Top Security News for 02/09/2022
2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1
BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all
What is a keylogger?
https://www.malwarebytes.com/blog/news/2022/09/what-is-a-keylogger
Data broker sued for allegedly selling individuals' sensitive location data
https://www.malwarebytes.com/blog/news/2022/08/data-broker-kochava-sued-for-allegedly-selling-location-data
1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials
https://securityaffairs.co/wordpress/135152/hacking/apps-hard-coded-aws-credentials.html
Controversial Kids' Code aims to keep children safe online
https://www.malwarebytes.com/blog/news/2022/08/controversial-kids-code-aims-to-keep-children-safe-online
Raspberry Robin and Dridex: Two Birds of a Feather
https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/
Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell
GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access Control
https://www.reddit.com/r/netsec/comments/x39a8c/github_rossgeerlingstioadsync_group_syncing/
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1
BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all
What is a keylogger?
https://www.malwarebytes.com/blog/news/2022/09/what-is-a-keylogger
Data broker sued for allegedly selling individuals' sensitive location data
https://www.malwarebytes.com/blog/news/2022/08/data-broker-kochava-sued-for-allegedly-selling-location-data
1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials
https://securityaffairs.co/wordpress/135152/hacking/apps-hard-coded-aws-credentials.html
Controversial Kids' Code aims to keep children safe online
https://www.malwarebytes.com/blog/news/2022/08/controversial-kids-code-aims-to-keep-children-safe-online
Raspberry Robin and Dridex: Two Birds of a Feather
https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/
Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell
GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access Control
https://www.reddit.com/r/netsec/comments/x39a8c/github_rossgeerlingstioadsync_group_syncing/
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
2022-08-31 - IcedID (Bokbot) with Cobalt Strike
Article Link: Malware-Traffic-Analysis.net - 2022-08-31 - IcedID (Bokbot) with Cobalt Strike
Top Security News for 02/09/2022
China-Linked APT40 Gang Targets Wind Farms, Australian Government
https://packetstormsecurity.com/news/view/33791/China-Linked-APT40-Gang-Targets-Wind-Farms-Australian-Government.html
Apple releases security update for iPhones and iPads to address vulnerability
https://www.malwarebytes.com/blog/news/2022/09/apple-releases-security-update-for-iphones-and-ipads-to-address-vulnerability
Researchers analyzed a new JavaScript skimmer used by Magecart threat actors
https://securityaffairs.co/wordpress/135177/cyber-crime/javascript-skimmer-magecart.html
Remediant wants to move beyond PAM to secure enterprise networks
https://www.csoonline.com/article/3672233/remediant-wants-to-move-beyond-pam-to-secure-enterprise-networks.html#tk.rss_all
BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all
Source Code Management Attack Toolkit - Supports GitHub Enterprise, GitLab Enterprise, & Bitbucket Server
https://www.reddit.com/r/netsec/comments/x3s1mm/source_code_management_attack_toolkit_supports/
2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1
SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 -
https://www.reddit.com/r/netsec/comments/x32qyf/settlers_of_netlink_exploiting_a_limited_use/
Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell
ISC Stormcast For Friday, September 2nd, 2022 https://isc.sans.edu/podcastdetail.html?id=8158, (Fri, Sep 2nd)
https://isc.sans.edu/diary/rss/29008
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
China-Linked APT40 Gang Targets Wind Farms, Australian Government
https://packetstormsecurity.com/news/view/33791/China-Linked-APT40-Gang-Targets-Wind-Farms-Australian-Government.html
Apple releases security update for iPhones and iPads to address vulnerability
https://www.malwarebytes.com/blog/news/2022/09/apple-releases-security-update-for-iphones-and-ipads-to-address-vulnerability
Researchers analyzed a new JavaScript skimmer used by Magecart threat actors
https://securityaffairs.co/wordpress/135177/cyber-crime/javascript-skimmer-magecart.html
Remediant wants to move beyond PAM to secure enterprise networks
https://www.csoonline.com/article/3672233/remediant-wants-to-move-beyond-pam-to-secure-enterprise-networks.html#tk.rss_all
BrandPost: Getting to Know the CIS Benchmarks
https://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all
Source Code Management Attack Toolkit - Supports GitHub Enterprise, GitLab Enterprise, & Bitbucket Server
https://www.reddit.com/r/netsec/comments/x3s1mm/source_code_management_attack_toolkit_supports/
2022-08-31 - IcedID (Bokbot) with Cobalt Strike
https://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1
SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 -
https://www.reddit.com/r/netsec/comments/x32qyf/settlers_of_netlink_exploiting_a_limited_use/
Ukrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell
https://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell
ISC Stormcast For Friday, September 2nd, 2022 https://isc.sans.edu/podcastdetail.html?id=8158, (Fri, Sep 2nd)
https://isc.sans.edu/diary/rss/29008
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The Register
China-linked APT40 gang targets wind farms, Australian government
ScanBox installed after victims lured to fake Murdoch news sites with phishing emails
Top Security News for 03/09/2022
What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/podcasts/privacy-briefing/661/notes
Italy warns of cyberattacks on energy industry after Eni, GSE incidents
https://malware.news/t/italy-warns-of-cyberattacks-on-energy-industry-after-eni-gse-incidents/63094/1
curl’s TLS fingerprint
https://www.reddit.com/r/netsec/comments/x47sgv/curls_tls_fingerprint/
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/netsec/comments/x498bo/theres_another_hole_in_your_soc_unisoc_rom/
Reviewing macOS Unified Logs
https://www.reddit.com/r/netsec/comments/x4lajo/reviewing_macos_unified_logs/
Hackers gained access to Samsung customer data
https://malware.news/t/hackers-gained-access-to-samsung-customer-data/63096/1
Warning: PyPI Feature Executes Code Automatically After Python Package Download
https://thehackernews.com/2022/09/warning-pypi-feature-executes-code.html
Samsung discloses a second data breach this year
https://securityaffairs.co/wordpress/135241/data-breach/samsung-second-data-breach-2022.html
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes
Cyber insurance costs soar amid ransomware attacks
https://securityintelligence.com/posts/cyber-insurance-costs-soar-amid-ransomware-attacks/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/podcasts/privacy-briefing/661/notes
Italy warns of cyberattacks on energy industry after Eni, GSE incidents
https://malware.news/t/italy-warns-of-cyberattacks-on-energy-industry-after-eni-gse-incidents/63094/1
curl’s TLS fingerprint
https://www.reddit.com/r/netsec/comments/x47sgv/curls_tls_fingerprint/
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/netsec/comments/x498bo/theres_another_hole_in_your_soc_unisoc_rom/
Reviewing macOS Unified Logs
https://www.reddit.com/r/netsec/comments/x4lajo/reviewing_macos_unified_logs/
Hackers gained access to Samsung customer data
https://malware.news/t/hackers-gained-access-to-samsung-customer-data/63096/1
Warning: PyPI Feature Executes Code Automatically After Python Package Download
https://thehackernews.com/2022/09/warning-pypi-feature-executes-code.html
Samsung discloses a second data breach this year
https://securityaffairs.co/wordpress/135241/data-breach/samsung-second-data-breach-2022.html
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes
Cyber insurance costs soar amid ransomware attacks
https://securityintelligence.com/posts/cyber-insurance-costs-soar-amid-ransomware-attacks/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
Just how much do your apps know about you? Georgia health system suffers data breach. Data breach at Oklahoma school.
Top Security News for 03/09/2022
Dashlane password manager deal: Save 50% on Premium
https://malware.news/t/dashlane-password-manager-deal-save-50-on-premium/63091/1
What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/newsletters/privacy-briefing/4/170
JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users
https://thehackernews.com/2022/09/juiceledger-hackers-behind-recent.html
如何快速的 攻击一个网站 登入 网站后台
https://0x00sec.org/t/topic/31013
Samsung Admits Data Breach that Exposed Details of Some U.S. Customers
https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html
The Ultimate Security Blind Spot You Don't Know You Have
https://thehackernews.com/2022/09/the-ultimate-security-blind-spot-you.html
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes
PyPi Supply Chain Attack Actors Have Been Active Since Late 2021
https://packetstormsecurity.com/news/view/33799/PyPi-Supply-Chain-Attack-Actors-Have-Been-Active-Since-Late-2021.html
James Webb JPEG With Malware, (Fri, Sep 2nd)
https://malware.news/t/james-webb-jpeg-with-malware-fri-sep-2nd/63097/1
Election Officials Have Been Largely Successful in Deterring Cyber Threats, CISA Official Says
https://malware.news/t/election-officials-have-been-largely-successful-in-deterring-cyber-threats-cisa-official-says/63095/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Dashlane password manager deal: Save 50% on Premium
https://malware.news/t/dashlane-password-manager-deal-save-50-on-premium/63091/1
What the apps know. Health system suffers data breach. Data breach at Oklahoma school.
https://thecyberwire.com/newsletters/privacy-briefing/4/170
JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users
https://thehackernews.com/2022/09/juiceledger-hackers-behind-recent.html
如何快速的 攻击一个网站 登入 网站后台
https://0x00sec.org/t/topic/31013
Samsung Admits Data Breach that Exposed Details of Some U.S. Customers
https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html
The Ultimate Security Blind Spot You Don't Know You Have
https://thehackernews.com/2022/09/the-ultimate-security-blind-spot-you.html
Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow’s taxis.
https://thecyberwire.com/podcasts/daily-podcast/1655/notes
PyPi Supply Chain Attack Actors Have Been Active Since Late 2021
https://packetstormsecurity.com/news/view/33799/PyPi-Supply-Chain-Attack-Actors-Have-Been-Active-Since-Late-2021.html
James Webb JPEG With Malware, (Fri, Sep 2nd)
https://malware.news/t/james-webb-jpeg-with-malware-fri-sep-2nd/63097/1
Election Officials Have Been Largely Successful in Deterring Cyber Threats, CISA Official Says
https://malware.news/t/election-officials-have-been-largely-successful-in-deterring-cyber-threats-cisa-official-says/63095/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Dashlane password manager deal: Save 50% on Premium
With a special code, you can get a year of Dashlane Premium for only $30. This applies to new customers only. Article Link: Dashlane password manager deal: Save 50% on Premium | ZDNET
Top Security News for 04/09/2022
Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1
LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/
Google rolled out emergency fixes to address actively exploited Chrome zero-day
https://securityaffairs.co/wordpress/135249/security/chrome-emergency-patches.html
Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html
Chromeloader browser hijacker
https://www.reddit.com/r/netsec/comments/x50b4j/chromeloader_browser_hijacker/
SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/
Career / Interview Advice for Reverse Engineers [ Twitch Clip ]
https://malware.news/t/career-interview-advice-for-reverse-engineers-twitch-clip/63102/1
Weekly News Roundup — August 28 to September 3
https://malware.news/t/weekly-news-roundup-august-28-to-september-3/63103/1
Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes
Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1
LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/
Google rolled out emergency fixes to address actively exploited Chrome zero-day
https://securityaffairs.co/wordpress/135249/security/chrome-emergency-patches.html
Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html
Chromeloader browser hijacker
https://www.reddit.com/r/netsec/comments/x50b4j/chromeloader_browser_hijacker/
SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/
Career / Interview Advice for Reverse Engineers [ Twitch Clip ]
https://malware.news/t/career-interview-advice-for-reverse-engineers-twitch-clip/63102/1
Weekly News Roundup — August 28 to September 3
https://malware.news/t/weekly-news-roundup-august-28-to-september-3/63103/1
Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes
Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
I recorded a video for yesterday’s diary entry James Webb JPEG With Malware. Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
Top Security News for 04/09/2022
Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://isc.sans.edu/diary/rss/29012
Arti 1.0.0: Rust Tor implementation is ready for production use
https://www.reddit.com/r/netsec/comments/x51i31/arti_100_rust_tor_implementation_is_ready_for/
SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/
Machine Learning for Language Detection in Python with scikit-learn
https://malware.news/t/machine-learning-for-language-detection-in-python-with-scikit-learn/63104/1
Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1
Fun with Windows Containers - Popping Calc
https://www.reddit.com/r/netsec/comments/x51a3b/fun_with_windows_containers_popping_calc/
Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1
Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes
Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html
LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://isc.sans.edu/diary/rss/29012
Arti 1.0.0: Rust Tor implementation is ready for production use
https://www.reddit.com/r/netsec/comments/x51i31/arti_100_rust_tor_implementation_is_ready_for/
SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://www.reddit.com/r/netsec/comments/x4y615/simplex_chat_the_first_messaging_platform_that/
Machine Learning for Language Detection in Python with scikit-learn
https://malware.news/t/machine-learning-for-language-detection-in-python-with-scikit-learn/63104/1
Analysis: Situational Awareness + Timelines
https://malware.news/t/analysis-situational-awareness-timelines/63101/1
Fun with Windows Containers - Popping Calc
https://www.reddit.com/r/netsec/comments/x51a3b/fun_with_windows_containers_popping_calc/
Video: James Webb JPEG With Malware, (Sat, Sep 3rd)
https://malware.news/t/video-james-webb-jpeg-with-malware-sat-sep-3rd/63100/1
Anjali Hansen: Cross team collaboration works best. [Privacy Council]
https://thecyberwire.com/podcasts/career-notes/115/notes
Security Affairs newsletter Round 382
https://securityaffairs.co/wordpress/135269/breaking-news/security-affairs-newsletter-round-382.html
LEMONADE.BIN and the evolution of binary formats from COM to PE32+
https://www.reddit.com/r/lowlevel/comments/x43ujz/lemonadebin_and_the_evolution_of_binary_formats/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Internet Storm Center Diary 2022-10-26, Author: Johannes Ullrich
Top Security News for 05/09/2022
Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1
The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.
https://www.reddit.com/r/Malware/comments/x64wcy/the_source_code_of_a_remote_access_trojan_rat/
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/
A new phishing scam targets American Express cardholders
https://securityaffairs.co/wordpress/135292/hacking/phishing-scam-targets-american-express.html
HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1
Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016
Video: Kernel Mode Driver Emulation with Speakeasy
https://www.reddit.com/r/Malware/comments/x5r7wg/video_kernel_mode_driver_emulation_with_speakeasy/
Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://malware.news/t/video-vba-maldoc-utf7-apt-c-35-sun-sep-4th/63106/1
IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html
Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1
The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.
https://www.reddit.com/r/Malware/comments/x64wcy/the_source_code_of_a_remote_access_trojan_rat/
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/
A new phishing scam targets American Express cardholders
https://securityaffairs.co/wordpress/135292/hacking/phishing-scam-targets-american-express.html
HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1
Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016
Video: Kernel Mode Driver Emulation with Speakeasy
https://www.reddit.com/r/Malware/comments/x5r7wg/video_kernel_mode_driver_emulation_with_speakeasy/
Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://malware.news/t/video-vba-maldoc-utf7-apt-c-35-sun-sep-4th/63106/1
IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html
Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Update: oledump.py Version 0.0.70
This is an update to plugin plugin_vba_dco.py, improving generalization and adding option -p. You can watch this maldoc analysis video to learn how to use the generalization feature of this plugin: oledump_V0_0_70.zip (http) MD5: D6EC4FD6B7BE60E01A98922BC06A1E8F…
Top Security News for 05/09/2022
Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html
Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1
IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html
Malware Analysis - Kernel Mode Driver Emulation with Speakeasy
https://malware.news/t/malware-analysis-kernel-mode-driver-emulation-with-speakeasy/63107/1
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/
WPHash - Fingerprinting WordPress Plugins, now in public beta and open to feedback and collaboration
https://www.reddit.com/r/netsec/comments/x5udxe/wphash_fingerprinting_wordpress_plugins_now_in/
Security compliance and cybersecurity first principles.
https://thecyberwire.com/podcasts/cso-perspectives-public/59/notes
Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016
SharkBot malware sneaks back on Google Play to steal your logins
https://www.reddit.com/r/Malware/comments/x68c1q/sharkbot_malware_sneaks_back_on_google_play_to/
HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow
https://securityaffairs.co/wordpress/135280/hacktivism/anonyomus-hacked-yandex-taxi.html
Update: oledump.py Version 0.0.70
https://malware.news/t/update-oledump-py-version-0-0-70/63105/1
IRS mistakenly published confidential info for roughly 120K taxpayers
https://securityaffairs.co/wordpress/135271/security/irs-data-leak.html
Malware Analysis - Kernel Mode Driver Emulation with Speakeasy
https://malware.news/t/malware-analysis-kernel-mode-driver-emulation-with-speakeasy/63107/1
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://www.reddit.com/r/lowlevel/comments/x5ieqo/theres_another_hole_in_your_soc_unisoc_rom/
WPHash - Fingerprinting WordPress Plugins, now in public beta and open to feedback and collaboration
https://www.reddit.com/r/netsec/comments/x5udxe/wphash_fingerprinting_wordpress_plugins_now_in/
Security compliance and cybersecurity first principles.
https://thecyberwire.com/podcasts/cso-perspectives-public/59/notes
Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th)
https://isc.sans.edu/diary/rss/29016
SharkBot malware sneaks back on Google Play to steal your logins
https://www.reddit.com/r/Malware/comments/x68c1q/sharkbot_malware_sneaks_back_on_google_play_to/
HWP File Disguised as Personal Profile Form (OLE Object)
https://malware.news/t/hwp-file-disguised-as-personal-profile-form-ole-object/63108/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Anonymous hacked Yandex taxi causing a traffic jam in Moscow
The popular collective Anonymous and the IT Army of Ukraine hacked the Yandex Taxi app causing a massive traffic jam in Moscow.
Top Security News for 06/09/2022
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html
SAT/SMT Solvers by Example
https://www.reddit.com/r/netsec/comments/x6y3hk/satsmt_solvers_by_example/
ISC StormCast for Tuesday, September 6th, 2022
https://isc.sans.edu/podcastdetail.html?id=8160
CVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files
https://www.reddit.com/r/netsec/comments/x6aqwc/cve202230190_aka_follina_uses_macroless_word_docs/
PackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.
https://www.reddit.com/r/Malware/comments/x6xpb4/packmypayload_emerging_threat_of_containerized/
Hacking my Helium Crypto Miner
https://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/
JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites
https://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1
ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1
Walkthrough of an unauthenticated RCE affecting pfBlockerNG <= 2.1.4_26 (CVE-2022-31814)
https://www.reddit.com/r/netsec/comments/x6b5is/walkthrough_of_an_unauthenticated_rce_affecting/
Microsoft will disable Basic authentication for Exchange Online in less than a month
https://www.malwarebytes.com/blog/news/2022/09/microsoft-to-disable-basic-auth-for-exchange-online-in-less-than-a-month
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html
SAT/SMT Solvers by Example
https://www.reddit.com/r/netsec/comments/x6y3hk/satsmt_solvers_by_example/
ISC StormCast for Tuesday, September 6th, 2022
https://isc.sans.edu/podcastdetail.html?id=8160
CVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files
https://www.reddit.com/r/netsec/comments/x6aqwc/cve202230190_aka_follina_uses_macroless_word_docs/
PackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.
https://www.reddit.com/r/Malware/comments/x6xpb4/packmypayload_emerging_threat_of_containerized/
Hacking my Helium Crypto Miner
https://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/
JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites
https://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1
ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1
Walkthrough of an unauthenticated RCE affecting pfBlockerNG <= 2.1.4_26 (CVE-2022-31814)
https://www.reddit.com/r/netsec/comments/x6b5is/walkthrough_of_an_unauthenticated_rce_affecting/
Microsoft will disable Basic authentication for Exchange Online in less than a month
https://www.malwarebytes.com/blog/news/2022/09/microsoft-to-disable-basic-auth-for-exchange-online-in-less-than-a-month
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
SAT/SMT Solvers by Example
Posted in r/netsec by u/ambray_ • 4 points and 0 comments
Top Security News for 06/09/2022
ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1
How Azure Active Directory opens new authentication risks
https://www.csoonline.com/article/3672531/how-azure-active-directory-opens-new-authentication-risks.html#tk.rss_all
Zero-day puts a dent in Chrome's mojo
https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited
Hacking my Helium Crypto Miner
https://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/
JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites
https://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html
ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://isc.sans.edu/diary/rss/29020
QNAP warns new Deadbolt ransomware attacks exploiting zero-day
https://securityaffairs.co/wordpress/135347/malware/qnap-deadbolt-ransomware-new-attacks.html
A week in security (August 29 - September 4)
https://malware.news/t/a-week-in-security-august-29-september-4/63121/1
Simulated Phishing (noun)
https://thecyberwire.com/podcasts/word-notes/115/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1
How Azure Active Directory opens new authentication risks
https://www.csoonline.com/article/3672531/how-azure-active-directory-opens-new-authentication-risks.html#tk.rss_all
Zero-day puts a dent in Chrome's mojo
https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited
Hacking my Helium Crypto Miner
https://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/
JPCERT/CC Releases URL Dataset of Confirmed Phishing Sites
https://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html
ISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)
https://isc.sans.edu/diary/rss/29020
QNAP warns new Deadbolt ransomware attacks exploiting zero-day
https://securityaffairs.co/wordpress/135347/malware/qnap-deadbolt-ransomware-new-attacks.html
A week in security (August 29 - September 4)
https://malware.news/t/a-week-in-security-august-29-september-4/63121/1
Simulated Phishing (noun)
https://thecyberwire.com/podcasts/word-notes/115/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Tuesday, September 6th, 2022 - SANS ISC
👍1
Top Security News for 07/09/2022
Integrating Live Patching in SecDevOps Workflows
https://thehackernews.com/2022/09/integrating-live-patching-in-secdevops.html
What Is Your Security Team Profile? Prevention, Detection, or Risk Management
https://thehackernews.com/2022/09/what-is-your-security-team-profile.html
SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x7j0gb/sharkfest21_wireshark_conference_playlist_hours/
23 year old Denial of Service bug in Curl
https://www.reddit.com/r/netsec/comments/x7e5kc/23_year_old_denial_of_service_bug_in_curl/
BrandPost: How Leading Companies Secure a Hybrid Workforce
https://www.csoonline.com/article/3672189/how-leading-companies-secure-a-hybrid-workforce.html#tk.rss_all
PackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.
https://www.reddit.com/r/Malware/comments/x7s1i0/packmypayload_emerging_threat_of_containerized/
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
https://www.csoonline.com/article/3223203/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html#tk.rss_all
IRS accidental data exposure. Samsung discloses data breach. Data breach sacks 49ers. Third-party data breach exposes KeyBank customer data.
https://thecyberwire.com/podcasts/privacy-briefing/662/notes
In-app browser security risks, and what to do about them
https://www.csoonline.com/article/3672234/in-app-browser-security-risks-and-what-to-do-about-them.html#tk.rss_all
QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw
https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Integrating Live Patching in SecDevOps Workflows
https://thehackernews.com/2022/09/integrating-live-patching-in-secdevops.html
What Is Your Security Team Profile? Prevention, Detection, or Risk Management
https://thehackernews.com/2022/09/what-is-your-security-team-profile.html
SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x7j0gb/sharkfest21_wireshark_conference_playlist_hours/
23 year old Denial of Service bug in Curl
https://www.reddit.com/r/netsec/comments/x7e5kc/23_year_old_denial_of_service_bug_in_curl/
BrandPost: How Leading Companies Secure a Hybrid Workforce
https://www.csoonline.com/article/3672189/how-leading-companies-secure-a-hybrid-workforce.html#tk.rss_all
PackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.
https://www.reddit.com/r/Malware/comments/x7s1i0/packmypayload_emerging_threat_of_containerized/
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
https://www.csoonline.com/article/3223203/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html#tk.rss_all
IRS accidental data exposure. Samsung discloses data breach. Data breach sacks 49ers. Third-party data breach exposes KeyBank customer data.
https://thecyberwire.com/podcasts/privacy-briefing/662/notes
In-app browser security risks, and what to do about them
https://www.csoonline.com/article/3672234/in-app-browser-security-risks-and-what-to-do-about-them.html#tk.rss_all
QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw
https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content : r/netsec
466K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…
Top Security News for 07/09/2022
Dream Setup (Continued)
https://0x00sec.org/t/dream-setup-continued/31071
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security
https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html
IRS accidental data exposure. Samsung discloses data breach. Data breach sacks 49ers. Third-party data breach exposes KeyBank customer data.
https://thecyberwire.com/podcasts/privacy-briefing/662/notes
Vulnerability Analysis of CVE-2018-12613 – phpMyAdmin 4.8.1 Remote Code Execution
https://www.reddit.com/r/netsec/comments/x7eain/vulnerability_analysis_of_cve201812613_phpmyadmin/
Update: hex-to-bin.py Version 0.0.6
https://malware.news/t/update-hex-to-bin-py-version-0-0-6/63170/1
What Is Your Security Team Profile? Prevention, Detection, or Risk Management
https://thehackernews.com/2022/09/what-is-your-security-team-profile.html
How to turn security research into profit: a CL.0 case study
https://www.reddit.com/r/netsec/comments/x7anu0/how_to_turn_security_research_into_profit_a_cl0/
SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x7j0gb/sharkfest21_wireshark_conference_playlist_hours/
TA505 Group's TeslaGun In-Depth Analysis
https://www.reddit.com/r/netsec/comments/x76sts/ta505_groups_teslagun_indepth_analysis/
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
https://www.csoonline.com/article/3223203/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Dream Setup (Continued)
https://0x00sec.org/t/dream-setup-continued/31071
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security
https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html
IRS accidental data exposure. Samsung discloses data breach. Data breach sacks 49ers. Third-party data breach exposes KeyBank customer data.
https://thecyberwire.com/podcasts/privacy-briefing/662/notes
Vulnerability Analysis of CVE-2018-12613 – phpMyAdmin 4.8.1 Remote Code Execution
https://www.reddit.com/r/netsec/comments/x7eain/vulnerability_analysis_of_cve201812613_phpmyadmin/
Update: hex-to-bin.py Version 0.0.6
https://malware.news/t/update-hex-to-bin-py-version-0-0-6/63170/1
What Is Your Security Team Profile? Prevention, Detection, or Risk Management
https://thehackernews.com/2022/09/what-is-your-security-team-profile.html
How to turn security research into profit: a CL.0 case study
https://www.reddit.com/r/netsec/comments/x7anu0/how_to_turn_security_research_into_profit_a_cl0/
SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x7j0gb/sharkfest21_wireshark_conference_playlist_hours/
TA505 Group's TeslaGun In-Depth Analysis
https://www.reddit.com/r/netsec/comments/x76sts/ta505_groups_teslagun_indepth_analysis/
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis
https://www.csoonline.com/article/3223203/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
0x00sec - The Home of the Hacker
Dream Setup (Continued)
Hello everyone, I thought that it would be fun to restart the dream setup conversation just for fun. Personally I would have a Inbox Zero gaming desk like this one. As well as three ASUS ROG Swift PG35VQ 35 Curved Monitors. I would also get a Apple Mac Pro…
Top Security News for 08/09/2022
Quickpost: Sun Drying Biodegradable Waste
https://malware.news/t/quickpost-sun-drying-biodegradable-waste/63201/1
ISC StormCast for Thursday, September 8th, 2022
https://isc.sans.edu/podcastdetail.html?id=8164
CIEM vs CWPP vs CSPM
https://malware.news/t/ciem-vs-cwpp-vs-cspm/63204/1
US lawmakers’ continued focus on TikTok as national security threat. NTSB lacks CISA-mandated vulnerability disclosure policy. US Army works to improve cybersecurity training.
https://thecyberwire.com/newsletters/policy-briefing/4/172
The Cost of a Data Breach for Government Agencies
https://securityintelligence.com/articles/cost-data-breach-government-agencies/
Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
https://thecyberwire.com/podcasts/daily-podcast/1657/notes
Edward Snowden and whistleblower ethics.
https://thecyberwire.com/podcasts/caveat/140/notes
Global companies say supply chain partners expose them to ransomware
https://www.csoonline.com/article/3672155/global-companies-say-supply-chain-partners-expose-them-to-ransomware.html#tk.rss_all
Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks
https://thehackernews.com/2022/09/some-members-of-conti-group-targeting.html
TTPs Associated With a New Version of the BlackCat Ransomware
https://www.reddit.com/r/netsec/comments/x85xf5/ttps_associated_with_a_new_version_of_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Quickpost: Sun Drying Biodegradable Waste
https://malware.news/t/quickpost-sun-drying-biodegradable-waste/63201/1
ISC StormCast for Thursday, September 8th, 2022
https://isc.sans.edu/podcastdetail.html?id=8164
CIEM vs CWPP vs CSPM
https://malware.news/t/ciem-vs-cwpp-vs-cspm/63204/1
US lawmakers’ continued focus on TikTok as national security threat. NTSB lacks CISA-mandated vulnerability disclosure policy. US Army works to improve cybersecurity training.
https://thecyberwire.com/newsletters/policy-briefing/4/172
The Cost of a Data Breach for Government Agencies
https://securityintelligence.com/articles/cost-data-breach-government-agencies/
Albania attributes major cyberattack to Iran. TikTok denies breach. New Linux malware.
https://thecyberwire.com/podcasts/daily-podcast/1657/notes
Edward Snowden and whistleblower ethics.
https://thecyberwire.com/podcasts/caveat/140/notes
Global companies say supply chain partners expose them to ransomware
https://www.csoonline.com/article/3672155/global-companies-say-supply-chain-partners-expose-them-to-ransomware.html#tk.rss_all
Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks
https://thehackernews.com/2022/09/some-members-of-conti-group-targeting.html
TTPs Associated With a New Version of the BlackCat Ransomware
https://www.reddit.com/r/netsec/comments/x85xf5/ttps_associated_with_a_new_version_of_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Quickpost: Sun Drying Biodegradable Waste
As biodegradable waste contains a lot of water, I was wondering how much mass reduction I can achieve by exposing it to the sun (by evaporating some of the contained water). On a sunny day in March (Belgium), I weighed these fruit peels (I had just consumed…
Top Security News for 08/09/2022
ISC Stormcast For Thursday, September 8th, 2022 https://isc.sans.edu/podcastdetail.html?id=8164, (Thu, Sep 8th)
https://malware.news/t/isc-stormcast-for-thursday-september-8th-2022-https-isc-sans-edu-podcastdetail-html-id-8164-thu-sep-8th/63205/1
How to set up an Android for your kids
https://www.malwarebytes.com/blog/news/2022/09/how-to-set-up-an-android-for-your-kids
Los Angeles school district hit by ransomware. CISA and FBI issue a Joint Advisory on the Vice Society. Comment on the data incident at KeyBank.
https://thecyberwire.com/podcasts/privacy-briefing/663/notes
Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards
https://thehackernews.com/2022/09/authorities-shut-down-wt1shop-site-for.html
Go beyond compliance with Microsoft Purview
https://thecyberwire.com/podcasts/uncovering-hidden-risks/3/notes
Quickpost: Sun Drying Biodegradable Waste
https://malware.news/t/quickpost-sun-drying-biodegradable-waste/63201/1
Warning issued about Vice Society ransomware targeting the education sector
https://www.malwarebytes.com/blog/news/2022/09/authorities-issue-warning-about-vice-society-ransomware-targeting-the-education-sector
Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products
https://thehackernews.com/2022/09/cisco-releases-security-patches-for-new.html
SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x8bdvv/sharkfest21_wireshark_conference_playlist_hours/
4 strategy game-changers for finding cybersecurity talent
https://www.csoonline.com/article/3672429/4-strategy-game-changers-for-finding-cybersecurity-talent.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC Stormcast For Thursday, September 8th, 2022 https://isc.sans.edu/podcastdetail.html?id=8164, (Thu, Sep 8th)
https://malware.news/t/isc-stormcast-for-thursday-september-8th-2022-https-isc-sans-edu-podcastdetail-html-id-8164-thu-sep-8th/63205/1
How to set up an Android for your kids
https://www.malwarebytes.com/blog/news/2022/09/how-to-set-up-an-android-for-your-kids
Los Angeles school district hit by ransomware. CISA and FBI issue a Joint Advisory on the Vice Society. Comment on the data incident at KeyBank.
https://thecyberwire.com/podcasts/privacy-briefing/663/notes
Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards
https://thehackernews.com/2022/09/authorities-shut-down-wt1shop-site-for.html
Go beyond compliance with Microsoft Purview
https://thecyberwire.com/podcasts/uncovering-hidden-risks/3/notes
Quickpost: Sun Drying Biodegradable Waste
https://malware.news/t/quickpost-sun-drying-biodegradable-waste/63201/1
Warning issued about Vice Society ransomware targeting the education sector
https://www.malwarebytes.com/blog/news/2022/09/authorities-issue-warning-about-vice-society-ransomware-targeting-the-education-sector
Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products
https://thehackernews.com/2022/09/cisco-releases-security-patches-for-new.html
SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
https://www.reddit.com/r/netsec/comments/x8bdvv/sharkfest21_wireshark_conference_playlist_hours/
4 strategy game-changers for finding cybersecurity talent
https://www.csoonline.com/article/3672429/4-strategy-game-changers-for-finding-cybersecurity-talent.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Thursday, September 8th, 2022 - SANS ISC
Top Security News for 09/09/2022
Monkey 365 is a plugin-based PowerShell module that can be used to review the security posture of your Microsoft cloud environment.
https://www.reddit.com/r/netsec/comments/x8thy3/monkey_365_is_a_pluginbased_powershell_module/
Quickpost: Dolmen du roc de l’Arca
https://malware.news/t/quickpost-dolmen-du-roc-de-l-arca/63242/1
Shopify Fails to Prevent Known Breached Passwords
https://thehackernews.com/2022/09/shopify-fails-to-prevent-known-breached.html
Microsoft investigates Iranian attacks against the Albanian government
https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/
Ransomware review: August 2022
https://www.malwarebytes.com/blog/threat-intelligence/2022/09/ransomware-review-august-2022
Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords
https://malware.news/t/threat-source-newsletter-sept-8-2022-why-there-is-no-one-stop-shop-solution-for-protecting-passwords/63240/1
CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog
https://securityaffairs.co/wordpress/135491/security/cisa-known-exploited-vulnerabilities-catalog-flaws-2.html
Cisco will not fix the authentication bypass flaw in EoL routers
https://securityaffairs.co/wordpress/135464/security/cisco-security-flaws.html
Chinese and Iranian cyberespionage reported. Cybersecurity for SMBs. Conti's old playbook used against Ukraine. Telco resiliency.
https://thecyberwire.com/newsletters/daily-briefing/11/173
ISC Stormcast For Friday, September 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8166, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29030
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Monkey 365 is a plugin-based PowerShell module that can be used to review the security posture of your Microsoft cloud environment.
https://www.reddit.com/r/netsec/comments/x8thy3/monkey_365_is_a_pluginbased_powershell_module/
Quickpost: Dolmen du roc de l’Arca
https://malware.news/t/quickpost-dolmen-du-roc-de-l-arca/63242/1
Shopify Fails to Prevent Known Breached Passwords
https://thehackernews.com/2022/09/shopify-fails-to-prevent-known-breached.html
Microsoft investigates Iranian attacks against the Albanian government
https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/
Ransomware review: August 2022
https://www.malwarebytes.com/blog/threat-intelligence/2022/09/ransomware-review-august-2022
Threat Source newsletter (Sept. 8, 2022) — Why there is no one-stop-shop solution for protecting passwords
https://malware.news/t/threat-source-newsletter-sept-8-2022-why-there-is-no-one-stop-shop-solution-for-protecting-passwords/63240/1
CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog
https://securityaffairs.co/wordpress/135491/security/cisa-known-exploited-vulnerabilities-catalog-flaws-2.html
Cisco will not fix the authentication bypass flaw in EoL routers
https://securityaffairs.co/wordpress/135464/security/cisco-security-flaws.html
Chinese and Iranian cyberespionage reported. Cybersecurity for SMBs. Conti's old playbook used against Ukraine. Telco resiliency.
https://thecyberwire.com/newsletters/daily-briefing/11/173
ISC Stormcast For Friday, September 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8166, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29030
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
Monkey 365 is a plugin-based PowerShell module that can be used to...
Posted in r/netsec by u/sanitybit • 81 points and 8 comments
Top Security News for 09/09/2022
Australian Workers Are the Latest International Apple Staff to Unionise
https://www.vice.com/en_us/article/qjk3eb/australian-workers-union-apple-strike
Ransomware review: August 2022
https://www.malwarebytes.com/blog/threat-intelligence/2022/09/ransomware-review-august-2022
ISC Stormcast For Friday, September 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8166, (Fri, Sep 9th)
https://malware.news/t/isc-stormcast-for-friday-september-9th-2022-https-isc-sans-edu-podcastdetail-html-id-8166-fri-sep-9th/63244/1
ISC StormCast for Friday, September 9th, 2022
https://isc.sans.edu/podcastdetail.html?id=8166
How posting personal and business photos can be a security risk
https://www.csoonline.com/article/3672869/how-posting-personal-and-business-photos-can-be-a-security-risk.html#tk.rss_all
Exploiting Laravel based applications with leaked APP_KEYs and Queues
https://www.reddit.com/r/netsec/comments/x8utoj/exploiting_laravel_based_applications_with_leaked/
Bypass Credential Exfiltration Detection - Hacking The Cloud
https://www.reddit.com/r/netsec/comments/x920z9/bypass_credential_exfiltration_detection_hacking/
Chinese and Iranian cyberespionage reported. Cybersecurity for SMBs. Conti's old playbook used against Ukraine. Telco resiliency.
https://thecyberwire.com/newsletters/daily-briefing/11/173
ISC Stormcast For Friday, September 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8166, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29030
Chasing the Cyber 1%: How to Beat the Cybersecurity Poverty Line
https://securityintelligence.com/articles/rise-above-cybersecurity-poverty-line/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Australian Workers Are the Latest International Apple Staff to Unionise
https://www.vice.com/en_us/article/qjk3eb/australian-workers-union-apple-strike
Ransomware review: August 2022
https://www.malwarebytes.com/blog/threat-intelligence/2022/09/ransomware-review-august-2022
ISC Stormcast For Friday, September 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8166, (Fri, Sep 9th)
https://malware.news/t/isc-stormcast-for-friday-september-9th-2022-https-isc-sans-edu-podcastdetail-html-id-8166-fri-sep-9th/63244/1
ISC StormCast for Friday, September 9th, 2022
https://isc.sans.edu/podcastdetail.html?id=8166
How posting personal and business photos can be a security risk
https://www.csoonline.com/article/3672869/how-posting-personal-and-business-photos-can-be-a-security-risk.html#tk.rss_all
Exploiting Laravel based applications with leaked APP_KEYs and Queues
https://www.reddit.com/r/netsec/comments/x8utoj/exploiting_laravel_based_applications_with_leaked/
Bypass Credential Exfiltration Detection - Hacking The Cloud
https://www.reddit.com/r/netsec/comments/x920z9/bypass_credential_exfiltration_detection_hacking/
Chinese and Iranian cyberespionage reported. Cybersecurity for SMBs. Conti's old playbook used against Ukraine. Telco resiliency.
https://thecyberwire.com/newsletters/daily-briefing/11/173
ISC Stormcast For Friday, September 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8166, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29030
Chasing the Cyber 1%: How to Beat the Cybersecurity Poverty Line
https://securityintelligence.com/articles/rise-above-cybersecurity-poverty-line/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Vice
Australian Workers Are the Latest International Apple Staff to Unionise
Unionised Apple workers in Australia told VICE World News that they plan to protest poor pay by refusing to sell certain products or to work at all.
Top Security News for 10/09/2022
Maldoc With Decoy BASE64, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29032
Comparing Operating Systems for Pen Testing
https://0x00sec.org/t/comparing-operating-systems-for-pen-testing/31125
The top challenge for your cloud security practice isn’t what you think
https://malware.news/t/the-top-challenge-for-your-cloud-security-practice-isn-t-what-you-think/63253/1
Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically
https://www.reddit.com/r/netsec/comments/x9r04m/fuzzing_beyond_memory_corruption_finding_broader/
The Art of Code
https://0x00sec.org/t/the-art-of-code/31137
Spotlight: Occlum open source software for Intel SGX
https://www.reddit.com/r/netsec/comments/x9z56o/spotlight_occlum_open_source_software_for_intel/
Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin
https://securityaffairs.co/wordpress/135518/hacking/backupbuddy-wordpress-zero-day.html
Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices
https://securityaffairs.co/wordpress/135511/apt/dev-0270-abuses-bitlocker-attacks.html
These hackers used Log4Shell vulnerability to target US energy firms
https://malware.news/t/these-hackers-used-log4shell-vulnerability-to-target-us-energy-firms/63252/1
U.S. Sanctions Iran—Under New Treasury Rules—for Attack on Albania
https://malware.news/t/u-s-sanctions-iran-under-new-treasury-rules-for-attack-on-albania/63258/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Maldoc With Decoy BASE64, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29032
Comparing Operating Systems for Pen Testing
https://0x00sec.org/t/comparing-operating-systems-for-pen-testing/31125
The top challenge for your cloud security practice isn’t what you think
https://malware.news/t/the-top-challenge-for-your-cloud-security-practice-isn-t-what-you-think/63253/1
Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically
https://www.reddit.com/r/netsec/comments/x9r04m/fuzzing_beyond_memory_corruption_finding_broader/
The Art of Code
https://0x00sec.org/t/the-art-of-code/31137
Spotlight: Occlum open source software for Intel SGX
https://www.reddit.com/r/netsec/comments/x9z56o/spotlight_occlum_open_source_software_for_intel/
Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin
https://securityaffairs.co/wordpress/135518/hacking/backupbuddy-wordpress-zero-day.html
Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices
https://securityaffairs.co/wordpress/135511/apt/dev-0270-abuses-bitlocker-attacks.html
These hackers used Log4Shell vulnerability to target US energy firms
https://malware.news/t/these-hackers-used-log4shell-vulnerability-to-target-us-energy-firms/63252/1
U.S. Sanctions Iran—Under New Treasury Rules—for Attack on Albania
https://malware.news/t/u-s-sanctions-iran-under-new-treasury-rules-for-attack-on-albania/63258/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Internet Storm Center Diary 2022-10-07, Author: Johannes Ullrich
Top Security News for 10/09/2022
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
https://thecyberwire.com/podcasts/daily-podcast/1659/notes
Ukraine at D+197: Lessons from the hybrid war.
https://thecyberwire.com/stories/d7a434583af04b1a84ab9d16bd966308/ukraine-at-d197
Comparing Operating Systems for Pen Testing
https://0x00sec.org/t/comparing-operating-systems-for-pen-testing/31125
Maldoc With Decoy BASE64, (Fri, Sep 9th)
https://malware.news/t/maldoc-with-decoy-base64-fri-sep-9th/63254/1
Steve Carter from Nucleus Security discusses his thoughts on AI in cybersecurity.
https://thecyberwire.com/podcasts/interview-selects/127/notes
Ransomware attack knocked a Kentucky city-operated ISP offline before holiday
https://malware.news/t/ransomware-attack-knocked-a-kentucky-city-operated-isp-offline-before-holiday/63255/1
6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged
https://thehackernews.com/2022/09/6-top-api-security-risks-favored.html
Maldoc With Decoy BASE64, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29032
ESET Research uncovers new APT group Worok – Week in security with Tony Anscombe
https://malware.news/t/eset-research-uncovers-new-apt-group-worok-week-in-security-with-tony-anscombe/63260/1
How Simple Claims of Election Interference Can be Enough to Prompt Real-World Threats
https://malware.news/t/how-simple-claims-of-election-interference-can-be-enough-to-prompt-real-world-threats/63257/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
https://thecyberwire.com/podcasts/daily-podcast/1659/notes
Ukraine at D+197: Lessons from the hybrid war.
https://thecyberwire.com/stories/d7a434583af04b1a84ab9d16bd966308/ukraine-at-d197
Comparing Operating Systems for Pen Testing
https://0x00sec.org/t/comparing-operating-systems-for-pen-testing/31125
Maldoc With Decoy BASE64, (Fri, Sep 9th)
https://malware.news/t/maldoc-with-decoy-base64-fri-sep-9th/63254/1
Steve Carter from Nucleus Security discusses his thoughts on AI in cybersecurity.
https://thecyberwire.com/podcasts/interview-selects/127/notes
Ransomware attack knocked a Kentucky city-operated ISP offline before holiday
https://malware.news/t/ransomware-attack-knocked-a-kentucky-city-operated-isp-offline-before-holiday/63255/1
6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged
https://thehackernews.com/2022/09/6-top-api-security-risks-favored.html
Maldoc With Decoy BASE64, (Fri, Sep 9th)
https://isc.sans.edu/diary/rss/29032
ESET Research uncovers new APT group Worok – Week in security with Tony Anscombe
https://malware.news/t/eset-research-uncovers-new-apt-group-worok-week-in-security-with-tony-anscombe/63260/1
How Simple Claims of Election Interference Can be Enough to Prompt Real-World Threats
https://malware.news/t/how-simple-claims-of-election-interference-can-be-enough-to-prompt-real-world-threats/63257/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Threats to US elections. Lazarus Group targeting energy companies. Gaming-related threats.
Nation-states are expected to target the US midterm elections. North Korea’s Lazarus Group is targeting energy companies. The Ukraine’s Ministry of Digital Transformation on cyber lessons learned from Russia’s hybrid war against Ukraine. CISA flags twelve…
Top Security News for 11/09/2022
Mark Logan: March towards your goals. [CEO]
https://thecyberwire.com/podcasts/career-notes/116/notes
x86matthew - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
https://www.reddit.com/r/netsec/comments/xau68m/x86matthew_writeprocessmemoryapc_write_memory_to/
XORCry - a simple python ransomware
https://0x00sec.org/t/xorcry-a-simple-python-ransomware/31148
IHG suffered a cyberattack that severely impacted its booking process
https://securityaffairs.co/wordpress/135572/hacking/ihg-suffered-cyberattack.html
Phishing Word Documents with Suspicious URL, (Sat, Sep 10th)
https://isc.sans.edu/diary/rss/29034
AmCache Revisited
https://malware.news/t/amcache-revisited/63261/1
Ransomware gangs switching to new intermittent encryption tactic
https://www.reddit.com/r/Malware/comments/xazsib/ransomware_gangs_switching_to_new_intermittent/
YouTube transparency report shows battle against misinformation
https://www.malwarebytes.com/blog/news/2022/09/youtubes-latest-transparency-report-shows-battle-in-misinformation-trenches
Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan
https://malware.news/t/cisco-log4j-vulnerability-used-to-attack-energy-companies-in-canada-us-and-japan/63262/1
U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania
https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Mark Logan: March towards your goals. [CEO]
https://thecyberwire.com/podcasts/career-notes/116/notes
x86matthew - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
https://www.reddit.com/r/netsec/comments/xau68m/x86matthew_writeprocessmemoryapc_write_memory_to/
XORCry - a simple python ransomware
https://0x00sec.org/t/xorcry-a-simple-python-ransomware/31148
IHG suffered a cyberattack that severely impacted its booking process
https://securityaffairs.co/wordpress/135572/hacking/ihg-suffered-cyberattack.html
Phishing Word Documents with Suspicious URL, (Sat, Sep 10th)
https://isc.sans.edu/diary/rss/29034
AmCache Revisited
https://malware.news/t/amcache-revisited/63261/1
Ransomware gangs switching to new intermittent encryption tactic
https://www.reddit.com/r/Malware/comments/xazsib/ransomware_gangs_switching_to_new_intermittent/
YouTube transparency report shows battle against misinformation
https://www.malwarebytes.com/blog/news/2022/09/youtubes-latest-transparency-report-shows-battle-in-misinformation-trenches
Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan
https://malware.news/t/cisco-log4j-vulnerability-used-to-attack-energy-companies-in-canada-us-and-japan/63262/1
U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania
https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Mark Logan: March towards your goals. [CEO]
Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current…
Top Security News for 11/09/2022
Phishing Word Documents with Suspicious URL, (Sat, Sep 10th)
https://malware.news/t/phishing-word-documents-with-suspicious-url-sat-sep-10th/63263/1
Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents
https://thehackernews.com/2022/09/iranian-apt42-launched-over-30.html
Maldoc Analysis Video – Rehearsed & Unrehearsed
https://malware.news/t/maldoc-analysis-video-rehearsed-unrehearsed/63264/1
Mark Logan: March towards your goals. [CEO]
https://thecyberwire.com/podcasts/career-notes/116/notes
China-Linked BRONZE PRESIDENT APT targets Government officials worldwide
https://securityaffairs.co/wordpress/135557/apt/bronze-president-plugx-malware.html
x86matthew - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
https://www.reddit.com/r/netsec/comments/xau68m/x86matthew_writeprocessmemoryapc_write_memory_to/
U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania
https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html
Scammers live-streamed on YouTube a fake Apple crypto event
https://securityaffairs.co/wordpress/135549/cyber-crime/fake-apple-crypto-event-youtube.html
Ransomware gangs switching to new intermittent encryption tactic
https://www.reddit.com/r/Malware/comments/xazsib/ransomware_gangs_switching_to_new_intermittent/
XORCry - a simple python ransomware
https://0x00sec.org/t/xorcry-a-simple-python-ransomware/31148
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Phishing Word Documents with Suspicious URL, (Sat, Sep 10th)
https://malware.news/t/phishing-word-documents-with-suspicious-url-sat-sep-10th/63263/1
Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents
https://thehackernews.com/2022/09/iranian-apt42-launched-over-30.html
Maldoc Analysis Video – Rehearsed & Unrehearsed
https://malware.news/t/maldoc-analysis-video-rehearsed-unrehearsed/63264/1
Mark Logan: March towards your goals. [CEO]
https://thecyberwire.com/podcasts/career-notes/116/notes
China-Linked BRONZE PRESIDENT APT targets Government officials worldwide
https://securityaffairs.co/wordpress/135557/apt/bronze-president-plugx-malware.html
x86matthew - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
https://www.reddit.com/r/netsec/comments/xau68m/x86matthew_writeprocessmemoryapc_write_memory_to/
U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania
https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html
Scammers live-streamed on YouTube a fake Apple crypto event
https://securityaffairs.co/wordpress/135549/cyber-crime/fake-apple-crypto-event-youtube.html
Ransomware gangs switching to new intermittent encryption tactic
https://www.reddit.com/r/Malware/comments/xazsib/ransomware_gangs_switching_to_new_intermittent/
XORCry - a simple python ransomware
https://0x00sec.org/t/xorcry-a-simple-python-ransomware/31148
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Phishing Word Documents with Suspicious URL, (Sat, Sep 10th)
Got this word document this week that was quarantined as phishing by Defender (223341099.docx) with the Subject: Urgent Payment Issue. Using Didier malware analysis tools, I ran through the following checks to see what could be embedded in it that is likely…
Top Security News for 12/09/2022
Security compliance around the Hash Table.
https://thecyberwire.com/podcasts/cso-perspectives-public/60/notes
Best Bluetooth trackers of 2022: AirTag and alternatives
https://malware.news/t/best-bluetooth-trackers-of-2022-airtag-and-alternatives/63269/1
ISC Stormcast For Monday, September 12th, 2022 https://isc.sans.edu/podcastdetail.html?id=8168, (Mon, Sep 12th)
https://malware.news/t/isc-stormcast-for-monday-september-12th-2022-https-isc-sans-edu-podcastdetail-html-id-8168-mon-sep-12th/63268/1
How requests-ip-rotator for bypassing rate limiting got me 6th on the leaderboard for ipv4.games
https://www.reddit.com/r/netsec/comments/xbpm5z/how_requestsiprotator_for_bypassing_rate_limiting/
Thoughts on the use of NoVNC for phishing campaigns
https://www.reddit.com/r/netsec/comments/xbkvhz/thoughts_on_the_use_of_novnc_for_phishing/
Wireshark 3.6.8 and 4.0.0rc1 Released, (Sun, Sep 11th)
https://malware.news/t/wireshark-3-6-8-and-4-0-0rc1-released-sun-sep-11th/63265/1
ISC Stormcast For Monday, September 12th, 2022 https://isc.sans.edu/podcastdetail.html?id=8168, (Mon, Sep 12th)
https://isc.sans.edu/diary/rss/29038
The ransomware problem won't get better until we change one thing
https://malware.news/t/the-ransomware-problem-wont-get-better-until-we-change-one-thing/63266/1
"Pull Request Hijacking" - bypassing code review enforcement in GitHub
https://www.reddit.com/r/netsec/comments/xbntnh/pull_request_hijacking_bypassing_code_review/
The Anatomy of a Malicious Package
https://www.reddit.com/r/netsec/comments/xc28ms/the_anatomy_of_a_malicious_package/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security compliance around the Hash Table.
https://thecyberwire.com/podcasts/cso-perspectives-public/60/notes
Best Bluetooth trackers of 2022: AirTag and alternatives
https://malware.news/t/best-bluetooth-trackers-of-2022-airtag-and-alternatives/63269/1
ISC Stormcast For Monday, September 12th, 2022 https://isc.sans.edu/podcastdetail.html?id=8168, (Mon, Sep 12th)
https://malware.news/t/isc-stormcast-for-monday-september-12th-2022-https-isc-sans-edu-podcastdetail-html-id-8168-mon-sep-12th/63268/1
How requests-ip-rotator for bypassing rate limiting got me 6th on the leaderboard for ipv4.games
https://www.reddit.com/r/netsec/comments/xbpm5z/how_requestsiprotator_for_bypassing_rate_limiting/
Thoughts on the use of NoVNC for phishing campaigns
https://www.reddit.com/r/netsec/comments/xbkvhz/thoughts_on_the_use_of_novnc_for_phishing/
Wireshark 3.6.8 and 4.0.0rc1 Released, (Sun, Sep 11th)
https://malware.news/t/wireshark-3-6-8-and-4-0-0rc1-released-sun-sep-11th/63265/1
ISC Stormcast For Monday, September 12th, 2022 https://isc.sans.edu/podcastdetail.html?id=8168, (Mon, Sep 12th)
https://isc.sans.edu/diary/rss/29038
The ransomware problem won't get better until we change one thing
https://malware.news/t/the-ransomware-problem-wont-get-better-until-we-change-one-thing/63266/1
"Pull Request Hijacking" - bypassing code review enforcement in GitHub
https://www.reddit.com/r/netsec/comments/xbntnh/pull_request_hijacking_bypassing_code_review/
The Anatomy of a Malicious Package
https://www.reddit.com/r/netsec/comments/xc28ms/the_anatomy_of_a_malicious_package/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Security compliance around the Hash Table.
Security compliance and privacy compliance are cybersecurity first principle strategies. On the Hash Table, Tom Quinn of T. Rowe Price argues for why compliance is both good for business and good for security.