Top Security News for 30/08/2022

Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
https://malware.news/t/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/62977/1

Windows malware delays coinminer install by a month to evade detection
https://www.reddit.com/r/Malware/comments/x17lcq/windows_malware_delays_coinminer_install_by_a/

Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/

A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1

Incident Response in AWS
https://www.reddit.com/r/netsec/comments/x1ax8i/incident_response_in_aws/

SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1

How a hybrid war spreads its cyber effects. Russian and Chinese cyber ops in Latin America. Greenwashing influence. Iranian threat actor exploits Log4j vulnerabilities against Israeli targets.
https://thecyberwire.com/podcasts/daily-podcast/1651/notes

How Carrier’s product security team delivers the ‘right support for the right product’
https://www.csoonline.com/article/3670752/how-carrier-s-product-security-team-delivers-the-right-support-for-the-right-product.html#tk.rss_all

The Bizarre Mystery of the Only Armed Nuke America Ever Lost
https://www.vice.com/en_us/article/y3p3xw/the-bizarre-mystery-of-the-only-armed-nuke-america-ever-lost

ISC Stormcast For Tuesday, August 30th, 2022 https://isc.sans.edu/podcastdetail.html?id=8152, (Tue, Aug 30th)
https://malware.news/t/isc-stormcast-for-tuesday-august-30th-2022-https-isc-sans-edu-podcastdetail-html-id-8152-tue-aug-30th/62975/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 30/08/2022

A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
https://malware.news/t/a-file-format-to-aid-in-security-vulnerability-disclosure-the-first-step-to-a-proper-connection/62976/1

Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
https://securityaffairs.co/wordpress/135017/cyber-crime/fbi-warns-defi-attacks.html

Blind exploits to rule WatchGuard firewalls: pre-auth RCE as root on WG appliances
https://www.reddit.com/r/netsec/comments/x0q1ob/blind_exploits_to_rule_watchguard_firewalls/

SWITCH Security Report July/August 2022
https://malware.news/t/switch-security-report-july-august-2022/62978/1

ISC StormCast for Tuesday, August 30th, 2022
https://isc.sans.edu/podcastdetail.html?id=8152

Part 1 – SingPass RASP Analysis
https://www.reddit.com/r/netsec/comments/x0svxb/part_1_singpass_rasp_analysis/

A week in security (August 22 - August 28)
https://www.malwarebytes.com/blog/news/2022/08/a-week-in-security-august-22-august-28

‘Girls Who Code’ Team Up With Tomahawk Missile Maker Raytheon
https://www.vice.com/en_us/article/g5v53w/girls-who-code-team-up-with-tomahawk-missile-maker-raytheon

FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
https://thehackernews.com/2022/08/ftc-sues-data-broker-over-selling.html

Nmap Basic Tutorial
https://0x00sec.org/t/nmap-basic-tutorial/30952


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 31/08/2022

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information
https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html

NAFO Memesters Paid Ukraine to Paint Their Memes on a Tank
https://www.vice.com/en_us/article/epzp7n/nafo-memesters-paid-ukraine-to-paint-their-memes-on-a-tank

ISC StormCast for Wednesday, August 31st, 2022
https://isc.sans.edu/podcastdetail.html?id=8154

Going Atomic: The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach
https://www.reddit.com/r/netsec/comments/x1x18c/going_atomic_the_strengths_and_weaknesses_of_a/

Bootkitting Windows Sandbox
https://www.reddit.com/r/netsec/comments/x1qy8u/bootkitting_windows_sandbox/

Digging into an NTLM Downgrade Attack
https://www.reddit.com/r/netsec/comments/x24vnv/digging_into_an_ntlm_downgrade_attack/

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
https://securityaffairs.co/wordpress/135046/malware/malware-campaigns-modernloader.html

Cyber Signals: 3 strategies for protection against ransomware
https://www.microsoft.com/security/blog/2022/08/30/cyber-signals-3-strategies-for-protection-against-ransomware/

Cyberespionage around the South China Sea. Oktapus and the Twilio compromise. Notes from the hybrid war. Triple extortion.
https://thecyberwire.com/newsletters/daily-briefing/11/167

ISC Stormcast For Wednesday, August 31st, 2022 https://isc.sans.edu/podcastdetail.html?id=8154, (Wed, Aug 31st)
https://malware.news/t/isc-stormcast-for-wednesday-august-31st-2022-https-isc-sans-edu-podcastdetail-html-id-8154-wed-aug-31st/63012/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 31/08/2022

A new Google bug bounty program now covers Open Source projects
https://securityaffairs.co/wordpress/135059/security/google-bug-bounty-open-source.html

FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft
https://malware.news/t/fbi-secret-service-join-kentucky-investigation-into-4-million-cybercrime-theft/63009/1

British Airways customers targeted in lost luggage Twitter scam
https://www.malwarebytes.com/blog/news/2022/08/steer-clear-of-lost-luggage-scams-on-twitter

Elementor #28188
https://malware.news/t/elementor-28188/63013/1

Snakes on a Domain: An Analysis of a Python Malware Loader
https://www.reddit.com/r/netsec/comments/x1xxyy/snakes_on_a_domain_an_analysis_of_a_python/

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
https://thehackernews.com/2022/08/hackers-use-modernloader-to-infect.html

A study on malicious plugins in WordPress Marketplaces
https://securityaffairs.co/wordpress/135032/reports/wordpress-malicious-plugins.html

MATE: Interactive Program Analysis with Code Property Graphs
https://www.reddit.com/r/netsec/comments/x1yr7w/mate_interactive_program_analysis_with_code/

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information
https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html

Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger
https://www.csoonline.com/article/3671869/multi-stage-crypto-mining-malware-hides-in-legitimate-apps-with-month-long-delay-trigger.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 01/09/2022

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html

James Webb telescope images used to hide malware
https://www.malwarebytes.com/blog/news/2022/08/james-webb-telescope-images-used-to-hide-malware

ISC Stormcast For Thursday, September 1st, 2022 https://isc.sans.edu/podcastdetail.html?id=8156, (Thu, Sep 1st)
https://malware.news/t/isc-stormcast-for-thursday-september-1st-2022-https-isc-sans-edu-podcastdetail-html-id-8156-thu-sep-1st/63046/1

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope
https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html

Experts spotted five malicious Google Chrome extensions used by 1.4M users
https://securityaffairs.co/wordpress/135091/hacking/malicious-google-chrome-extensions.html

Stuxnet explained: The first known cyberweapon
https://www.csoonline.com/article/3218104/stuxnet-explained-the-first-known-cyberweapon.html#tk.rss_all

Resolving conflicts between security best practices and compliance mandates
https://www.csoonline.com/article/3671969/resolving-conflicts-between-security-best-practices-and-compliance-mandates.html#tk.rss_all

UK unveils tighter cybersecurity requirements for telecom industry. Preparing for new cybersecurity regulations.
https://thecyberwire.com/newsletters/policy-briefing/4/168

How to set up an iPhone for your kids
https://www.malwarebytes.com/blog/news/2022/08/how-to-set-up-ios-for-your-kids

Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies
https://malware.news/t/attackers-using-frp-fast-reverse-proxy-to-attack-korean-companies/63042/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 01/09/2022

Securing multi-cloud identity with orchestration.
https://thecyberwire.com/podcasts/cyberwire-x/37/notes

How I Met Your Beacon: Detection Strategies
https://www.reddit.com/r/netsec/comments/x2t7p2/how_i_met_your_beacon_detection_strategies/

Stop Ransomware with Microsoft Security digital event presents threat intelligence in action
https://www.microsoft.com/security/blog/2022/08/31/stop-ransomware-with-microsoft-security-digital-event-presents-threat-intelligence-in-action/

NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/31-08-2022

Women in cybersecurity form non-profit organization The Forte Group
https://www.csoonline.com/article/3671909/women-in-cybersecurity-form-non-profit-organization-the-forte-group.html#tk.rss_all

Malwarebytes receives highest rankings in recent third-party tests
https://malware.news/t/malwarebytes-receives-highest-rankings-in-recent-third-party-tests/63043/1

CVE-2021-38297 - Technical analysis of a Go WebAssembly vulnerability
https://www.reddit.com/r/netsec/comments/x279b9/cve202138297_technical_analysis_of_a_go/

Final Fantasy 14 players targeted by QR code phishing
https://www.malwarebytes.com/blog/news/2022/08/final-fantasy-14-players-targeted-by-qr-code-phishing

UK unveils tighter cybersecurity requirements for telecom industry. Preparing for new cybersecurity regulations.
https://thecyberwire.com/newsletters/policy-briefing/4/168

Palo Alto adds new SaaS compliance, threat prevention, URL filtering features to Prisma solution
https://www.csoonline.com/article/3671709/palo-alto-adds-new-saas-compliance-threat-prevention-url-filtering-features-to-prisma-solution.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/09/2022

2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1

BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all

What is a keylogger?
https://www.malwarebytes.com/blog/news/2022/09/what-is-a-keylogger

Data broker sued for allegedly selling individuals' sensitive location data
https://www.malwarebytes.com/blog/news/2022/08/data-broker-kochava-sued-for-allegedly-selling-location-data

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials
https://securityaffairs.co/wordpress/135152/hacking/apps-hard-coded-aws-credentials.html

Controversial Kids' Code aims to keep children safe online
https://www.malwarebytes.com/blog/news/2022/08/controversial-kids-code-aims-to-keep-children-safe-online

Raspberry Robin and Dridex: Two Birds of a Feather
https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/

Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell

GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access Control
https://www.reddit.com/r/netsec/comments/x39a8c/github_rossgeerlingstioadsync_group_syncing/

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/09/2022

China-Linked APT40 Gang Targets Wind Farms, Australian Government
https://packetstormsecurity.com/news/view/33791/China-Linked-APT40-Gang-Targets-Wind-Farms-Australian-Government.html

Apple releases security update for iPhones and iPads to address vulnerability
https://www.malwarebytes.com/blog/news/2022/09/apple-releases-security-update-for-iphones-and-ipads-to-address-vulnerability

Researchers analyzed a new JavaScript skimmer used by Magecart threat actors
https://securityaffairs.co/wordpress/135177/cyber-crime/javascript-skimmer-magecart.html

Remediant wants to move beyond PAM to secure enterprise networks
https://www.csoonline.com/article/3672233/remediant-wants-to-move-beyond-pam-to-secure-enterprise-networks.html#tk.rss_all

BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all

Source Code Management Attack Toolkit - Supports GitHub Enterprise, GitLab Enterprise, & Bitbucket Server
https://www.reddit.com/r/netsec/comments/x3s1mm/source_code_management_attack_toolkit_supports/

2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1

SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 -
https://www.reddit.com/r/netsec/comments/x32qyf/settlers_of_netlink_exploiting_a_limited_use/

Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell

ISC Stormcast For Friday, September 2nd, 2022 https://isc.sans.edu/podcastdetail.html?id=8158, (Fri, Sep 2nd)
https://isc.sans.edu/diary/rss/29008


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/09/2022

What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/podcasts/privacy-briefing/661/notes

Italy warns of cyberattacks on energy industry after Eni, GSE incidents
https://malware.news/t/italy-warns-of-cyberattacks-on-energy-industry-after-eni-gse-incidents/63094/1

curl’s TLS fingerprint
https://www.reddit.com/r/netsec/comments/x47sgv/curls_tls_fingerprint/

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/netsec/comments/x498bo/theres_another_hole_in_your_soc_unisoc_rom/

Reviewing macOS Unified Logs
https://www.reddit.com/r/netsec/comments/x4lajo/reviewing_macos_unified_logs/

Hackers gained access to Samsung customer data
https://malware.news/t/hackers-gained-access-to-samsung-customer-data/63096/1

Warning: PyPI Feature Executes Code Automatically After Python Package Download
https://thehackernews.com/2022/09/warning-pypi-feature-executes-code.html

Samsung discloses a second data breach this year
https://securityaffairs.co/wordpress/135241/data-breach/samsung-second-data-breach-2022.html

Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes

Cyber insurance costs soar amid ransomware attacks
https://securityintelligence.com/posts/cyber-insurance-costs-soar-amid-ransomware-attacks/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/09/2022

Dashlane password manager deal: Save 50% on Premium
https://malware.news/t/dashlane-password-manager-deal-save-50-on-premium/63091/1

What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/newsletters/privacy-briefing/4/170

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users
https://thehackernews.com/2022/09/juiceledger-hackers-behind-recent.html

如何快速的 攻击一个网站 登入 网站后台
https://0x00sec.org/t/topic/31013

Samsung Admits Data Breach that Exposed Details of Some U.S. Customers
https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html

The Ultimate Security Blind Spot You Don't Know You Have
https://thehackernews.com/2022/09/the-ultimate-security-blind-spot-you.html

Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes

PyPi Supply Chain Attack Actors Have Been Active Since Late 2021
https://packetstormsecurity.com/news/view/33799/PyPi-Supply-Chain-Attack-Actors-Have-Been-Active-Since-Late-2021.html

James Webb JPEG With Malware, (Fri, Sep 2nd)
https://malware.news/t/james-webb-jpeg-with-malware-fri-sep-2nd/63097/1

Election Officials Have Been Largely Successful in Deterring Cyber Threats, CISA Official Says
https://malware.news/t/election-officials-have-been-largely-successful-in-deterring-cyber-threats-cisa-official-says/63095/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/09/2022

Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1

LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/

Google rolled out emergency fixes to address actively exploited Chrome zero-day
https://securityaffairs.co/wordpress/135249/security/chrome-emergency-patches.html

Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html

Chromeloader browser hijacker
https://www.reddit.com/r/netsec/comments/x50b4j/chromeloader_browser_hijacker/

SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/

Career / Interview Advice for Reverse Engineers [ Twitch Clip ]
https://malware.news/t/career-interview-advice-for-reverse-engineers-twitch-clip/63102/1

Weekly News Roundup — August 28 to September 3
https://malware.news/t/weekly-news-roundup-august-28-to-september-3/63103/1

Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes

Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/09/2022

Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://isc.sans.edu/diary/rss/29012

Arti 1.0.0: Rust Tor implementation is ready for production use
https://www.reddit.com/r/netsec/comments/x51i31/arti_100_rust_tor_implementation_is_ready_for/

SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/

Machine Learning for Language Detection in Python with scikit-learn
https://malware.news/t/machine-learning-for-language-detection-in-python-with-scikit-learn/63104/1

Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1

Fun with Windows Containers - Popping Calc
https://www.reddit.com/r/netsec/comments/x51a3b/fun_with_windows_containers_popping_calc/

Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1

Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes

Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html

LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/09/2022

Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1

The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.
https://www.reddit.com/r/Malware/comments/x64wcy/the_source_code_of_a_remote_access_trojan_rat/

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/

A new phishing scam targets American Express cardholders
https://securityaffairs.co/wordpress/135292/hacking/phishing-scam-targets-american-express.html

HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1

Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016

Video: Kernel Mode Driver Emulation with Speakeasy
https://www.reddit.com/r/Malware/comments/x5r7wg/video_kernel_mode_driver_emulation_with_speakeasy/

Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://malware.news/t/video-vba-maldoc-utf7-apt-c-35-sun-sep-4th/63106/1

IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html

Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/09/2022

Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html

Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1

IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html

Malware Analysis - Kernel Mode Driver Emulation with Speakeasy
https://malware.news/t/malware-analysis-kernel-mode-driver-emulation-with-speakeasy/63107/1

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/

WPHash - Fingerprinting WordPress Plugins, now in public beta and open to feedback and collaboration
https://www.reddit.com/r/netsec/comments/x5udxe/wphash_fingerprinting_wordpress_plugins_now_in/

Security compliance and cybersecurity first principles.
https://thecyberwire.com/podcasts/cso-perspectives-public/59/notes

Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016

SharkBot malware sneaks back on Google Play to steal your logins
https://www.reddit.com/r/Malware/comments/x68c1q/sharkbot_malware_sneaks_back_on_google_play_to/

HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 06/09/2022

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html

SAT/SMT Solvers by Example
https://www.reddit.com/r/netsec/comments/x6y3hk/satsmt_solvers_by_example/

ISC StormCast for Tuesday, September 6th, 2022
https://isc.sans.edu/podcastdetail.html?id=8160

CVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files
https://www.reddit.com/r/netsec/comments/x6aqwc/cve202230190_aka_follina_uses_macroless_word_docs/

PackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.
https://www.reddit.com/r/Malware/comments/x6xpb4/packmypayload_emerging_threat_of_containerized/

Hacking my Helium Crypto Miner
https://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/

JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites
https://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1

ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1

Walkthrough of an unauthenticated RCE affecting pfBlockerNG <= 2.1.4_26 (CVE-2022-31814)
https://www.reddit.com/r/netsec/comments/x6b5is/walkthrough_of_an_unauthenticated_rce_affecting/

Microsoft will disable Basic authentication for Exchange Online in less than a month
https://www.malwarebytes.com/blog/news/2022/09/microsoft-to-disable-basic-auth-for-exchange-online-in-less-than-a-month


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 06/09/2022

ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1

How Azure Active Directory opens new authentication risks
https://www.csoonline.com/article/3672531/how-azure-active-directory-opens-new-authentication-risks.html#tk.rss_all

Zero-day puts a dent in Chrome's mojo
https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited

Hacking my Helium Crypto Miner
https://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/

JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites
https://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html

ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://isc.sans.edu/diary/rss/29020

QNAP warns new Deadbolt ransomware attacks exploiting zero-day
https://securityaffairs.co/wordpress/135347/malware/qnap-deadbolt-ransomware-new-attacks.html

A week in security (August 29 - September 4)
https://malware.news/t/a-week-in-security-august-29-september-4/63121/1

Simulated Phishing (noun)
https://thecyberwire.com/podcasts/word-notes/115/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/09/2022

Integrating Live Patching in SecDevOps Workflows
https://thehackernews.com/2022/09/integrating-live-patching-in-secdevops.html

What Is Your Security Team Profile? Prevention, Detection, or Risk Management
https://thehackernews.com/2022/09/what-is-your-security-team-profile.html

SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x7j0gb/sharkfest21_wireshark_conference_playlist_hours/

23 year old Denial of Service bug in Curl
https://www.reddit.com/r/netsec/comments/x7e5kc/23_year_old_denial_of_service_bug_in_curl/

BrandPost: How Leading Companies Secure a Hybrid Workforce
https://www.csoonline.com/article/3672189/how-leading-companies-secure-a-hybrid-workforce.html#tk.rss_all

PackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.
https://www.reddit.com/r/Malware/comments/x7s1i0/packmypayload_emerging_threat_of_containerized/

The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
https://www.csoonline.com/article/3223203/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html#tk.rss_all

IRS accidental data exposure. Samsung discloses data breach. Data breach sacks 49ers. Third-party data breach exposes KeyBank customer data.
https://thecyberwire.com/podcasts/privacy-briefing/662/notes

In-app browser security risks, and what to do about them
https://www.csoonline.com/article/3672234/in-app-browser-security-risks-and-what-to-do-about-them.html#tk.rss_all

QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw
https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/09/2022

Dream Setup (Continued)
https://0x00sec.org/t/dream-setup-continued/31071

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security
https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html

IRS accidental data exposure. Samsung discloses data breach. Data breach sacks 49ers. Third-party data breach exposes KeyBank customer data.
https://thecyberwire.com/podcasts/privacy-briefing/662/notes

Vulnerability Analysis of CVE-2018-12613 – phpMyAdmin 4.8.1 Remote Code Execution
https://www.reddit.com/r/netsec/comments/x7eain/vulnerability_analysis_of_cve201812613_phpmyadmin/

Update: hex-to-bin.py Version 0.0.6
https://malware.news/t/update-hex-to-bin-py-version-0-0-6/63170/1

What Is Your Security Team Profile? Prevention, Detection, or Risk Management
https://thehackernews.com/2022/09/what-is-your-security-team-profile.html

How to turn security research into profit: a CL.0 case study
https://www.reddit.com/r/netsec/comments/x7anu0/how_to_turn_security_research_into_profit_a_cl0/

SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x7j0gb/sharkfest21_wireshark_conference_playlist_hours/

TA505 Group's TeslaGun In-Depth Analysis
https://www.reddit.com/r/netsec/comments/x76sts/ta505_groups_teslagun_indepth_analysis/

The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
https://www.csoonline.com/article/3223203/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/09/2022

Quickpost: Sun Drying Biodegradable Waste
https://malware.news/t/quickpost-sun-drying-biodegradable-waste/63201/1

ISC StormCast for Thursday, September 8th, 2022
https://isc.sans.edu/podcastdetail.html?id=8164

CIEM vs CWPP vs CSPM
https://malware.news/t/ciem-vs-cwpp-vs-cspm/63204/1

US lawmakers’ continued focus on TikTok as national security threat. NTSB lacks CISA-mandated vulnerability disclosure policy. US Army works to improve cybersecurity training.
https://thecyberwire.com/newsletters/policy-briefing/4/172

The Cost of a Data Breach for Government Agencies
https://securityintelligence.com/articles/cost-data-breach-government-agencies/

Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
https://thecyberwire.com/podcasts/daily-podcast/1657/notes

Edward Snowden and whistleblower ethics.
https://thecyberwire.com/podcasts/caveat/140/notes

Global companies say supply chain partners expose them to ransomware
https://www.csoonline.com/article/3672155/global-companies-say-supply-chain-partners-expose-them-to-ransomware.html#tk.rss_all

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks
https://thehackernews.com/2022/09/some-members-of-conti-group-targeting.html

TTPs Associated With a New Version of the BlackCat Ransomware
https://www.reddit.com/r/netsec/comments/x85xf5/ttps_associated_with_a_new_version_of_the/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/09/2022

ISC Stormcast For Thursday, September 8th, 2022 https://isc.sans.edu/podcastdetail.html?id=8164, (Thu, Sep 8th)
https://malware.news/t/isc-stormcast-for-thursday-september-8th-2022-https-isc-sans-edu-podcastdetail-html-id-8164-thu-sep-8th/63205/1

How to set up an Android for your kids
https://www.malwarebytes.com/blog/news/2022/09/how-to-set-up-an-android-for-your-kids

Los Angeles school district hit by ransomware. CISA and FBI issue a Joint Advisory on the Vice Society. Comment on the data incident at KeyBank.
https://thecyberwire.com/podcasts/privacy-briefing/663/notes

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards
https://thehackernews.com/2022/09/authorities-shut-down-wt1shop-site-for.html

Go beyond compliance with Microsoft Purview
https://thecyberwire.com/podcasts/uncovering-hidden-risks/3/notes

Quickpost: Sun Drying Biodegradable Waste
https://malware.news/t/quickpost-sun-drying-biodegradable-waste/63201/1

Warning issued about Vice Society ransomware targeting the education sector
https://www.malwarebytes.com/blog/news/2022/09/authorities-issue-warning-about-vice-society-ransomware-targeting-the-education-sector

Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products
https://thehackernews.com/2022/09/cisco-releases-security-patches-for-new.html

SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x8bdvv/sharkfest21_wireshark_conference_playlist_hours/

4 strategy game-changers for finding cybersecurity talent
https://www.csoonline.com/article/3672429/4-strategy-game-changers-for-finding-cybersecurity-talent.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 09/09/2022

Monkey 365 is a plugin-based PowerShell module that can be used to review the security posture of your Microsoft cloud environment.
https://www.reddit.com/r/netsec/comments/x8thy3/monkey_365_is_a_pluginbased_powershell_module/

Quickpost: Dolmen du roc de l’Arca
https://malware.news/t/quickpost-dolmen-du-roc-de-l-arca/63242/1

Shopify Fails to Prevent Known Breached Passwords
https://thehackernews.com/2022/09/shopify-fails-to-prevent-known-breached.html

Microsoft investigates Iranian attacks against the Albanian government
https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/

Ransomware review: August 2022
https://www.malwarebytes.com/blog/threat-intelligence/2022/09/ransomware-review-august-2022

Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords
https://malware.news/t/threat-source-newsletter-sept-8-2022-why-there-is-no-one-stop-shop-solution-for-protecting-passwords/63240/1

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog
https://securityaffairs.co/wordpress/135491/security/cisa-known-exploited-vulnerabilities-catalog-flaws-2.html

Cisco will not fix the authentication bypass flaw in EoL routers
https://securityaffairs.co/wordpress/135464/security/cisco-security-flaws.html

Chinese and Iranian cyberespionage reported. Cybersecurity for SMBs. Conti's old playbook used against Ukraine. Telco resiliency.
https://thecyberwire.com/newsletters/daily-briefing/11/173

ISC Stormcast For Friday, September 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8166, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29030


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman