netsec/comments/wv81pp/information_security_checklist_for_small_to/
Trivy: Enhanced with AWS scan integration
https://www.reddit.com/r/netsec/comments/wumn8c/trivy_enhanced_with_aws_scan_integration/
Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability
https://thehackernews.com/2022/08/hackers-stole-crypto-from-bitcoin-atms.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Keylogger or debugger? Data breach adds insult to injury for injured workers. US medical data breaches rise.
TikTok’s in-app browser includes a keylogger…but the app says it’s only for debugging. Data breach adds insult to injury for wounded workers. US medical data breaches continue to rise.
Top Security News for 23/08/2022
Trivy: Enhanced with AWS scan integration
https://www.reddit.com/r/netsec/comments/wumn8c/trivy_enhanced_with_aws_scan_integration/
CISA wants you to patch these actively exploited vulnerabilities before September 8
https://www.malwarebytes.com/blog/news/2022/08/cisa-wants-you-to-patch-these-actively-exploited-vulnerabilities-before-september-8
Criminals socially engineer their way to bank details with fake arrest warrants
https://www.malwarebytes.com/blog/news/2022/08/criminals-socially-engineer-their-way-to-bank-details-with-fake-arrest-warrants
7 critical steps for successful security onboarding
https://www.csoonline.com/article/3669849/7-critical-steps-for-successful-security-onboarding.html#tk.rss_all
Reddit users crowdsourcing explicit images and identities
https://www.malwarebytes.com/blog/news/2022/08/reddit-users-crowdsourcing-explicit-images-and-identities
RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering
https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html
Dell security advisory (AV22-465)
https://malware.news/t/dell-security-advisory-av22-465/62798/1
A week in security (August 15 - August 21)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-15-august-21
Microsegmentation (noun)
https://thecyberwire.com/podcasts/word-notes/113/notes
IBM security advisory (AV22-464)
https://malware.news/t/ibm-security-advisory-av22-464/62799/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Trivy: Enhanced with AWS scan integration
https://www.reddit.com/r/netsec/comments/wumn8c/trivy_enhanced_with_aws_scan_integration/
CISA wants you to patch these actively exploited vulnerabilities before September 8
https://www.malwarebytes.com/blog/news/2022/08/cisa-wants-you-to-patch-these-actively-exploited-vulnerabilities-before-september-8
Criminals socially engineer their way to bank details with fake arrest warrants
https://www.malwarebytes.com/blog/news/2022/08/criminals-socially-engineer-their-way-to-bank-details-with-fake-arrest-warrants
7 critical steps for successful security onboarding
https://www.csoonline.com/article/3669849/7-critical-steps-for-successful-security-onboarding.html#tk.rss_all
Reddit users crowdsourcing explicit images and identities
https://www.malwarebytes.com/blog/news/2022/08/reddit-users-crowdsourcing-explicit-images-and-identities
RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering
https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html
Dell security advisory (AV22-465)
https://malware.news/t/dell-security-advisory-av22-465/62798/1
A week in security (August 15 - August 21)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-15-august-21
Microsegmentation (noun)
https://thecyberwire.com/podcasts/word-notes/113/notes
IBM security advisory (AV22-464)
https://malware.news/t/ibm-security-advisory-av22-464/62799/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Trivy: Enhanced with AWS scan integration
Explore this post and more from the netsec community
Top Security News for 24/08/2022
Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats using Sigma detection rules.
https://www.reddit.com/r/netsec/comments/wvs9e7/chainsaw_20_allows_users_to_rapidly_search/
Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html
But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 2)
https://www.reddit.com/r/netsec/comments/wvzq0t/but_you_told_me_you_were_safe_attacking_the/
Here’s how to use Intel 471 with existing intelligence frameworks
https://malware.news/t/here-s-how-to-use-intel-471-with-existing-intelligence-frameworks/62838/1
AsyncRAT Being Distributed in Fileless Form
https://malware.news/t/asyncrat-being-distributed-in-fileless-form/62837/1
BrandPost: 5 Signs the World Isn’t Paying Enough Attention to 5G Security
https://www.csoonline.com/article/3670573/5-signs-the-world-isn-t-paying-enough-attention-to-5g-security.html#tk.rss_all
A multidimensional approach to journalism security
https://www.microsoft.com/security/blog/2022/08/23/a-multidimensional-approach-to-journalism-security/
XCSSET Malware Updates with Python 3 to Target macOS Monterey Users
https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html
HTTP header Blind SQL injection Example
https://www.reddit.com/r/netsec/comments/wvhkyt/http_header_blind_sql_injection_example/
bomber - a vulnerability scanner for SBOMs
https://www.reddit.com/r/netsec/comments/wvzdt5/bomber_a_vulnerability_scanner_for_sboms/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats using Sigma detection rules.
https://www.reddit.com/r/netsec/comments/wvs9e7/chainsaw_20_allows_users_to_rapidly_search/
Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html
But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 2)
https://www.reddit.com/r/netsec/comments/wvzq0t/but_you_told_me_you_were_safe_attacking_the/
Here’s how to use Intel 471 with existing intelligence frameworks
https://malware.news/t/here-s-how-to-use-intel-471-with-existing-intelligence-frameworks/62838/1
AsyncRAT Being Distributed in Fileless Form
https://malware.news/t/asyncrat-being-distributed-in-fileless-form/62837/1
BrandPost: 5 Signs the World Isn’t Paying Enough Attention to 5G Security
https://www.csoonline.com/article/3670573/5-signs-the-world-isn-t-paying-enough-attention-to-5g-security.html#tk.rss_all
A multidimensional approach to journalism security
https://www.microsoft.com/security/blog/2022/08/23/a-multidimensional-approach-to-journalism-security/
XCSSET Malware Updates with Python 3 to Target macOS Monterey Users
https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html
HTTP header Blind SQL injection Example
https://www.reddit.com/r/netsec/comments/wvhkyt/http_header_blind_sql_injection_example/
bomber - a vulnerability scanner for SBOMs
https://www.reddit.com/r/netsec/comments/wvzdt5/bomber_a_vulnerability_scanner_for_sboms/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats…
Explore this post and more from the netsec community
Top Security News for 24/08/2022
BrandPost: Securing Critical Applications Running in the Cloud
https://www.csoonline.com/article/3670555/securing-critical-applications-running-in-the-cloud.html#tk.rss_all
Security Alert: Alert Regarding Vulnerability in Movable Type XMLRPC API
https://malware.news/t/security-alert-alert-regarding-vulnerability-in-movable-type-xmlrpc-api/62839/1
AsyncRAT Being Distributed in Fileless Form
https://malware.news/t/asyncrat-being-distributed-in-fileless-form/62837/1
BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool
https://malware.news/t/bitrat-and-xmrig-coinminer-being-distributed-via-windows-license-verification-tool/62836/1
SUMMER ISSUE OF 2600 RELEASED
https://www.2600.com/content/summer-issue-2600-released-17
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1647/notes
ISC StormCast for Wednesday, August 24th, 2022
https://isc.sans.edu/podcastdetail.html?id=8144
SBOM 101 - All the questions you were afraid to ask Software Bill of Materials
https://www.reddit.com/r/netsec/comments/wvr7g8/sbom_101_all_the_questions_you_were_afraid_to_ask/
How Twitter’s whistleblower could boost Elon Musk’s legal battle
https://www.theguardian.com/technology/2022/aug/23/twitter-whistleblower-elon-musk-termination-penalty
Cybersecurity researchers have discovered multiple ongoing malware distribution campaigns that target internet users who seek to download copies of pirated software.
https://www.reddit.com/r/Malware/comments/ww640p/cybersecurity_researchers_have_discovered/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
BrandPost: Securing Critical Applications Running in the Cloud
https://www.csoonline.com/article/3670555/securing-critical-applications-running-in-the-cloud.html#tk.rss_all
Security Alert: Alert Regarding Vulnerability in Movable Type XMLRPC API
https://malware.news/t/security-alert-alert-regarding-vulnerability-in-movable-type-xmlrpc-api/62839/1
AsyncRAT Being Distributed in Fileless Form
https://malware.news/t/asyncrat-being-distributed-in-fileless-form/62837/1
BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool
https://malware.news/t/bitrat-and-xmrig-coinminer-being-distributed-via-windows-license-verification-tool/62836/1
SUMMER ISSUE OF 2600 RELEASED
https://www.2600.com/content/summer-issue-2600-released-17
Iranian APT data extraction tool described. LockBit gang comes under DDoS. Twitter whistleblower security claims made public. Greek natural gas supplier under cyberattack. Updates on a hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1647/notes
ISC StormCast for Wednesday, August 24th, 2022
https://isc.sans.edu/podcastdetail.html?id=8144
SBOM 101 - All the questions you were afraid to ask Software Bill of Materials
https://www.reddit.com/r/netsec/comments/wvr7g8/sbom_101_all_the_questions_you_were_afraid_to_ask/
How Twitter’s whistleblower could boost Elon Musk’s legal battle
https://www.theguardian.com/technology/2022/aug/23/twitter-whistleblower-elon-musk-termination-penalty
Cybersecurity researchers have discovered multiple ongoing malware distribution campaigns that target internet users who seek to download copies of pirated software.
https://www.reddit.com/r/Malware/comments/ww640p/cybersecurity_researchers_have_discovered/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CSO
Securing Critical Applications Running in the Cloud
According to the 2022 Cloud Security Report, 40% of enterprises now run more than half of their workloads in the cloud. And that percentage is expected to increase to nearly 60% by 2024.
Top Security News for 25/08/2022
6 reasons MSPs need a patch management platform
https://www.malwarebytes.com/blog/business/2022/08/6-reasons-msps-need-a-patch-management-platform
How I was able to delete 13k+ Microsoft Translator Projects
https://www.reddit.com/r/netsec/comments/wwryrb/how_i_was_able_to_delete_13k_microsoft_translator/
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
Attack surface of browser extension pages
https://www.reddit.com/r/netsec/comments/wwvoka/attack_surface_of_browser_extension_pages/
Twitter Whistleblower Document Archive
https://www.reddit.com/r/netsec/comments/wwps3l/twitter_whistleblower_document_archive/
New ransomware HavanaCrypt poses as Google software update
https://www.csoonline.com/article/3670574/new-ransomware-havanacrypt-poses-as-google-software-update.html#tk.rss_all
Misconfigured Resource-Based Policies - Hacking The Cloud
https://www.reddit.com/r/netsec/comments/wwl5ov/misconfigured_resourcebased_policies_hacking_the/
GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
https://thehackernews.com/2022/08/gitlab-issues-patch-for-critical-flaw.html
Hackers Using Fake DDoS Protection Pages to Distribute Malware
https://thehackernews.com/2022/08/hackers-using-fake-ddos-protection.html
Researchers warn of darkverse emerging from the metaverse
https://www.csoonline.com/article/3670576/researchers-warn-of-darkverse-emerging-from-the-metaverse.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
6 reasons MSPs need a patch management platform
https://www.malwarebytes.com/blog/business/2022/08/6-reasons-msps-need-a-patch-management-platform
How I was able to delete 13k+ Microsoft Translator Projects
https://www.reddit.com/r/netsec/comments/wwryrb/how_i_was_able_to_delete_13k_microsoft_translator/
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
Attack surface of browser extension pages
https://www.reddit.com/r/netsec/comments/wwvoka/attack_surface_of_browser_extension_pages/
Twitter Whistleblower Document Archive
https://www.reddit.com/r/netsec/comments/wwps3l/twitter_whistleblower_document_archive/
New ransomware HavanaCrypt poses as Google software update
https://www.csoonline.com/article/3670574/new-ransomware-havanacrypt-poses-as-google-software-update.html#tk.rss_all
Misconfigured Resource-Based Policies - Hacking The Cloud
https://www.reddit.com/r/netsec/comments/wwl5ov/misconfigured_resourcebased_policies_hacking_the/
GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
https://thehackernews.com/2022/08/gitlab-issues-patch-for-critical-flaw.html
Hackers Using Fake DDoS Protection Pages to Distribute Malware
https://thehackernews.com/2022/08/hackers-using-fake-ddos-protection.html
Researchers warn of darkverse emerging from the metaverse
https://www.csoonline.com/article/3670576/researchers-warn-of-darkverse-emerging-from-the-metaverse.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malwarebytes
6 reasons MSPs need a patch management platform
Top Security News for 25/08/2022
Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication
https://www.csoonline.com/article/3670575/sophisticated-bec-scammers-bypass-microsoft-365-multi-factor-authentication.html#tk.rss_all
Hackers Using Fake DDoS Protection Pages to Distribute Malware
https://thehackernews.com/2022/08/hackers-using-fake-ddos-protection.html
Attack surface of browser extension pages
https://www.reddit.com/r/netsec/comments/wwvoka/attack_surface_of_browser_extension_pages/
Unlocking Serverless with AWS Lambda and IAM
https://malware.news/t/unlocking-serverless-with-aws-lambda-and-iam/62876/1
BrandPost: Beyond the Cyber Buzzwords: What Executives Should Know About SASE
https://www.csoonline.com/article/3671149/beyond-the-cyber-buzzwords-what-executives-should-know-about-sase.html#tk.rss_all
AiTM phishing campaign also targets G Suite users
https://securityaffairs.co/wordpress/134796/cyber-crime/aitm-phishing-g-suite.html
Kudos and Recognition
https://malware.news/t/kudos-and-recognition/62874/1
EtwSessionHijacking: Blocking Procmon from monitoring network events
https://www.reddit.com/r/netsec/comments/wwy97v/etwsessionhijacking_blocking_procmon_from/
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication
https://www.csoonline.com/article/3670575/sophisticated-bec-scammers-bypass-microsoft-365-multi-factor-authentication.html#tk.rss_all
Hackers Using Fake DDoS Protection Pages to Distribute Malware
https://thehackernews.com/2022/08/hackers-using-fake-ddos-protection.html
Attack surface of browser extension pages
https://www.reddit.com/r/netsec/comments/wwvoka/attack_surface_of_browser_extension_pages/
Unlocking Serverless with AWS Lambda and IAM
https://malware.news/t/unlocking-serverless-with-aws-lambda-and-iam/62876/1
BrandPost: Beyond the Cyber Buzzwords: What Executives Should Know About SASE
https://www.csoonline.com/article/3671149/beyond-the-cyber-buzzwords-what-executives-should-know-about-sase.html#tk.rss_all
AiTM phishing campaign also targets G Suite users
https://securityaffairs.co/wordpress/134796/cyber-crime/aitm-phishing-g-suite.html
Kudos and Recognition
https://malware.news/t/kudos-and-recognition/62874/1
EtwSessionHijacking: Blocking Procmon from monitoring network events
https://www.reddit.com/r/netsec/comments/wwy97v/etwsessionhijacking_blocking_procmon_from/
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CSO Online
Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication
Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system.
Top Security News for 26/08/2022
BrandPost: Securing Your Cloud Supply Chain
https://www.csoonline.com/article/3671373/securing-your-cloud-supply-chain.html#tk.rss_all
Introducing Patch Management for OneView
https://www.malwarebytes.com/blog/business/2022/08/introducing-patch-management-for-oneview
BrandPost: Is Your Mobile Network’s Security Always On?
https://www.csoonline.com/article/3671372/is-your-mobile-network-s-security-always-on.html#tk.rss_all
BrandPost: How to Mitigate Data Protection Woes with SSE
https://www.csoonline.com/article/3671348/how-to-mitigate-data-protection-woes-with-sse.html#tk.rss_all
Twitter security under scrutiny after former executive turns whistleblower
https://www.malwarebytes.com/blog/news/2022/08/twitter-under-scrutiny-after-former-executive-turns-whistleblower
Free SANS Workshop: Building an Azure Pentest Lab for Red Teams
https://www.reddit.com/r/netsec/comments/wxkxde/free_sans_workshop_building_an_azure_pentest_lab/
Embrace change! Chris’s McAfee Journey
https://malware.news/t/embrace-change-chris-s-mcafee-journey/62912/1
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3
https://www.reddit.com/r/netsec/comments/wxb9j4/2byte_dos_in_freebsdtelnetd_netbsdtelnetd/
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone - Microsoft Security Blog
https://www.reddit.com/r/netsec/comments/wxfj3l/magicweb_nobeliums_postcompromise_trick_to/
Why SBOMs alone aren’t enough for software supply chain security
https://www.csoonline.com/article/3670572/why-sboms-alone-aren-t-enough-for-software-supply-chain-security.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
BrandPost: Securing Your Cloud Supply Chain
https://www.csoonline.com/article/3671373/securing-your-cloud-supply-chain.html#tk.rss_all
Introducing Patch Management for OneView
https://www.malwarebytes.com/blog/business/2022/08/introducing-patch-management-for-oneview
BrandPost: Is Your Mobile Network’s Security Always On?
https://www.csoonline.com/article/3671372/is-your-mobile-network-s-security-always-on.html#tk.rss_all
BrandPost: How to Mitigate Data Protection Woes with SSE
https://www.csoonline.com/article/3671348/how-to-mitigate-data-protection-woes-with-sse.html#tk.rss_all
Twitter security under scrutiny after former executive turns whistleblower
https://www.malwarebytes.com/blog/news/2022/08/twitter-under-scrutiny-after-former-executive-turns-whistleblower
Free SANS Workshop: Building an Azure Pentest Lab for Red Teams
https://www.reddit.com/r/netsec/comments/wxkxde/free_sans_workshop_building_an_azure_pentest_lab/
Embrace change! Chris’s McAfee Journey
https://malware.news/t/embrace-change-chris-s-mcafee-journey/62912/1
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3
https://www.reddit.com/r/netsec/comments/wxb9j4/2byte_dos_in_freebsdtelnetd_netbsdtelnetd/
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone - Microsoft Security Blog
https://www.reddit.com/r/netsec/comments/wxfj3l/magicweb_nobeliums_postcompromise_trick_to/
Why SBOMs alone aren’t enough for software supply chain security
https://www.csoonline.com/article/3670572/why-sboms-alone-aren-t-enough-for-software-supply-chain-security.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CSO Online
Securing Your Cloud Supply Chain
The cloud supply chain can be complex, considering all the different layers, components and sources. While complex, cloud supply chain security can be managed with a four-step strategic approach.
Top Security News for 26/08/2022
Here’s How to Steer Clear of Bot Accounts on Social Media
https://malware.news/t/here-s-how-to-steer-clear-of-bot-accounts-on-social-media/62911/1
Up to 35% more CVEs published so far this year compared to 2021
https://www.csoonline.com/article/3671369/up-to-35-more-cves-published-so-far-this-year-compared-to-2021.html#tk.rss_all
Paypal Phishing/Coinbase in One Image, (Fri, Aug 26th)
https://malware.news/t/paypal-phishing-coinbase-in-one-image-fri-aug-26th/62910/1
Mark Zuckerberg Tells Joe Rogan That Running Facebook Sucks, Metaverse Is Better
https://www.vice.com/en_us/article/m7g7px/mark-zuckerberg-tells-joe-rogan-that-running-facebook-sucks-metaverse-is-better
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3
https://www.reddit.com/r/netsec/comments/wxb9j4/2byte_dos_in_freebsdtelnetd_netbsdtelnetd/
Free SANS Workshop: Building an Azure Pentest Lab for Red Teams
https://www.reddit.com/r/netsec/comments/wxkxde/free_sans_workshop_building_an_azure_pentest_lab/
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html
ISC Stormcast For Friday, August 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=8148, (Fri, Aug 26th)
https://malware.news/t/isc-stormcast-for-friday-august-26th-2022-https-isc-sans-edu-podcastdetail-html-id-8148-fri-aug-26th/62909/1
Embrace change! Chris’s McAfee Journey
https://malware.news/t/embrace-change-chris-s-mcafee-journey/62912/1
ISC Stormcast For Friday, August 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=8148, (Fri, Aug 26th)
https://isc.sans.edu/diary/rss/28982
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Here’s How to Steer Clear of Bot Accounts on Social Media
https://malware.news/t/here-s-how-to-steer-clear-of-bot-accounts-on-social-media/62911/1
Up to 35% more CVEs published so far this year compared to 2021
https://www.csoonline.com/article/3671369/up-to-35-more-cves-published-so-far-this-year-compared-to-2021.html#tk.rss_all
Paypal Phishing/Coinbase in One Image, (Fri, Aug 26th)
https://malware.news/t/paypal-phishing-coinbase-in-one-image-fri-aug-26th/62910/1
Mark Zuckerberg Tells Joe Rogan That Running Facebook Sucks, Metaverse Is Better
https://www.vice.com/en_us/article/m7g7px/mark-zuckerberg-tells-joe-rogan-that-running-facebook-sucks-metaverse-is-better
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3
https://www.reddit.com/r/netsec/comments/wxb9j4/2byte_dos_in_freebsdtelnetd_netbsdtelnetd/
Free SANS Workshop: Building an Azure Pentest Lab for Red Teams
https://www.reddit.com/r/netsec/comments/wxkxde/free_sans_workshop_building_an_azure_pentest_lab/
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html
ISC Stormcast For Friday, August 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=8148, (Fri, Aug 26th)
https://malware.news/t/isc-stormcast-for-friday-august-26th-2022-https-isc-sans-edu-podcastdetail-html-id-8148-fri-aug-26th/62909/1
Embrace change! Chris’s McAfee Journey
https://malware.news/t/embrace-change-chris-s-mcafee-journey/62912/1
ISC Stormcast For Friday, August 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=8148, (Fri, Aug 26th)
https://isc.sans.edu/diary/rss/28982
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Here’s How to Steer Clear of Bot Accounts on Social Media
“Congratulations, you’re a winner!” “Did you know this public figure is trying to make your life worse? Click here for what they don’t want you to know.” “Save thousands today with just one click!” Spam and bot accounts on social media are everywhere.…
Top Security News for 27/08/2022
Call for entry: Creating Connections.
https://thecyberwire.com/stories/f236d8b0aba54fe4a399e01bf9b315d3/call-for-entry-creating-connections
The Elastic Container Project for Security Research
https://www.reddit.com/r/netsec/comments/wyp2n4/the_elastic_container_project_for_security/
Adware found on Google Play — PDF Reader servicing up full screen ads
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Password manager LastPass reveals intrusion into development system
https://www.csoonline.com/article/3671152/password-manager-lastpass-reveals-intrusion-into-development-system.html#tk.rss_all
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html
Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access
https://securityaffairs.co/wordpress/134876/apt/mercury-exploit-log4shell-flaw.html
F5 security advisory (AV22-478)
https://malware.news/t/f5-security-advisory-av22-478/62929/1
Chris Handman from TerraTrue discusses how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way.
https://thecyberwire.com/podcasts/interview-selects/125/notes
Labels: Not Just for People Anymore!
https://malware.news/t/labels-not-just-for-people-anymore/62933/1
Undetectable backdooring PE file
https://www.reddit.com/r/netsec/comments/wy6kpp/undetectable_backdooring_pe_file/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Call for entry: Creating Connections.
https://thecyberwire.com/stories/f236d8b0aba54fe4a399e01bf9b315d3/call-for-entry-creating-connections
The Elastic Container Project for Security Research
https://www.reddit.com/r/netsec/comments/wyp2n4/the_elastic_container_project_for_security/
Adware found on Google Play — PDF Reader servicing up full screen ads
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Password manager LastPass reveals intrusion into development system
https://www.csoonline.com/article/3671152/password-manager-lastpass-reveals-intrusion-into-development-system.html#tk.rss_all
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html
Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access
https://securityaffairs.co/wordpress/134876/apt/mercury-exploit-log4shell-flaw.html
F5 security advisory (AV22-478)
https://malware.news/t/f5-security-advisory-av22-478/62929/1
Chris Handman from TerraTrue discusses how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way.
https://thecyberwire.com/podcasts/interview-selects/125/notes
Labels: Not Just for People Anymore!
https://malware.news/t/labels-not-just-for-people-anymore/62933/1
Undetectable backdooring PE file
https://www.reddit.com/r/netsec/comments/wy6kpp/undetectable_backdooring_pe_file/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Call for entry: Creating Connections.
The CyberWire, in partnership with Maryland Art Place (MAP), is pleased to announce an open ‘Call to Artists’. As an extension of MAP’s annual IMPRINT Project, MAP is working with the CyberWire to offer a unique opportunity to female and female-identifying…
Top Security News for 27/08/2022
Zimbra Open Bucket Data Leak – Responsible Disclosure
https://www.reddit.com/r/netsec/comments/wy75vh/zimbra_open_bucket_data_leak_responsible/
Undetectable backdooring PE file
https://www.reddit.com/r/netsec/comments/wy6kpp/undetectable_backdooring_pe_file/
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
https://thehackernews.com/2022/08/critical-vulnerability-discovered-in.html
Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework
https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html
HTTP/2 Packet Analysis with Wireshark, (Fri, Aug 26th)
https://isc.sans.edu/diary/rss/28986
Microsoft: New UEFI CA memory mitigation requirements for signing
https://www.reddit.com/r/netsec/comments/wyp2z6/microsoft_new_uefi_ca_memory_mitigation/
Source code of password manager LastPass stolen by attacker
https://www.malwarebytes.com/blog/news/2022/08/source-code-of-password-manager-lastpass-stolen-by-attacker
Looking for insight on labelling portable executable (PE) malware files using a VirusTotal API response report.
https://www.reddit.com/r/Malware/comments/wyl0gu/looking_for_insight_on_labelling_portable/
Dominican government hit by ransomware. Lockdown Mode considered. Commercial spyware market. Privacy and proctoring. LastPass incident. Twilio update.
https://thecyberwire.com/podcasts/privacy-briefing/656/notes
Labels: Not Just for People Anymore!
https://malware.news/t/labels-not-just-for-people-anymore/62933/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Zimbra Open Bucket Data Leak – Responsible Disclosure
https://www.reddit.com/r/netsec/comments/wy75vh/zimbra_open_bucket_data_leak_responsible/
Undetectable backdooring PE file
https://www.reddit.com/r/netsec/comments/wy6kpp/undetectable_backdooring_pe_file/
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
https://thehackernews.com/2022/08/critical-vulnerability-discovered-in.html
Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework
https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html
HTTP/2 Packet Analysis with Wireshark, (Fri, Aug 26th)
https://isc.sans.edu/diary/rss/28986
Microsoft: New UEFI CA memory mitigation requirements for signing
https://www.reddit.com/r/netsec/comments/wyp2z6/microsoft_new_uefi_ca_memory_mitigation/
Source code of password manager LastPass stolen by attacker
https://www.malwarebytes.com/blog/news/2022/08/source-code-of-password-manager-lastpass-stolen-by-attacker
Looking for insight on labelling portable executable (PE) malware files using a VirusTotal API response report.
https://www.reddit.com/r/Malware/comments/wyl0gu/looking_for_insight_on_labelling_portable/
Dominican government hit by ransomware. Lockdown Mode considered. Commercial spyware market. Privacy and proctoring. LastPass incident. Twilio update.
https://thecyberwire.com/podcasts/privacy-briefing/656/notes
Labels: Not Just for People Anymore!
https://malware.news/t/labels-not-just-for-people-anymore/62933/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
Zimbra Open Bucket Data Leak – Responsible Disclosure
Posted in r/netsec by u/bowline90 • 22 points and 1 comment
Top Security News for 28/08/2022
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html
Command Injection in the GitHub Pages Build Pipeline
https://www.reddit.com/r/netsec/comments/wz633l/command_injection_in_the_github_pages_build/
Unprecedented cyber attack hit State Infrastructure of Montenegro
https://securityaffairs.co/wordpress/134900/cyber-warfare-2/montenegro-cyber-attack.html
Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later - a critical vulnerability that will shake the very fabric of society
https://www.reddit.com/r/lowlevel/comments/wyyghu/tetsuji_remote_code_execution_on_a_gameboy_colour/
Update: 1768.py Version 0.0.16
https://malware.news/t/update-1768-py-version-0-0-16/62936/1
David Nosibor: Taking calculated risks. [Product Lead]
https://thecyberwire.com/podcasts/career-notes/114/notes
Twilio hackers also breached the food delivery firm DoorDash
https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html
When Windows Lies
https://malware.news/t/when-windows-lies/62937/1
Weekly News Roundup — August 1 to August 27
https://malware.news/t/weekly-news-roundup-august-1-to-august-27/62938/1
New Agenda Ransomware appears in the threat landscape
https://securityaffairs.co/wordpress/134911/cyber-crime/agenda-ransomware.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html
Command Injection in the GitHub Pages Build Pipeline
https://www.reddit.com/r/netsec/comments/wz633l/command_injection_in_the_github_pages_build/
Unprecedented cyber attack hit State Infrastructure of Montenegro
https://securityaffairs.co/wordpress/134900/cyber-warfare-2/montenegro-cyber-attack.html
Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later - a critical vulnerability that will shake the very fabric of society
https://www.reddit.com/r/lowlevel/comments/wyyghu/tetsuji_remote_code_execution_on_a_gameboy_colour/
Update: 1768.py Version 0.0.16
https://malware.news/t/update-1768-py-version-0-0-16/62936/1
David Nosibor: Taking calculated risks. [Product Lead]
https://thecyberwire.com/podcasts/career-notes/114/notes
Twilio hackers also breached the food delivery firm DoorDash
https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html
When Windows Lies
https://malware.news/t/when-windows-lies/62937/1
Weekly News Roundup — August 1 to August 27
https://malware.news/t/weekly-news-roundup-august-1-to-august-27/62938/1
New Agenda Ransomware appears in the threat landscape
https://securityaffairs.co/wordpress/134911/cyber-crime/agenda-ransomware.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software.
Top Security News for 28/08/2022
Awesome Security Newsletters
https://www.reddit.com/r/netsec/comments/wz1npc/awesome_security_newsletters/
Twilio hackers also breached the food delivery firm DoorDash
https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html
Command Injection in the GitHub Pages Build Pipeline
https://www.reddit.com/r/netsec/comments/wz633l/command_injection_in_the_github_pages_build/
Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later - a critical vulnerability that will shake the very fabric of society
https://www.reddit.com/r/lowlevel/comments/wyyghu/tetsuji_remote_code_execution_on_a_gameboy_colour/
Update: 1768.py Version 0.0.16
https://malware.news/t/update-1768-py-version-0-0-16/62936/1
Weekly News Roundup — August 1 to August 27
https://malware.news/t/weekly-news-roundup-august-1-to-august-27/62938/1
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html
When Windows Lies
https://malware.news/t/when-windows-lies/62937/1
Unprecedented cyber attack hit State Infrastructure of Montenegro
https://securityaffairs.co/wordpress/134900/cyber-warfare-2/montenegro-cyber-attack.html
David Nosibor: Taking calculated risks. [Product Lead]
https://thecyberwire.com/podcasts/career-notes/114/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Awesome Security Newsletters
https://www.reddit.com/r/netsec/comments/wz1npc/awesome_security_newsletters/
Twilio hackers also breached the food delivery firm DoorDash
https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html
Command Injection in the GitHub Pages Build Pipeline
https://www.reddit.com/r/netsec/comments/wz633l/command_injection_in_the_github_pages_build/
Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later - a critical vulnerability that will shake the very fabric of society
https://www.reddit.com/r/lowlevel/comments/wyyghu/tetsuji_remote_code_execution_on_a_gameboy_colour/
Update: 1768.py Version 0.0.16
https://malware.news/t/update-1768-py-version-0-0-16/62936/1
Weekly News Roundup — August 1 to August 27
https://malware.news/t/weekly-news-roundup-august-1-to-august-27/62938/1
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html
When Windows Lies
https://malware.news/t/when-windows-lies/62937/1
Unprecedented cyber attack hit State Infrastructure of Montenegro
https://securityaffairs.co/wordpress/134900/cyber-warfare-2/montenegro-cyber-attack.html
David Nosibor: Taking calculated risks. [Product Lead]
https://thecyberwire.com/podcasts/career-notes/114/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
Awesome Security Newsletters
Posted in r/netsec by u/zuuZuux3 • 29 points and 3 comments
Top Security News for 29/08/2022
Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.
https://www.reddit.com/r/Malware/comments/x0gk2y/hackers_have_created_a_fake_cthulhu_world/
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01, (Sun, Aug 28th)
https://malware.news/t/sysinternals-updates-sysmon-v14-0-and-zoomit-v6-01-sun-aug-28th/62939/1
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html
SATisfying our way into remote code execution in the OPC UA industrial stack
https://www.reddit.com/r/netsec/comments/wzoo0s/satisfying_our_way_into_remote_code_execution_in/
ISC StormCast for Monday, August 29th, 2022
https://isc.sans.edu/podcastdetail.html?id=8150
Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit
https://securityaffairs.co/wordpress/134962/malware/surveillance-firm-intellexa-offer.html
Invoke-AttachDnSpy work-in-progress (register dnSpy debugger to attach on process creation)
https://malware.news/t/invoke-attachdnspy-work-in-progress-register-dnspy-debugger-to-attach-on-process-creation/62941/1
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://malware.news/t/dealing-with-false-positives-when-scanning-memory-dumps-for-cobalt-strike-beacons-sun-aug-28th/62940/1
Vision2 this script analyses the Nmap XML scanning results parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
https://www.reddit.com/r/netsec/comments/x0dm2t/vision2_this_script_analyses_the_nmap_xml/
Infosec teams assessment: An essential tactic for risk forecasting.
https://thecyberwire.com/podcasts/cso-perspectives/86/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.
https://www.reddit.com/r/Malware/comments/x0gk2y/hackers_have_created_a_fake_cthulhu_world/
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01, (Sun, Aug 28th)
https://malware.news/t/sysinternals-updates-sysmon-v14-0-and-zoomit-v6-01-sun-aug-28th/62939/1
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html
SATisfying our way into remote code execution in the OPC UA industrial stack
https://www.reddit.com/r/netsec/comments/wzoo0s/satisfying_our_way_into_remote_code_execution_in/
ISC StormCast for Monday, August 29th, 2022
https://isc.sans.edu/podcastdetail.html?id=8150
Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit
https://securityaffairs.co/wordpress/134962/malware/surveillance-firm-intellexa-offer.html
Invoke-AttachDnSpy work-in-progress (register dnSpy debugger to attach on process creation)
https://malware.news/t/invoke-attachdnspy-work-in-progress-register-dnspy-debugger-to-attach-on-process-creation/62941/1
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://malware.news/t/dealing-with-false-positives-when-scanning-memory-dumps-for-cobalt-strike-beacons-sun-aug-28th/62940/1
Vision2 this script analyses the Nmap XML scanning results parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
https://www.reddit.com/r/netsec/comments/x0dm2t/vision2_this_script_analyses_the_nmap_xml/
Infosec teams assessment: An essential tactic for risk forecasting.
https://thecyberwire.com/podcasts/cso-perspectives/86/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
Hackers have created a fake 'Cthulhu World' play-to-earn...
Posted in r/Malware by u/Late_Ice_9288 • 73 points and 17 comments
Top Security News for 29/08/2022
The rickroll malware has infected 6 billion computers in the world.
https://www.reddit.com/r/Malware/comments/wzoxma/the_rickroll_malware_has_infected_6_billion/
ISC Stormcast For Monday, August 29th, 2022 https://isc.sans.edu/podcastdetail.html?id=8150, (Mon, Aug 29th)
https://malware.news/t/isc-stormcast-for-monday-august-29th-2022-https-isc-sans-edu-podcastdetail-html-id-8150-mon-aug-29th/62942/1
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://isc.sans.edu/diary/rss/28990
Infosec teams risk assessment.
https://thecyberwire.com/stories/e9830596ceec4f769a2fb4a52a149bd2/infosec-teams-risk-assessment
ISC Stormcast For Monday, August 29th, 2022 https://isc.sans.edu/podcastdetail.html?id=8150, (Mon, Aug 29th)
https://isc.sans.edu/diary/rss/28992
SATisfying our way into remote code execution in the OPC UA industrial stack
https://www.reddit.com/r/netsec/comments/wzoo0s/satisfying_our_way_into_remote_code_execution_in/
Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.
https://www.reddit.com/r/Malware/comments/x0gk2y/hackers_have_created_a_fake_cthulhu_world/
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://malware.news/t/dealing-with-false-positives-when-scanning-memory-dumps-for-cobalt-strike-beacons-sun-aug-28th/62940/1
On Cryptocurrency Wallet Design – defines access control taxonomy, can be reused e.g. for MFA factors
https://www.reddit.com/r/netsec/comments/wzph8t/on_cryptocurrency_wallet_design_defines_access/
Experts warn of the first known phishing attack against PyPI
https://securityaffairs.co/wordpress/134931/cyber-crime/pypi-phishing-campaign.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The rickroll malware has infected 6 billion computers in the world.
https://www.reddit.com/r/Malware/comments/wzoxma/the_rickroll_malware_has_infected_6_billion/
ISC Stormcast For Monday, August 29th, 2022 https://isc.sans.edu/podcastdetail.html?id=8150, (Mon, Aug 29th)
https://malware.news/t/isc-stormcast-for-monday-august-29th-2022-https-isc-sans-edu-podcastdetail-html-id-8150-mon-aug-29th/62942/1
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://isc.sans.edu/diary/rss/28990
Infosec teams risk assessment.
https://thecyberwire.com/stories/e9830596ceec4f769a2fb4a52a149bd2/infosec-teams-risk-assessment
ISC Stormcast For Monday, August 29th, 2022 https://isc.sans.edu/podcastdetail.html?id=8150, (Mon, Aug 29th)
https://isc.sans.edu/diary/rss/28992
SATisfying our way into remote code execution in the OPC UA industrial stack
https://www.reddit.com/r/netsec/comments/wzoo0s/satisfying_our_way_into_remote_code_execution_in/
Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.
https://www.reddit.com/r/Malware/comments/x0gk2y/hackers_have_created_a_fake_cthulhu_world/
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://malware.news/t/dealing-with-false-positives-when-scanning-memory-dumps-for-cobalt-strike-beacons-sun-aug-28th/62940/1
On Cryptocurrency Wallet Design – defines access control taxonomy, can be reused e.g. for MFA factors
https://www.reddit.com/r/netsec/comments/wzph8t/on_cryptocurrency_wallet_design_defines_access/
Experts warn of the first known phishing attack against PyPI
https://securityaffairs.co/wordpress/134931/cyber-crime/pypi-phishing-campaign.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
The rickroll malware has infected 6 billion computers in the world.
Posted in r/Malware by u/Iwantpizza69 • 0 points and 1 comment
Top Security News for 30/08/2022
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
https://malware.news/t/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/62977/1
Windows malware delays coinminer install by a month to evade detection
https://www.reddit.com/r/Malware/comments/x17lcq/windows_malware_delays_coinminer_install_by_a/
Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/
A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1
Incident Response in AWS
https://www.reddit.com/r/netsec/comments/x1ax8i/incident_response_in_aws/
SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
https://thecyberwire.com/podcasts/daily-podcast/1651/notes
How Carrier’s product security team delivers the ‘right support for the right product’
https://www.csoonline.com/article/3670752/how-carrier-s-product-security-team-delivers-the-right-support-for-the-right-product.html#tk.rss_all
The Bizarre Mystery of the Only Armed Nuke America Ever Lost
https://www.vice.com/en_us/article/y3p3xw/the-bizarre-mystery-of-the-only-armed-nuke-america-ever-lost
ISC Stormcast For Tuesday, August 30th, 2022 https://isc.sans.edu/podcastdetail.html?id=8152, (Tue, Aug 30th)
https://malware.news/t/isc-stormcast-for-tuesday-august-30th-2022-https-isc-sans-edu-podcastdetail-html-id-8152-tue-aug-30th/62975/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
https://malware.news/t/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/62977/1
Windows malware delays coinminer install by a month to evade detection
https://www.reddit.com/r/Malware/comments/x17lcq/windows_malware_delays_coinminer_install_by_a/
Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/
A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1
Incident Response in AWS
https://www.reddit.com/r/netsec/comments/x1ax8i/incident_response_in_aws/
SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1
How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
https://thecyberwire.com/podcasts/daily-podcast/1651/notes
How Carrier’s product security team delivers the ‘right support for the right product’
https://www.csoonline.com/article/3670752/how-carrier-s-product-security-team-delivers-the-right-support-for-the-right-product.html#tk.rss_all
The Bizarre Mystery of the Only Armed Nuke America Ever Lost
https://www.vice.com/en_us/article/y3p3xw/the-bizarre-mystery-of-the-only-armed-nuke-america-ever-lost
ISC Stormcast For Tuesday, August 30th, 2022 https://isc.sans.edu/podcastdetail.html?id=8152, (Tue, Aug 30th)
https://malware.news/t/isc-stormcast-for-tuesday-august-30th-2022-https-isc-sans-edu-podcastdetail-html-id-8152-tue-aug-30th/62975/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
Authored by Oliver Devane and Vallabh Chole A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious…
Top Security News for 30/08/2022
A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1
Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
https://securityaffairs.co/wordpress/135017/cyber-crime/fbi-warns-defi-attacks.html
Blind exploits to rule WatchGuard firewalls: pre-auth RCE as root on WG appliances
https://www.reddit.com/r/netsec/comments/x0q1ob/blind_exploits_to_rule_watchguard_firewalls/
SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1
ISC StormCast for Tuesday, August 30th, 2022
https://isc.sans.edu/podcastdetail.html?id=8152
Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/
A week in security (August 22 - August 28)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-22-august-28
‘Girls Who Code’ Team Up With Tomahawk Missile Maker Raytheon
https://www.vice.com/en_us/article/g5v53w/girls-who-code-team-up-with-tomahawk-missile-maker-raytheon
FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
https://thehackernews.com/2022/08/ftc-sues-data-broker-over-selling.html
Nmap Basic Tutorial
https://0x00sec.org/t/nmap-basic-tutorial/30952
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1
Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
https://securityaffairs.co/wordpress/135017/cyber-crime/fbi-warns-defi-attacks.html
Blind exploits to rule WatchGuard firewalls: pre-auth RCE as root on WG appliances
https://www.reddit.com/r/netsec/comments/x0q1ob/blind_exploits_to_rule_watchguard_firewalls/
SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1
ISC StormCast for Tuesday, August 30th, 2022
https://isc.sans.edu/podcastdetail.html?id=8152
Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/
A week in security (August 22 - August 28)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-22-august-28
‘Girls Who Code’ Team Up With Tomahawk Missile Maker Raytheon
https://www.vice.com/en_us/article/g5v53w/girls-who-code-team-up-with-tomahawk-missile-maker-raytheon
FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
https://thehackernews.com/2022/08/ftc-sues-data-broker-over-selling.html
Nmap Basic Tutorial
https://0x00sec.org/t/nmap-basic-tutorial/30952
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
Hello. I am Noriko Totsuka from Early Warning Group. The Early Warning Group publishes security information such as security alerts and early warning information, as well as JVN Advisories. As a vulnerability coordinator, I am in charge of a series of coordination…
Top Security News for 31/08/2022
India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information
https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html
NAFO Memesters Paid Ukraine to Paint Their Memes on a Tank
https://www.vice.com/en_us/article/epzp7n/nafo-memesters-paid-ukraine-to-paint-their-memes-on-a-tank
ISC StormCast for Wednesday, August 31st, 2022
https://isc.sans.edu/podcastdetail.html?id=8154
Going Atomic: The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach
https://www.reddit.com/r/netsec/comments/x1x18c/going_atomic_the_strengths_and_weaknesses_of_a/
Bootkitting Windows Sandbox
https://www.reddit.com/r/netsec/comments/x1qy8u/bootkitting_windows_sandbox/
Digging into an NTLM Downgrade Attack
https://www.reddit.com/r/netsec/comments/x24vnv/digging_into_an_ntlm_downgrade_attack/
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
https://securityaffairs.co/wordpress/135046/malware/malware-campaigns-modernloader.html
Cyber Signals: 3 strategies for protection against ransomware
https://www.microsoft.com/security/blog/2022/08/30/cyber-signals-3-strategies-for-protection-against-ransomware/
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from the hybrid war. Triple extortion.
https://thecyberwire.com/newsletters/daily-briefing/11/167
ISC Stormcast For Wednesday, August 31st, 2022 https://isc.sans.edu/podcastdetail.html?id=8154, (Wed, Aug 31st)
https://malware.news/t/isc-stormcast-for-wednesday-august-31st-2022-https-isc-sans-edu-podcastdetail-html-id-8154-wed-aug-31st/63012/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information
https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html
NAFO Memesters Paid Ukraine to Paint Their Memes on a Tank
https://www.vice.com/en_us/article/epzp7n/nafo-memesters-paid-ukraine-to-paint-their-memes-on-a-tank
ISC StormCast for Wednesday, August 31st, 2022
https://isc.sans.edu/podcastdetail.html?id=8154
Going Atomic: The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach
https://www.reddit.com/r/netsec/comments/x1x18c/going_atomic_the_strengths_and_weaknesses_of_a/
Bootkitting Windows Sandbox
https://www.reddit.com/r/netsec/comments/x1qy8u/bootkitting_windows_sandbox/
Digging into an NTLM Downgrade Attack
https://www.reddit.com/r/netsec/comments/x24vnv/digging_into_an_ntlm_downgrade_attack/
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
https://securityaffairs.co/wordpress/135046/malware/malware-campaigns-modernloader.html
Cyber Signals: 3 strategies for protection against ransomware
https://www.microsoft.com/security/blog/2022/08/30/cyber-signals-3-strategies-for-protection-against-ransomware/
Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from the hybrid war. Triple extortion.
https://thecyberwire.com/newsletters/daily-briefing/11/167
ISC Stormcast For Wednesday, August 31st, 2022 https://isc.sans.edu/podcastdetail.html?id=8154, (Wed, Aug 31st)
https://malware.news/t/isc-stormcast-for-wednesday-august-31st-2022-https-isc-sans-edu-podcastdetail-html-id-8154-wed-aug-31st/63012/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Vice
NAFO Memesters Paid Ukraine to Paint Their Memes on a Tank
Say hello to the Super Bonker 9000.