Top Security New for 17/05/2022

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
https://thehackernews.com/2022/05/watch-out-hackers-begin-exploiting.html

Why MRG-Effitas matters to SMBs
https://blog.malwarebytes.com/malwarebytes-news/2022/05/why-mrg-effitas-matters-to-smbs/

Users advised to patch actively exploited Zyxel vulnerability. Hacktivism and influence ops in Russia’s hybrid war. Ransomware notes. Indiscriminate hacktivism? Alt-coin sanctions case will proceed.
https://thecyberwire.com/podcasts/daily-podcast/1579/notes

A dev's critique of OAUTH2, based on their experience. "OAUTH2 ... places the viability of [client developers'] products in the hands of corporate entities who are in no way accountable to anyone except their major shareholders."
https://www.reddit.com/r/netsec/comments/urfk8m/a_devs_critique_of_oauth2_based_on_their/

Army’s New ‘Psyop’ Recruitment Ad Looks Like a Terrifying Video Game Cutscene
https://www.vice.com/en_us/article/93bxwz/armys-new-recruitment-ad-looks-like-a-terrifying-video-game-cutscene

ISC Stormcast For Tuesday, May 17th, 2022 https://isc.sans.edu/podcastdetail.html?id=8010, (Tue, May 17th)
https://isc.sans.edu/diary/rss/28656

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/

BrandPost: The Cyberwar Against Pro-Ukrainian Countries is Real. Here’s What to Do
https://www.csoonline.com/article/3660576/the-cyberwar-against-pro-ukrainian-countries-is-real-here-s-what-to-do.html#tk.rss_all

12 steps to building a top-notch vulnerability management program
https://www.csoonline.com/article/3659838/12-steps-to-building-a-top-notch-vulnerability-management-program.html#tk.rss_all

SMM Callouts in HP Products
https://www.reddit.com/r/netsec/comments/uquoz6/smm_callouts_in_hp_products/



For more information, feel free to follow me at @ShayaFeedman on Twitter

Top Security New for 18/05/2022

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/update-now-apple-patches-zero-day-vulnerability-affecting-macs-apple-watch-and-apple-tv/

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer
https://thehackernews.com/2022/05/over-200-apps-on-play-store-caught.html

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/gmail-linked-facebook-accounts-vulnerable-to-attack-using-a-chain-of-bugs-now-fixed/

Long lost @ symbol gets new life obscuring malicious URLs
https://blog.malwarebytes.com/social-engineering/2022/05/long-lost-symbol-gets-new-life-obscuring-malicious-urls/

A dev's critique of OAUTH2, based on their experience. "OAUTH2 ... places the viability of [client developers'] products in the hands of corporate entities who are in no way accountable to anyone except their major shareholders."
https://www.reddit.com/r/netsec/comments/urfk8m/a_devs_critique_of_oauth2_based_on_their/

Kids 5 to 11 get FDA OK for COVID-19 booster doses
https://arstechnica.com/?p=1854632

Stealing Google Drive OAuth tokens from Dropbox
https://www.reddit.com/r/netsec/comments/urvcip/stealing_google_drive_oauth_tokens_from_dropbox/

“Look what I found here” phish targets Facebook users
https://blog.malwarebytes.com/scams/2022/05/look-what-i-found-here-phish-targets-facebook-users/

BrandPost: DDos Extortion Takes VoIP Providers Offline
https://www.csoonline.com/article/3660514/ddos-extortion-takes-voip-providers-offline.html#tk.rss_all

Car owners warned of another theft-enabling relay attack
https://blog.malwarebytes.com/hacking-2/2022/05/car-owners-warned-of-another-theft-enabling-relay-attack/



For more information, feel free to follow me at @ShayaFeedman on Twitter

Top Security New for 19/05/2022

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html

BrandPost: How a Culture of Learning Can Help Close the Cybersecurity Skills Gap
https://www.csoonline.com/article/3661228/how-a-culture-of-learning-can-help-close-the-cybersecurity-skills-gap.html#tk.rss_all

Google Russia forced to declare bankruptcy after bank account seizure
https://arstechnica.com/?p=1854920

U.S. Warns Against North Korean Hackers Posing as IT Freelancers
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

What Microsoft Defender can tell you about your network
https://www.csoonline.com/article/3660494/what-microsoft-defender-can-tell-you-about-your-network.html#tk.rss_all

ISC Stormcast For Thursday, May 19th, 2022 https://isc.sans.edu/podcastdetail.html?id=8014, (Thu, May 19th)
https://malware.news/t/isc-stormcast-for-thursday-may-19th-2022-https-isc-sans-edu-podcastdetail-html-id-8014-thu-may-19th/60274/1

ISC Stormcast For Thursday, May 19th, 2022 https://isc.sans.edu/podcastdetail.html?id=8014, (Thu, May 19th)
https://isc.sans.edu/diary/rss/28666

2022-05-18 - Pcap and malware for ISC diary: EXOTIC LILY --> Bumblebee --> Cobalt Strike
https://malware.news/t/2022-05-18-pcap-and-malware-for-isc-diary-exotic-lily-bumblebee-cobalt-strike/60276/1

Ransomware: What’s in a Name?
https://malware.news/t/ransomware-what-s-in-a-name/60270/1

2022-05-18 - TA578 thread-hijacked emails and ISO example for Bumblebee
https://malware.news/t/2022-05-18-ta578-thread-hijacked-emails-and-iso-example-for-bumblebee/60273/1



For more information, feel free to follow me at https://twitter.com/ShayaFeedman

Top Security New for 20/05/2022

Uber CISO's trial underscores the importance of truth, transparency, and trust
https://www.csoonline.com/article/3660560/uber-cisos-trial-underscores-the-importance-of-truth-transparency-and-trust.html#tk.rss_all

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
https://www.reddit.com/r/netsec/comments/ut76ps/rise_in_xorddos_a_deeper_look_at_the_stealthy/

QuSecure launches end-to-end post-quantum cybersecurity solution
https://www.csoonline.com/article/3660775/qusecure-launches-end-to-end-post-quantum-cybersecurity-solution.html#tk.rss_all

10 ways attackers gain access to networks
https://blog.malwarebytes.com/hacking-2/2022/05/10-ways-attackers-gain-access-to-networks/

ISC Stormcast For Friday, May 20th, 2022 https://isc.sans.edu/podcastdetail.html?id=8016, (Fri, May 20th)
https://isc.sans.edu/diary/rss/28668

WannaCry 5 years on: Still a top threat
https://www.csoonline.com/article/3660575/wannacry-5-years-on-still-a-top-threat.html#tk.rss_all

Is Hack the Kernel a great way to learn operating systems?
https://www.reddit.com/r/lowlevel/comments/utf4ij/is_hack_the_kernel_a_great_way_to_learn_operating/

Enterprises report rise in risk events, yet risk management lags
https://www.csoonline.com/article/3661350/enterprises-report-rise-in-risk-events-yet-risk-management-lags.html#tk.rss_all

Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit
https://thehackernews.com/2022/05/web-trackers-caught-intercepting-online.html

[RE027] China-based APT Mustang Panda might have still continued their attack activities against organizations in Vietnam
https://malware.news/t/re027-china-based-apt-mustang-panda-might-have-still-continued-their-attack-activities-against-organizations-in-vietnam/60324/1


Follow Top Cyber News on https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security New for 21/05/2022

[SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes
https://blog.rootshell.be/2022/05/20/sans-isc-a-zip-bomb-to-bypass-security-controls-sandboxes/

When eBPF meets TLS! A Security Focused Introduction to eBPF
https://www.reddit.com/r/netsec/comments/uu9agd/when_ebpf_meets_tls_a_security_focused/

Tesla, Microsoft and Ubuntu bugs found during Pwn2Own hacking competition
https://malware.news/t/tesla-microsoft-and-ubuntu-bugs-found-during-pwn2own-hacking-competition/60356/1

Shift left is only part of secure software delivery
https://malware.news/t/shift-left-is-only-part-of-secure-software-delivery/60354/1

Canada bans Huawei, ZTE in 5G networks
https://www.networkworld.com/article/3661691/canada-bans-huawei-zte-in-5g-networks.html#tk.rss_all

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices
https://thehackernews.com/2022/05/microsoft-warns-rise-in-xorddos-malware.html

Matryoshka Trap: Recursive MMIO Flaws Lead to VM Escape
https://www.reddit.com/r/netsec/comments/uuaeqm/matryoshka_trap_recursive_mmio_flaws_lead_to_vm/

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits
https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html

Is Conti rebranding? Commercial spyware scrutinized. Notes from the cyber phases of a hybrid war. Notes on the underworld. Software supply chain attack. Canada will exclude Huawei from 5G.
https://thecyberwire.com/podcasts/daily-podcast/1583/notes

Raytheon’s John DeSimone on building the offensive line
https://www.csoonline.com/article/3660638/raytheon-s-john-desimone-on-building-the-offensive-line.html#tk.rss_all


Follow Top Cyber News on https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security New for 22/05/2022

Biden administration lays out plan for four carbon-capture facilities
https://arstechnica.com/?p=1855569

Asian media company Nikkei suffered a ransomware attack
https://securityaffairs.co/wordpress/131533/data-breach/nikkei-data-breach.html

Russia-linked Sandworm continues to conduct attacks against Ukraine
https://securityaffairs.co/wordpress/131523/apt/sandworm-attacks-against-ukraine.html

Metastealer – filling the Racoon void
https://www.reddit.com/r/Malware/comments/uuhier/metastealer_filling_the_racoon_void/

AutoWarp bug leads to Automation headaches.
https://thecyberwire.com/podcasts/research-saturday/233/notes

SolarWinds ready to move past breach and help customers manage theirs
https://malware.news/t/solarwinds-ready-to-move-past-breach-and-help-customers-manage-theirs/60360/1

Researchers Find Backdoor in School Management Plugin for WordPress
https://thehackernews.com/2022/05/researchers-find-backdoor-in-school.html

Metastealer – filling the Racoon void
https://www.reddit.com/r/netsec/comments/uuob6i/metastealer_filling_the_racoon_void/

$547 Worth of 18 Books on Python Coding by Starch Press for $18 (-97% oFF)
https://www.reddit.com/r/netsec/comments/uul1lw/547_worth_of_18_books_on_python_coding_by_starch/

network configuration for malware analysis
https://www.reddit.com/r/Malware/comments/uuuwv3/network_configuration_for_malware_analysis/


Follow Top Cyber News on https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security New for 23/05/2022

North Korea-linked Lazarus APT uses Log4J to target VMware servers
https://securityaffairs.co/wordpress/131483/apt/lazarus-apt-log4j-vmware-servers.html

Charity Wright: Pursue what you love. [Threat intelligence]
https://thecyberwire.com/podcasts/career-notes/101/notes

Android SMS catcher
https://0x00sec.org/t/android-sms-catcher/29445

ASEC Weekly Malware Statistics (May 9th, 2022 – May 15th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-may-9th-2022-may-15th-2022/60364/1

How to program watch OS
https://www.reddit.com/r/lowlevel/comments/uv88mc/how_to_program_watch_os/

Conscerned
https://www.reddit.com/r/Malware/comments/uvaxu5/conscerned/

Misinformation needs tackling and it would help if politicians stopped muddying the water
https://malware.news/t/misinformation-needs-tackling-and-it-would-help-if-politicians-stopped-muddying-the-water/60362/1

ISC StormCast for Monday, May 23rd, 2022
https://isc.sans.edu/podcastdetail.html?id=8018

A year after report, task force urges U.S. to keep ransomware on front burner
https://www.reddit.com/r/Malware/comments/uv37s6/a_year_after_report_task_force_urges_us_to_keep/

ISC Stormcast For Monday, May 23rd, 2022 https://isc.sans.edu/podcastdetail.html?id=8018, (Mon, May 23rd)
https://malware.news/t/isc-stormcast-for-monday-may-23rd-2022-https-isc-sans-edu-podcastdetail-html-id-8018-mon-may-23rd/60363/1


Follow Top Cyber News on https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security New for 24/05/2022

A week in security (May 16 – 22)
https://blog.malwarebytes.com/a-week-in-security/2022/05/a-week-in-security-may-16-22/

Canada's ban on Huawei and ZTE. Ransomware task forces. NSF advocates threat intelligence sharing.
https://thecyberwire.com/newsletters/policy-briefing/4/99

Data protection concerns spike as states get ready to outlaw abortion
https://www.csoonline.com/article/3661689/data-protection-concerns-spike-as-states-get-ready-to-outlaw-abortion.html#tk.rss_all

Hiding MSFVENOM Payloads in USB NIC EEPROM
https://www.reddit.com/r/netsec/comments/uw4feh/hiding_msfvenom_payloads_in_usb_nic_eeprom/

ISC StormCast for Tuesday, May 24th, 2022
https://isc.sans.edu/podcastdetail.html?id=8020

mx-takeover focuses DNS MX records and detects misconfigured MX records.
https://www.reddit.com/r/netsec/comments/uw2s73/mxtakeover_focuses_dns_mx_records_and_detects/

Beneath the surface: Uncovering the shift in web skimming
https://www.reddit.com/r/netsec/comments/uw42x0/beneath_the_surface_uncovering_the_shift_in_web/

Cyber developments in Russia's hybrid war against Ukraine. Conti's dissolution.
https://thecyberwire.com/newsletters/daily-briefing/11/99

VOLUME 38 OF THE HACKER DIGEST RELEASED
https://www.2600.com/content/volume-38-hacker-digest-released

DEADLINE FOR SUBMITTING HOPE TALK PROPOSALS IS MAY 31, 2022!
https://www.2600.com/content/deadline-submitting-hope-talk-proposals-may-31-2022


Follow Top Cyber News on https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 25/05/2022

Suspected Chinese threat actors target Russian government entities. New version of Sandworm malware loader. Linux botnet activity.
https://thecyberwire.com/newsletters/research-briefing/4/21

7 machine identity management best practices
https://www.csoonline.com/article/3661357/7-machine-identity-best-practices.html#tk.rss_all

New Rhino Blog Post: CVE-2022-25237: Bonitasoft Authorization Bypass and RCE
https://www.reddit.com/r/netsec/comments/uwt4gq/new_rhino_blog_post_cve202225237_bonitasoft/

Exium expands SASE, 5G-based security for midsize enterprise networks
https://www.networkworld.com/article/3661700/exium-expands-sase-5g-based-security-for-midsize-enterprise-networks.html#tk.rss_all

ISC StormCast for Wednesday, May 25th, 2022
https://isc.sans.edu/podcastdetail.html?id=8022

Zoom patches XMPP vulnerability chain that could lead to remote code execution
https://malware.news/t/zoom-patches-xmpp-vulnerability-chain-that-could-lead-to-remote-code-execution/60432/1

Method that Tricks Users to Perceive Attachment of PDF File as Safe File
https://malware.news/t/method-that-tricks-users-to-perceive-attachment-of-pdf-file-as-safe-file/60435/1

CMMC issues. CISA's forthcoming incident reporting rules. US FTC blogs policy.
https://thecyberwire.com/newsletters/policy-briefing/4/100

Experts to World: We’re Doomed
https://www.vice.com/en_us/article/93bxxv/experts-to-world-were-doomed

SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
https://thehackernews.com/2022/05/sim-based-authentication-aims-to.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 26/05/2022

How the Saitama backdoor uses DNS tunnelling
https://blog.malwarebytes.com/threat-intelligence/2022/05/how-the-saitama-backdoor-uses-dns-tunnelling/

PIXM releases new computer vision solution for mobile phishing
https://www.csoonline.com/article/3661560/pixm-releases-new-computer-vision-solution-for-mobile-phishing.html#tk.rss_all

Pfizer warns of “constant waves” of COVID as complacency grows
https://arstechnica.com/?p=1856239

Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
https://thehackernews.com/2022/05/learn-how-hackers-can-hijack-your.html

BrandPost: How Shift Left Security Helps Developers Build More Secure Cloud-Native Apps
https://www.csoonline.com/article/3662070/how-shift-left-security-helps-developers-build-more-secure-cloud-native-apps.html#tk.rss_all

Twitter fined $150 million by FTC for alleged privacy violations
https://malware.news/t/twitter-fined-150-million-by-ftc-for-alleged-privacy-violations/60475/1

Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
https://thehackernews.com/2022/05/lumos-system-can-find-hidden-cameras.html

If Europe and Japan can have small, cheap EVs, why can’t America?
https://arstechnica.com/?p=1856257

YouTube remains in Russia to be an independent news source: CEO
https://malware.news/t/youtube-remains-in-russia-to-be-an-independent-news-source-ceo/60474/1

Tetragon: case study of security product's self-protection
https://www.reddit.com/r/netsec/comments/uxhw4k/tetragon_case_study_of_security_products/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 27/05/2022

Uvalde SWAT Team Bragged About Training at Schools on Facebook
https://www.vice.com/en_us/article/wxdwgn/uvalde-swat-team-bragged-about-training-at-schools-on-facebook

Cheerscrypt described. Twitter settles with FTC over data privacy. Update on SpiceJet's ransomware incident.
https://thecyberwire.com/newsletters/privacy-briefing/4/102

Cheerscrypt described. Twitter settles with FTC over data privacy. Update on SpiceJet's ransomware incident.
https://thecyberwire.com/podcasts/privacy-briefing/593/notes

Vulnerabilities and exploits: Pantsdown, ChromeLoader. Ransomware campaign updates. CISA Known Exploited Vulnerabilities.
https://thecyberwire.com/newsletters/daily-briefing/11/102

Episode 67 : IceCoal DB Reversing
https://malware.news/t/episode-67-icecoal-db-reversing/60521/1

New Linux-based ransomware targets VMware servers
https://www.csoonline.com/article/3662153/new-linux-based-ransomware-targets-vmware-servers.html#tk.rss_all

ASEC Weekly Malware Statistics (May 16th, 2022 – May 22nd, 2022)
https://malware.news/t/asec-weekly-malware-statistics-may-16th-2022-may-22nd-2022/60519/1

Russian disinformation: disruption is easier than persuasion. Hyperlocal propaganda. Coordinated inauthenticity, at scale. Possible Ukrainian disinformation. Dissent in Russia's war. Influence ops against authoritarians.
https://thecyberwire.com/newsletters/disinformation-briefing/4/21

Top Ten Most Cumbersome Website Infections to Remove in 2021
https://malware.news/t/top-ten-most-cumbersome-website-infections-to-remove-in-2021/60520/1

Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers
https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 28/05/2022

RCE over ham radio - Reverse shell via WinAPRS
https://www.reddit.com/r/netsec/comments/uxo9bk/rce_over_ham_radio_reverse_shell_via_winaprs/

How To Build a Trusted Cybersecurity Program
https://malware.news/t/how-to-build-a-trusted-cybersecurity-program/60553/1

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw
https://securityaffairs.co/wordpress/131698/hacking/poc-exploit-code-vmware-cve-2022-22972.html

Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach
https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html

CISA, DOD Report Gaps for Agencies Assessing 5G Security Risks
https://malware.news/t/cisa-dod-report-gaps-for-agencies-assessing-5g-security-risks/60550/1

Man who helped Infraud cybercrime cartel steal millions of credit cards sentenced
https://malware.news/t/man-who-helped-infraud-cybercrime-cartel-steal-millions-of-credit-cards-sentenced/60551/1

Cecelia Marinier from RSAC and Niloo Howe, judge, on the RSAC Innovation Sandbox contest.
https://thecyberwire.com/podcasts/interview-selects/112/notes

AWS universal rate-limiter bypass
https://www.reddit.com/r/netsec/comments/uyz6zw/aws_universal_ratelimiter_bypass/

Ukraine at D+92: Artillery, DDoS, and remittances in a hybrid war.
https://thecyberwire.com/stories/eb35d7ba848d4b16ac000f6936d75779/ukraine-at-d92

Firefox, Thunderbird, receive patches for critical security issues
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/firefox-thunderbird-receive-patches-for-critical-security-issues/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 29/05/2022

Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass)
https://www.reddit.com/r/netsec/comments/uzkf6p/understanding_cve202222972_vmware_workspace_one/

Stealthy Linux malware bypasses firewalls for remote access
https://www.reddit.com/r/Malware/comments/uzr2gb/stealthy_linux_malware_bypasses_firewalls_for/

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks
https://securityaffairs.co/wordpress/131762/apt/gamaredon-apt-ddos-attacks.html

New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme
https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html

Mining museums’ genomic treasures
https://arstechnica.com/?p=1856930

Are TikTok algorithms changing how people talk about suicide?
https://arstechnica.com/?p=1857008

Rikkei Finance Hack: Explained
https://www.reddit.com/r/netsec/comments/uzjfyx/rikkei_finance_hack_explained/

Compromised military tech?
https://thecyberwire.com/podcasts/research-saturday/234/notes

The strange link between Industrial Spy and the Cuba ransomware operation
https://securityaffairs.co/wordpress/131754/cyber-crime/industrial-spy-cuba-ransomware.html

How to secure Kubernetes Deployment
https://www.reddit.com/r/netsec/comments/uzk9od/how_to_secure_kubernetes_deployment/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 30/05/2022

The mystery of China’s sudden warnings about US hackers
https://arstechnica.com/?p=1856999

Curious - What is Skillbrains ?
https://www.bleepingcomputer.com/forums/t/772662/curious-what-is-skillbrains/

ForceAdmin : Create infinate #UAC prompts forcing a user to run as admin.
https://www.reddit.com/r/netsec/comments/v08p38/forceadmin_create_infinate_uac_prompts_forcing_a/

Pro-Russian hacker group KillNet plans to attack Italy on May 30
https://securityaffairs.co/wordpress/131776/hacking/killnet-threatens-italy.html

JPG to Malware
https://www.reddit.com/r/netsec/comments/v08plj/jpg_to_malware/

Extracting The Overlay Of A PE File, (Sun, May 29th)
https://malware.news/t/extracting-the-overlay-of-a-pe-file-sun-may-29th/60555/1

Clop ransomware gang is back, hits 21 victims in a single month
https://www.reddit.com/r/Malware/comments/v03we1/clop_ransomware_gang_is_back_hits_21_victims_in_a/

How to stop malware extension from automatically re-installing every time i open Chrome
https://www.reddit.com/r/Malware/comments/v0k9fo/how_to_stop_malware_extension_from_automatically/

grsecurity - Tetragone: A Lesson in Security Fundamentals
https://www.reddit.com/r/netsec/comments/v06ok1/grsecurity_tetragone_a_lesson_in_security/

Extracting The Overlay Of A PE File, (Sun, May 29th)
https://isc.sans.edu/diary/rss/28692


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 31/05/2022

Is 3rd Party App Access the New Executable File?
https://thehackernews.com/2022/05/is-3rd-party-app-access-new-executable.html

POS Small Business Operation
https://www.bleepingcomputer.com/forums/t/772687/pos-small-business-operation/

WorldWide Deadbolt Ransomware : 1,216. title: "ALL YOUR FILES HAVE BEEN LOCKED BY DEADBOLT."
https://www.reddit.com/r/Malware/comments/v1ddoc/worldwide_deadbolt_ransomware_1216_title_all_your/

How Costa Rica found itself at war over ransomware
https://www.csoonline.com/article/3662311/how-costa-rica-found-itself-at-war-over-ransomware.html#tk.rss_all

I found a malicious chrome extension
https://www.reddit.com/r/Malware/comments/v1ddvb/i_found_a_malicious_chrome_extension/

Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/

Remembering Apple’s Newton, 30 years on
https://arstechnica.com/?p=1856644

Offensive Windows IPC Internals 3: ALPC
https://www.reddit.com/r/netsec/comments/v0uhc6/offensive_windows_ipc_internals_3_alpc/

Linux malware is on the rise—6 types of attacks to look for
https://www.csoonline.com/article/3662151/linux-malware-is-on-the-rise-6-types-of-attacks-to-look-for.html#tk.rss_all

Intuit phish says “we have put a temporary hold on your account”
https://blog.malwarebytes.com/social-engineering/2022/05/intuit-phish-says-we-have-put-a-temporary-hold-on-your-account/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 01/06/2022

Code execution 0-day in Windows has been under active exploit for 7 weeks
https://arstechnica.com/?p=1857315

Is quantum teleportation the future of secure communications?
https://blog.malwarebytes.com/reports/2022/05/is-quantum-teleportation-the-future-of-secure-communications/

FBI warns of education sector credentials on dark web forums
https://blog.malwarebytes.com/privacy-2/2022/05/fbi-warns-of-education-sector-credentials-on-dark-web-forums/

Runescape phish claims your email has been changed
https://blog.malwarebytes.com/scams/2022/05/runescape-phish-claims-your-email-has-been-changed/

Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation
https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html

Marjorie Taylor Greene Says Bill Gates Will Force You to Eat Burgers Made in a ‘Peach Tree Dish’
https://www.vice.com/en_us/article/5dgne3/marjorie-taylor-greene-says-bill-gates-will-force-you-to-eat-burgers-made-in-a-peach-tree-dish

Technical Advisory: CVE-2022-30190 Zero-day Vulnerability “Follina” in Microsoft Support Diagnostic Tool
https://malware.news/t/technical-advisory-cve-2022-30190-zero-day-vulnerability-follina-in-microsoft-support-diagnostic-tool/60610/1

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

The Internet needs to stop getting excited by vaporware EVs
https://arstechnica.com/?p=1857185


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/06/2022

US Supreme Court puts a hold on enforcement of Texas social media law. INTERPOL issues warning about various forms of online extortion. US Commerce Department will restrict cyber exports to China.
https://thecyberwire.com/newsletters/policy-briefing/4/105

Unofficial patches for the 0-day vulnerability called Follina (CVE-2022-30190)
https://www.reddit.com/r/netsec/comments/v2maa4/unofficial_patches_for_the_0day_vulnerability/

Ransomware attack turns 2022 into 1977 for Somerset County
https://malware.news/t/ransomware-attack-turns-2022-into-1977-for-somerset-county/60662/1

Discord Is the Center of the Crypto World and That’s a Problem
https://www.vice.com/en_us/article/4awkew/discord-is-the-center-of-the-crypto-world-and-thats-a-problem

NASA still “pushing” for a Russian cosmonaut to fly on next SpaceX mission
https://arstechnica.com/?p=1856528

Information Security BASICS - Anvil Secure
https://www.reddit.com/r/netsec/comments/v2mrkd/information_security_basics_anvil_secure/

Minerva's evasion based CTF is open for registration
https://www.reddit.com/r/netsec/comments/v2ehz0/minervas_evasion_based_ctf_is_open_for/

NSIS Installer Malware Included with Various Malicious Files
https://malware.news/t/nsis-installer-malware-included-with-various-malicious-files/60663/1

Mass account takeover in Yunmai smartscale API (full disclosure)
https://www.reddit.com/r/netsec/comments/v0uv1g/mass_account_takeover_in_yunmai_smartscale_api/

OST2 Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities (Taught via explaining > 3 dozen CVEs from the last 3 years)
https://www.reddit.com/r/netsec/comments/v2ep1m/ost2_vulnerabilities_1001_cfamily_software/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/06/2022

Remotely Controlling Touchscreens
https://malware.news/t/remotely-controlling-touchscreens/60703/1

WinDealer dealing on the side
https://securelist.com/windealer-dealing-on-the-side/105946/

Analysis report on Log4j attack patterns
https://www.reddit.com/r/Malware/comments/v3p7l2/analysis_report_on_log4j_attack_patterns/

Ransomware roundup: System-locking malware dominates headlines
https://www.csoonline.com/article/3662038/ransomware-roundup-system-locking-malware-dominates-headlines.html#tk.rss_all

Analysis of the Massive NDSW/NDSX Malware Campaign
https://malware.news/t/analysis-of-the-massive-ndsw-ndsx-malware-campaign/60704/1

Sandbox Evasion... With Just a Filename!, (Fri, Jun 3rd)
https://isc.sans.edu/diary/rss/28708

Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html

10 of the hottest new cybersecurity startups at RSA 2022
https://www.csoonline.com/article/3662771/10-of-the-hottest-new-cybersecurity-startups-at-rsa-2022.html#tk.rss_all

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order
https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html

NASA just bought the rest of the space station crew flights from SpaceX
https://arstechnica.com/?p=1857926


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/06/2022

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html

After remote-work ultimatum, Musk reveals plan to cut 10% of Tesla jobs
https://arstechnica.com/?p=1858044

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
https://thehackernews.com/2022/06/microsoft-blocks-iran-linked-lebanese.html

Hacktivism, nominal and (possibly) real. Cyber gangs rebrand and branch out. CISA alerts. Cyber phases of Russia's hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/11/107

[updated]Unpatched Atlassian Confluence vulnerability is actively exploited
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/unpatched-atlassian-confluence-vulnerability-is-actively-exploited/

Perry Carpenter on his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer"
https://thecyberwire.com/podcasts/interview-selects/113/notes

Critical Atlassian 0-day is under active exploit. You’re patched, right?
https://arstechnica.com/?p=1858307

Threat Roundup for May 27 to June 3
https://malware.news/t/threat-roundup-for-may-27-to-june-3/60734/1

SSO explained: Single sign-on definition, examples, and terminology
https://www.csoonline.com/article/2115776/sso-explained-single-sign-on-definition-examples-and-terminology.html#tk.rss_all

Americans want more electric vehicles, but 50% by 2030 looks unlikely
https://arstechnica.com/?p=1858024


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/06/2022

Cyber phases of Russia's hybrid war. Microsoft hits Polonium and mitigates Follina. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. Notes from the underworld.
https://thecyberwire.com/newsletters/week-that-was/6/22

LemonDucks evading detection.
https://thecyberwire.com/podcasts/research-saturday/235/notes

Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552) - including remote write anywhere primitive in its IP stack
https://www.reddit.com/r/netsec/comments/v4ht0r/technical_advisory_multiple_vulnerabilities_in/

The Domain Generation Algorithms of SharkBot
https://malware.news/t/the-domain-generation-algorithms-of-sharkbot/60743/1

Smaller reactors may still have a big nuclear waste problem
https://arstechnica.com/?p=1858107

An actively exploited Microsoft 0-day flaw still doesn’t have a patch
https://arstechnica.com/?p=1858179

Protected: Biweekly Malware Challenge #1: Gozi/ISFB String Decryption
https://malware.news/t/protected-biweekly-malware-challenge-1-gozi-isfb-string-decryption/60740/1

Certificate Ripper released - tool to extract server certificates
https://www.reddit.com/r/netsec/comments/v4qegg/certificate_ripper_released_tool_to_extract/

Anonymous: Operation Russia after 100 days of war
https://securityaffairs.co/wordpress/131933/hacktivism/anonymous-operation-russia-100-days.html

Mind Map of Malware Mitigations
https://www.reddit.com/r/Malware/comments/v4vc7a/mind_map_of_malware_mitigations/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman