Top Security News for 26/08/2022

Here’s How to Steer Clear of Bot Accounts on Social Media
https://malware.news/t/here-s-how-to-steer-clear-of-bot-accounts-on-social-media/62911/1

Up to 35% more CVEs published so far this year compared to 2021
https://www.csoonline.com/article/3671369/up-to-35-more-cves-published-so-far-this-year-compared-to-2021.html#tk.rss_all

Paypal Phishing/Coinbase in One Image, (Fri, Aug 26th)
https://malware.news/t/paypal-phishing-coinbase-in-one-image-fri-aug-26th/62910/1

Mark Zuckerberg Tells Joe Rogan That Running Facebook Sucks, Metaverse Is Better
https://www.vice.com/en_us/article/m7g7px/mark-zuckerberg-tells-joe-rogan-that-running-facebook-sucks-metaverse-is-better

2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3
https://www.reddit.com/r/netsec/comments/wxb9j4/2byte_dos_in_freebsdtelnetd_netbsdtelnetd/

Free SANS Workshop: Building an Azure Pentest Lab for Red Teams
https://www.reddit.com/r/netsec/comments/wxkxde/free_sans_workshop_building_an_azure_pentest_lab/

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
https://thehackernews.com/2022/08/microsoft-uncovers-new-post-compromise.html

ISC Stormcast For Friday, August 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=8148, (Fri, Aug 26th)
https://malware.news/t/isc-stormcast-for-friday-august-26th-2022-https-isc-sans-edu-podcastdetail-html-id-8148-fri-aug-26th/62909/1

Embrace change! Chris’s McAfee Journey
https://malware.news/t/embrace-change-chris-s-mcafee-journey/62912/1

ISC Stormcast For Friday, August 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=8148, (Fri, Aug 26th)
https://isc.sans.edu/diary/rss/28982


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 27/08/2022

Call for entry: Creating Connections.
https://thecyberwire.com/stories/f236d8b0aba54fe4a399e01bf9b315d3/call-for-entry-creating-connections

The Elastic Container Project for Security Research
https://www.reddit.com/r/netsec/comments/wyp2n4/the_elastic_container_project_for_security/

Adware found on Google Play — PDF Reader servicing up full screen ads
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads

Password manager LastPass reveals intrusion into development system
https://www.csoonline.com/article/3671152/password-manager-lastpass-reveals-intrusion-into-development-system.html#tk.rss_all

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
https://thehackernews.com/2022/08/iranian-hackers-exploiting-unpatched.html

Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access
https://securityaffairs.co/wordpress/134876/apt/mercury-exploit-log4shell-flaw.html

F5 security advisory (AV22-478)
https://malware.news/t/f5-security-advisory-av22-478/62929/1

Chris Handman from TerraTrue discusses how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way.
https://thecyberwire.com/podcasts/interview-selects/125/notes

Labels: Not Just for People Anymore!
https://malware.news/t/labels-not-just-for-people-anymore/62933/1

Undetectable backdooring PE file
https://www.reddit.com/r/netsec/comments/wy6kpp/undetectable_backdooring_pe_file/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 27/08/2022

Zimbra Open Bucket Data Leak – Responsible Disclosure
https://www.reddit.com/r/netsec/comments/wy75vh/zimbra_open_bucket_data_leak_responsible/

Undetectable backdooring PE file
https://www.reddit.com/r/netsec/comments/wy6kpp/undetectable_backdooring_pe_file/

Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
https://thehackernews.com/2022/08/critical-vulnerability-discovered-in.html

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework
https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html

HTTP/2 Packet Analysis with Wireshark, (Fri, Aug 26th)
https://isc.sans.edu/diary/rss/28986

Microsoft: New UEFI CA memory mitigation requirements for signing
https://www.reddit.com/r/netsec/comments/wyp2z6/microsoft_new_uefi_ca_memory_mitigation/

Source code of password manager LastPass stolen by attacker
https://www.malwarebytes.com/blog/news/2022/08/source-code-of-password-manager-lastpass-stolen-by-attacker

Looking for insight on labelling portable executable (PE) malware files using a VirusTotal API response report.
https://www.reddit.com/r/Malware/comments/wyl0gu/looking_for_insight_on_labelling_portable/

Dominican government hit by ransomware. Lockdown Mode considered. Commercial spyware market. Privacy and proctoring. LastPass incident. Twilio update.
https://thecyberwire.com/podcasts/privacy-briefing/656/notes

Labels: Not Just for People Anymore!
https://malware.news/t/labels-not-just-for-people-anymore/62933/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 28/08/2022

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html

Command Injection in the GitHub Pages Build Pipeline
https://www.reddit.com/r/netsec/comments/wz633l/command_injection_in_the_github_pages_build/

Unprecedented cyber attack hit State Infrastructure of Montenegro
https://securityaffairs.co/wordpress/134900/cyber-warfare-2/montenegro-cyber-attack.html

Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later - a critical vulnerability that will shake the very fabric of society
https://www.reddit.com/r/lowlevel/comments/wyyghu/tetsuji_remote_code_execution_on_a_gameboy_colour/

Update: 1768.py Version 0.0.16
https://malware.news/t/update-1768-py-version-0-0-16/62936/1

David Nosibor: Taking calculated risks. [Product Lead]
https://thecyberwire.com/podcasts/career-notes/114/notes

Twilio hackers also breached the food delivery firm DoorDash
https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html

When Windows Lies
https://malware.news/t/when-windows-lies/62937/1

Weekly News Roundup — August 1 to August 27
https://malware.news/t/weekly-news-roundup-august-1-to-august-27/62938/1

New Agenda Ransomware appears in the threat landscape
https://securityaffairs.co/wordpress/134911/cyber-crime/agenda-ransomware.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 28/08/2022

Awesome Security Newsletters
https://www.reddit.com/r/netsec/comments/wz1npc/awesome_security_newsletters/

Twilio hackers also breached the food delivery firm DoorDash
https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html

Command Injection in the GitHub Pages Build Pipeline
https://www.reddit.com/r/netsec/comments/wz633l/command_injection_in_the_github_pages_build/

Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later - a critical vulnerability that will shake the very fabric of society
https://www.reddit.com/r/lowlevel/comments/wyyghu/tetsuji_remote_code_execution_on_a_gameboy_colour/

Update: 1768.py Version 0.0.16
https://malware.news/t/update-1768-py-version-0-0-16/62936/1

Weekly News Roundup — August 1 to August 27
https://malware.news/t/weekly-news-roundup-august-1-to-august-27/62938/1

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus
https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html

When Windows Lies
https://malware.news/t/when-windows-lies/62937/1

Unprecedented cyber attack hit State Infrastructure of Montenegro
https://securityaffairs.co/wordpress/134900/cyber-warfare-2/montenegro-cyber-attack.html

David Nosibor: Taking calculated risks. [Product Lead]
https://thecyberwire.com/podcasts/career-notes/114/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 29/08/2022

Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.
https://www.reddit.com/r/Malware/comments/x0gk2y/hackers_have_created_a_fake_cthulhu_world/

Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01, (Sun, Aug 28th)
https://malware.news/t/sysinternals-updates-sysmon-v14-0-and-zoomit-v6-01-sun-aug-28th/62939/1

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html

SATisfying our way into remote code execution in the OPC UA industrial stack
https://www.reddit.com/r/netsec/comments/wzoo0s/satisfying_our_way_into_remote_code_execution_in/

ISC StormCast for Monday, August 29th, 2022
https://isc.sans.edu/podcastdetail.html?id=8150

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit
https://securityaffairs.co/wordpress/134962/malware/surveillance-firm-intellexa-offer.html

Invoke-AttachDnSpy work-in-progress (register dnSpy debugger to attach on process creation)
https://malware.news/t/invoke-attachdnspy-work-in-progress-register-dnspy-debugger-to-attach-on-process-creation/62941/1

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://malware.news/t/dealing-with-false-positives-when-scanning-memory-dumps-for-cobalt-strike-beacons-sun-aug-28th/62940/1

Vision2 this script analyses the Nmap XML scanning results parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
https://www.reddit.com/r/netsec/comments/x0dm2t/vision2_this_script_analyses_the_nmap_xml/

Infosec teams assessment: An essential tactic for risk forecasting.
https://thecyberwire.com/podcasts/cso-perspectives/86/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 29/08/2022

The rickroll malware has infected 6 billion computers in the world.
https://www.reddit.com/r/Malware/comments/wzoxma/the_rickroll_malware_has_infected_6_billion/

ISC Stormcast For Monday, August 29th, 2022 https://isc.sans.edu/podcastdetail.html?id=8150, (Mon, Aug 29th)
https://malware.news/t/isc-stormcast-for-monday-august-29th-2022-https-isc-sans-edu-podcastdetail-html-id-8150-mon-aug-29th/62942/1

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://isc.sans.edu/diary/rss/28990

Infosec teams risk assessment.
https://thecyberwire.com/stories/e9830596ceec4f769a2fb4a52a149bd2/infosec-teams-risk-assessment

ISC Stormcast For Monday, August 29th, 2022 https://isc.sans.edu/podcastdetail.html?id=8150, (Mon, Aug 29th)
https://isc.sans.edu/diary/rss/28992

SATisfying our way into remote code execution in the OPC UA industrial stack
https://www.reddit.com/r/netsec/comments/wzoo0s/satisfying_our_way_into_remote_code_execution_in/

Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.
https://www.reddit.com/r/Malware/comments/x0gk2y/hackers_have_created_a_fake_cthulhu_world/

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th)
https://malware.news/t/dealing-with-false-positives-when-scanning-memory-dumps-for-cobalt-strike-beacons-sun-aug-28th/62940/1

On Cryptocurrency Wallet Design – defines access control taxonomy, can be reused e.g. for MFA factors
https://www.reddit.com/r/netsec/comments/wzph8t/on_cryptocurrency_wallet_design_defines_access/

Experts warn of the first known phishing attack against PyPI
https://securityaffairs.co/wordpress/134931/cyber-crime/pypi-phishing-campaign.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 30/08/2022

Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
https://malware.news/t/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/62977/1

Windows malware delays coinminer install by a month to evade detection
https://www.reddit.com/r/Malware/comments/x17lcq/windows_malware_delays_coinminer_install_by_a/

Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/

A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1

Incident Response in AWS
https://www.reddit.com/r/netsec/comments/x1ax8i/incident_response_in_aws/

SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1

How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
https://thecyberwire.com/podcasts/daily-podcast/1651/notes

How Carrier’s product security team delivers the ‘right support for the right product’
https://www.csoonline.com/article/3670752/how-carrier-s-product-security-team-delivers-the-right-support-for-the-right-product.html#tk.rss_all

The Bizarre Mystery of the Only Armed Nuke America Ever Lost
https://www.vice.com/en_us/article/y3p3xw/the-bizarre-mystery-of-the-only-armed-nuke-america-ever-lost

ISC Stormcast For Tuesday, August 30th, 2022 https://isc.sans.edu/podcastdetail.html?id=8152, (Tue, Aug 30th)
https://malware.news/t/isc-stormcast-for-tuesday-august-30th-2022-https-isc-sans-edu-podcastdetail-html-id-8152-tue-aug-30th/62975/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 30/08/2022

A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1

Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
https://securityaffairs.co/wordpress/135017/cyber-crime/fbi-warns-defi-attacks.html

Blind exploits to rule WatchGuard firewalls: pre-auth RCE as root on WG appliances
https://www.reddit.com/r/netsec/comments/x0q1ob/blind_exploits_to_rule_watchguard_firewalls/

SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1

ISC StormCast for Tuesday, August 30th, 2022
https://isc.sans.edu/podcastdetail.html?id=8152

Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/

A week in security (August 22 - August 28)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-22-august-28

‘Girls Who Code’ Team Up With Tomahawk Missile Maker Raytheon
https://www.vice.com/en_us/article/g5v53w/girls-who-code-team-up-with-tomahawk-missile-maker-raytheon

FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
https://thehackernews.com/2022/08/ftc-sues-data-broker-over-selling.html

Nmap Basic Tutorial
https://0x00sec.org/t/nmap-basic-tutorial/30952


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 31/08/2022

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information
https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html

NAFO Memesters Paid Ukraine to Paint Their Memes on a Tank
https://www.vice.com/en_us/article/epzp7n/nafo-memesters-paid-ukraine-to-paint-their-memes-on-a-tank

ISC StormCast for Wednesday, August 31st, 2022
https://isc.sans.edu/podcastdetail.html?id=8154

Going Atomic: The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach
https://www.reddit.com/r/netsec/comments/x1x18c/going_atomic_the_strengths_and_weaknesses_of_a/

Bootkitting Windows Sandbox
https://www.reddit.com/r/netsec/comments/x1qy8u/bootkitting_windows_sandbox/

Digging into an NTLM Downgrade Attack
https://www.reddit.com/r/netsec/comments/x24vnv/digging_into_an_ntlm_downgrade_attack/

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
https://securityaffairs.co/wordpress/135046/malware/malware-campaigns-modernloader.html

Cyber Signals: 3 strategies for protection against ransomware
https://www.microsoft.com/security/blog/2022/08/30/cyber-signals-3-strategies-for-protection-against-ransomware/

Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from the hybrid war. Triple extortion.
https://thecyberwire.com/newsletters/daily-briefing/11/167

ISC Stormcast For Wednesday, August 31st, 2022 https://isc.sans.edu/podcastdetail.html?id=8154, (Wed, Aug 31st)
https://malware.news/t/isc-stormcast-for-wednesday-august-31st-2022-https-isc-sans-edu-podcastdetail-html-id-8154-wed-aug-31st/63012/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 31/08/2022

A new Google bug bounty program now covers Open Source projects
https://securityaffairs.co/wordpress/135059/security/google-bug-bounty-open-source.html

FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft
https://malware.news/t/fbi-secret-service-join-kentucky-investigation-into-4-million-cybercrime-theft/63009/1

British Airways customers targeted in lost luggage Twitter scam
https://www.malwarebytes.com/blog/news/2022/08/steer-clear-of-lost-luggage-scams-on-twitter

Elementor #28188
https://malware.news/t/elementor-28188/63013/1

Snakes on a Domain: An Analysis of a Python Malware Loader
https://www.reddit.com/r/netsec/comments/x1xxyy/snakes_on_a_domain_an_analysis_of_a_python/

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
https://thehackernews.com/2022/08/hackers-use-modernloader-to-infect.html

A study on malicious plugins in WordPress Marketplaces
https://securityaffairs.co/wordpress/135032/reports/wordpress-malicious-plugins.html

MATE: Interactive Program Analysis with Code Property Graphs
https://www.reddit.com/r/netsec/comments/x1yr7w/mate_interactive_program_analysis_with_code/

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information
https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html

Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger
https://www.csoonline.com/article/3671869/multi-stage-crypto-mining-malware-hides-in-legitimate-apps-with-month-long-delay-trigger.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 01/09/2022

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html

James Webb telescope images used to hide malware
https://www.malwarebytes.com/blog/news/2022/08/james-webb-telescope-images-used-to-hide-malware

ISC Stormcast For Thursday, September 1st, 2022 https://isc.sans.edu/podcastdetail.html?id=8156, (Thu, Sep 1st)
https://malware.news/t/isc-stormcast-for-thursday-september-1st-2022-https-isc-sans-edu-podcastdetail-html-id-8156-thu-sep-1st/63046/1

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope
https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html

Experts spotted five malicious Google Chrome extensions used by 1.4M users
https://securityaffairs.co/wordpress/135091/hacking/malicious-google-chrome-extensions.html

Stuxnet explained: The first known cyberweapon
https://www.csoonline.com/article/3218104/stuxnet-explained-the-first-known-cyberweapon.html#tk.rss_all

Resolving conflicts between security best practices and compliance mandates
https://www.csoonline.com/article/3671969/resolving-conflicts-between-security-best-practices-and-compliance-mandates.html#tk.rss_all

UK unveils tighter cybersecurity requirements for telecom industry. Preparing for new cybersecurity regulations.
https://thecyberwire.com/newsletters/policy-briefing/4/168

How to set up an iPhone for your kids
https://www.malwarebytes.com/blog/news/2022/08/how-to-set-up-ios-for-your-kids

Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies
https://malware.news/t/attackers-using-frp-fast-reverse-proxy-to-attack-korean-companies/63042/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 01/09/2022

Securing multi-cloud identity with orchestration.
https://thecyberwire.com/podcasts/cyberwire-x/37/notes

How I Met Your Beacon: Detection Strategies
https://www.reddit.com/r/netsec/comments/x2t7p2/how_i_met_your_beacon_detection_strategies/

Stop Ransomware with Microsoft Security digital event presents threat intelligence in action
https://www.microsoft.com/security/blog/2022/08/31/stop-ransomware-with-microsoft-security-digital-event-presents-threat-intelligence-in-action/

NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/31-08-2022

Women in cybersecurity form non-profit organization The Forte Group
https://www.csoonline.com/article/3671909/women-in-cybersecurity-form-non-profit-organization-the-forte-group.html#tk.rss_all

Malwarebytes receives highest rankings in recent third-party tests
https://malware.news/t/malwarebytes-receives-highest-rankings-in-recent-third-party-tests/63043/1

CVE-2021-38297 - Technical analysis of a Go WebAssembly vulnerability
https://www.reddit.com/r/netsec/comments/x279b9/cve202138297_technical_analysis_of_a_go/

Final Fantasy 14 players targeted by QR code phishing
https://www.malwarebytes.com/blog/news/2022/08/final-fantasy-14-players-targeted-by-qr-code-phishing

UK unveils tighter cybersecurity requirements for telecom industry. Preparing for new cybersecurity regulations.
https://thecyberwire.com/newsletters/policy-briefing/4/168

Palo Alto adds new SaaS compliance, threat prevention, URL filtering features to Prisma solution
https://www.csoonline.com/article/3671709/palo-alto-adds-new-saas-compliance-threat-prevention-url-filtering-features-to-prisma-solution.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/09/2022

2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1

BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all

What is a keylogger?
https://www.malwarebytes.com/blog/news/2022/09/what-is-a-keylogger

Data broker sued for allegedly selling individuals' sensitive location data
https://www.malwarebytes.com/blog/news/2022/08/data-broker-kochava-sued-for-allegedly-selling-location-data

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials
https://securityaffairs.co/wordpress/135152/hacking/apps-hard-coded-aws-credentials.html

Controversial Kids' Code aims to keep children safe online
https://www.malwarebytes.com/blog/news/2022/08/controversial-kids-code-aims-to-keep-children-safe-online

Raspberry Robin and Dridex: Two Birds of a Feather
https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/

Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell

GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access Control
https://www.reddit.com/r/netsec/comments/x39a8c/github_rossgeerlingstioadsync_group_syncing/

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/09/2022

China-Linked APT40 Gang Targets Wind Farms, Australian Government
https://packetstormsecurity.com/news/view/33791/China-Linked-APT40-Gang-Targets-Wind-Farms-Australian-Government.html

Apple releases security update for iPhones and iPads to address vulnerability
https://www.malwarebytes.com/blog/news/2022/09/apple-releases-security-update-for-iphones-and-ipads-to-address-vulnerability

Researchers analyzed a new JavaScript skimmer used by Magecart threat actors
https://securityaffairs.co/wordpress/135177/cyber-crime/javascript-skimmer-magecart.html

Remediant wants to move beyond PAM to secure enterprise networks
https://www.csoonline.com/article/3672233/remediant-wants-to-move-beyond-pam-to-secure-enterprise-networks.html#tk.rss_all

BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all

Source Code Management Attack Toolkit - Supports GitHub Enterprise, GitLab Enterprise, & Bitbucket Server
https://www.reddit.com/r/netsec/comments/x3s1mm/source_code_management_attack_toolkit_supports/

2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1

SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 -
https://www.reddit.com/r/netsec/comments/x32qyf/settlers_of_netlink_exploiting_a_limited_use/

Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell

ISC Stormcast For Friday, September 2nd, 2022 https://isc.sans.edu/podcastdetail.html?id=8158, (Fri, Sep 2nd)
https://isc.sans.edu/diary/rss/29008


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/09/2022

What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/podcasts/privacy-briefing/661/notes

Italy warns of cyberattacks on energy industry after Eni, GSE incidents
https://malware.news/t/italy-warns-of-cyberattacks-on-energy-industry-after-eni-gse-incidents/63094/1

curl’s TLS fingerprint
https://www.reddit.com/r/netsec/comments/x47sgv/curls_tls_fingerprint/

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/netsec/comments/x498bo/theres_another_hole_in_your_soc_unisoc_rom/

Reviewing macOS Unified Logs
https://www.reddit.com/r/netsec/comments/x4lajo/reviewing_macos_unified_logs/

Hackers gained access to Samsung customer data
https://malware.news/t/hackers-gained-access-to-samsung-customer-data/63096/1

Warning: PyPI Feature Executes Code Automatically After Python Package Download
https://thehackernews.com/2022/09/warning-pypi-feature-executes-code.html

Samsung discloses a second data breach this year
https://securityaffairs.co/wordpress/135241/data-breach/samsung-second-data-breach-2022.html

Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes

Cyber insurance costs soar amid ransomware attacks
https://securityintelligence.com/posts/cyber-insurance-costs-soar-amid-ransomware-attacks/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/09/2022

Dashlane password manager deal: Save 50% on Premium
https://malware.news/t/dashlane-password-manager-deal-save-50-on-premium/63091/1

What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/newsletters/privacy-briefing/4/170

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users
https://thehackernews.com/2022/09/juiceledger-hackers-behind-recent.html

如何快速的 攻击一个网站 登入 网站后台
https://0x00sec.org/t/topic/31013

Samsung Admits Data Breach that Exposed Details of Some U.S. Customers
https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html

The Ultimate Security Blind Spot You Don't Know You Have
https://thehackernews.com/2022/09/the-ultimate-security-blind-spot-you.html

Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes

PyPi Supply Chain Attack Actors Have Been Active Since Late 2021
https://packetstormsecurity.com/news/view/33799/PyPi-Supply-Chain-Attack-Actors-Have-Been-Active-Since-Late-2021.html

James Webb JPEG With Malware, (Fri, Sep 2nd)
https://malware.news/t/james-webb-jpeg-with-malware-fri-sep-2nd/63097/1

Election Officials Have Been Largely Successful in Deterring Cyber Threats, CISA Official Says
https://malware.news/t/election-officials-have-been-largely-successful-in-deterring-cyber-threats-cisa-official-says/63095/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/09/2022

Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1

LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/

Google rolled out emergency fixes to address actively exploited Chrome zero-day
https://securityaffairs.co/wordpress/135249/security/chrome-emergency-patches.html

Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html

Chromeloader browser hijacker
https://www.reddit.com/r/netsec/comments/x50b4j/chromeloader_browser_hijacker/

SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/

Career / Interview Advice for Reverse Engineers [ Twitch Clip ]
https://malware.news/t/career-interview-advice-for-reverse-engineers-twitch-clip/63102/1

Weekly News Roundup — August 28 to September 3
https://malware.news/t/weekly-news-roundup-august-28-to-september-3/63103/1

Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes

Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/09/2022

Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://isc.sans.edu/diary/rss/29012

Arti 1.0.0: Rust Tor implementation is ready for production use
https://www.reddit.com/r/netsec/comments/x51i31/arti_100_rust_tor_implementation_is_ready_for/

SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/

Machine Learning for Language Detection in Python with scikit-learn
https://malware.news/t/machine-learning-for-language-detection-in-python-with-scikit-learn/63104/1

Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1

Fun with Windows Containers - Popping Calc
https://www.reddit.com/r/netsec/comments/x51a3b/fun_with_windows_containers_popping_calc/

Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1

Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes

Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html

LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/09/2022

Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1

The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.
https://www.reddit.com/r/Malware/comments/x64wcy/the_source_code_of_a_remote_access_trojan_rat/

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/

A new phishing scam targets American Express cardholders
https://securityaffairs.co/wordpress/135292/hacking/phishing-scam-targets-american-express.html

HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1

Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016

Video: Kernel Mode Driver Emulation with Speakeasy
https://www.reddit.com/r/Malware/comments/x5r7wg/video_kernel_mode_driver_emulation_with_speakeasy/

Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://malware.news/t/video-vba-maldoc-utf7-apt-c-35-sun-sep-4th/63106/1

IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html

Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/09/2022

Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html

Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1

IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html

Malware Analysis - Kernel Mode Driver Emulation with Speakeasy
https://malware.news/t/malware-analysis-kernel-mode-driver-emulation-with-speakeasy/63107/1

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/

WPHash - Fingerprinting WordPress Plugins, now in public beta and open to feedback and collaboration
https://www.reddit.com/r/netsec/comments/x5udxe/wphash_fingerprinting_wordpress_plugins_now_in/

Security compliance and cybersecurity first principles.
https://thecyberwire.com/podcasts/cso-perspectives-public/59/notes

Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016

SharkBot malware sneaks back on Google Play to steal your logins
https://www.reddit.com/r/Malware/comments/x68c1q/sharkbot_malware_sneaks_back_on_google_play_to/

HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman