Top Security News for 01/01/2023

VMware Shared Folders
https://www.reddit.com/r/Malware/comments/100c7h4/vmware_shared_folders/

Offensive C#
https://www.reddit.com/r/netsec/comments/100ennr/offensive_c/

Personal health information of 42M Americans leaked between 2016 and 2021
https://securityaffairs.com/140174/hacking/healthcare-phi-42m-americans-leaked.html

Ukraine at D+309: Year-end strikes.
https://thecyberwire.com/stories/755aaf39ef294665a0e583117dbd8347/ukraine-at-d309

Malvertising campaign MasquerAds abuses Google Ads
https://securityaffairs.com/140127/cyber-crime/malvertising-campaign-google-ads.html

Persistence and LOLBins
https://malware.news/t/persistence-and-lolbins/66087#post_1

Modified CVE-2019-6714 PoC to execute payload via mshta.exe
https://0x00sec.org/t/modified-cve-2019-6714-poc-to-execute-payload-via-mshta-exe/32728

Poland warns of pro-Kremlin cyberattacks aimed at destabilization
https://malware.news/t/poland-warns-of-pro-kremlin-cyberattacks-aimed-at-destabilization/66085#post_1

LuaJIT Sandbox Escape: The Saga Ends
https://www.reddit.com/r/netsec/comments/zzsyfc/luajit_sandbox_escape_the_saga_ends/

What is The Future of Reverse Engineering [ Reverse Engineering AMA ]
https://malware.news/t/what-is-the-future-of-reverse-engineering-reverse-engineering-ama/66084#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/01/2023

Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking
https://thehackernews.com/2023/01/google-to-pay-295-million-to-settle.html

ISC StormCast for Monday, January 2nd, 2023
https://isc.sans.edu/podcastdetail.html?id=8306

Offensive C#
https://www.reddit.com/r/netsec/comments/100ennr/offensive_c/

ASEC Weekly Malware Statistics (December 19th, 2022 – December 25th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-december-19th-2022-december-25th-2022/66090#post_1

ISC Stormcast For Monday, January 2nd, 2023 https://isc.sans.edu/podcastdetail.html?id=8306, (Mon, Jan 2nd)
https://isc.sans.edu/diary/rss/29388

2022 CTI-EU Talk: Threat Landscape and Defences Against Mobile Surveillance Implants
https://malware.news/t/2022-cti-eu-talk-threat-landscape-and-defences-against-mobile-surveillance-implants/66088#post_1

GitHub - jafarlihi/modreveal: Utility to find hidden Linux kernel modules
https://www.reddit.com/r/netsec/comments/100lxs6/github_jafarlihimodreveal_utility_to_find_hidden/

Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap.
https://thecyberwire.com/podcasts/special-edition/46/notes

GenieACS And The Tale Of Default JWT Secret
https://0x00sec.org/t/genieacs-and-the-tale-of-default-jwt-secret/32738

Compromised PyTorch-nightly dependency chain
https://www.reddit.com/r/netsec/comments/100fs08/compromised_pytorchnightly_dependency_chain/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/01/2023

GitHub - kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality with teler IDS to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications.
https://www.reddit.com/r/netsec/comments/1014bk3/github_kitabisatelerwaf_telerwaf_is_a_go_http/

ASEC Weekly Phishing Email Threat Trends (December 18th, 2022 – December 24th, 2022)
https://malware.news/t/asec-weekly-phishing-email-threat-trends-december-18th-2022-december-24th-2022/66102#post_1

NetworkMiner 2.8 Released, (Mon, Jan 2nd)
https://isc.sans.edu/diary/rss/29390

Pro-Russia cyberattacks aim at destabilizing Poland, security agency warns
https://securityaffairs.com/140216/cyber-warfare-2/pro-russia-cyberattacks-hit-poland.html

2nd January – Threat Intelligence Report
https://malware.news/t/2nd-january-threat-intelligence-report/66095#post_1

PyTorch compromised to demonstrate dependency confusion attack on Python environments
https://securityaffairs.com/140228/hacking/pytorch-confusion-attack.html

2022 C2 Tracker Recap in Graphics
https://malware.news/t/2022-c2-tracker-recap-in-graphics/66097#post_1

WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws
https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html

Putting ELF on the shelf…
https://malware.news/t/putting-elf-on-the-shelf/66100#post_1

ISC StormCast for Tuesday, January 3rd, 2023
https://isc.sans.edu/podcastdetail.html?id=8308


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/01/2023

PBS FRONTLINE investigates Pegasus, the powerful spyware sold to governments around the world by the Israeli company NSO Group.
https://www.reddit.com/r/netsec/comments/102sm6p/pbs_frontline_investigates_pegasus_the_powerful/

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware
https://thehackernews.com/2023/01/hackers-using-stolen-bank-information.html

Why does technology no longer excite us? Lock and Code S04E01
https://www.malwarebytes.com/blog/podcast/2022/12/why-does-technology-no-longer-excite-us-lock-and-code-s04e01

ISC Stormcast For Wednesday, January 4th, 2023 https://isc.sans.edu/podcastdetail.html?id=8310, (Wed, Jan 4th)
https://malware.news/t/isc-stormcast-for-wednesday-january-4th-2023-https-isc-sans-edu-podcastdetail-html-id-8310-wed-jan-4th/66126#post_1

Gaming: How much is too much for our children?
https://malware.news/t/gaming-how-much-is-too-much-for-our-children/66124#post_1

oops
https://www.reddit.com/r/Malware/comments/102l9nd/oops/

SSRF vulnerabilities caused by SNI proxy misconfigurations
https://www.reddit.com/r/netsec/comments/1028g0j/ssrf_vulnerabilities_caused_by_sni_proxy/

Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust
https://thehackernews.com/2023/01/enforcement-vs-enrollment-based.html

Does Volvo Cars suffer a new data breach?
https://securityaffairs.com/140258/hacking/volvo-cars-data-breach-2.html

of-CORS: a framework for hacking internal apps with open CORS via bug bounty
https://www.reddit.com/r/netsec/comments/102en51/ofcors_a_framework_for_hacking_internal_apps_with/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/01/2023

Recent cyberattacks targeting educational institutions. Streamers. BitRAT phishing scam leverages stolen bank data. Behavioral advertising draws GDPR fine.
https://thecyberwire.com/newsletters/privacy-briefing/5/2

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws
https://thehackernews.com/2023/01/qualcomm-chipsets-and-lenovo-bios-get.html

Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.
https://thecyberwire.com/podcasts/daily-podcast/1732/notes

ISC Stormcast For Thursday, January 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8312, (Thu, Jan 5th)
https://isc.sans.edu/diary/rss/29402

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10
https://malware.news/t/update-vpn-plus-server-now-synology-patches-vulnerability-with-a-cvss-of-10/66148#post_1

a quick post about rbac-police
https://www.reddit.com/r/netsec/comments/103a9ex/a_quick_post_about_rbacpolice/

BrandPost: The Cloud Is Under Attack: The State of Cloud Security in 2023
https://www.csoonline.com/article/3684768/the-cloud-is-under-attack-the-state-of-cloud-security-in-2023.html#tk.rss_all

Leveraging credentials online and off isn't going away.
https://thecyberwire.com/podcasts/hacking-humans/226/notes

ISC Stormcast For Thursday, January 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8312, (Thu, Jan 5th)
https://malware.news/t/isc-stormcast-for-thursday-january-5th-2023-https-isc-sans-edu-podcastdetail-html-id-8312-thu-jan-5th/66150#post_1

Meta hit with $413 million fine in EU for breaking GDPR rules
https://www.computerworld.com/article/3684514/meta-hit-with-413-million-fine-in-eu-for-breaking-gdpr-rules.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 06/01/2023

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool
https://thehackernews.com/2023/01/mitigate-lastpass-attack-surface-in.html

Padding oracle attack: demonstration
https://www.reddit.com/r/netsec/comments/103rh7z/padding_oracle_attack_demonstration/

“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs…
https://www.reddit.com/r/netsec/comments/103xbvf/masquerads_googles_adwords_massively_abused_by/

Ransomware target list – Week in security with Tony Anscombe
https://malware.news/t/ransomware-target-list-week-in-security-with-tony-anscombe/66186#post_1

Surgeons Sorry for Texting Patients They Had 'Aggressive' Cancer Instead of 'Happy New Year'
https://www.vice.com/en_us/article/7k8339/surgeons-sorry-for-texting-patients-they-had-aggressive-cancer-instead-of-happy-new-year

Vulnerabilities offer on-ramp to a highway of private data. Job applicants' data exposed. Twitter hack results in massive data dump.
https://thecyberwire.com/podcasts/privacy-briefing/739/notes

Hundreds Of WordPress Sites Infected By Recently Discovered Backdoor
https://packetstormsecurity.com/news/view/34186/Hundreds-Of-WordPress-Sites-Infected-By-Recently-Discovered-Backdoor.html

GitHub Actions Privilege Escalations - The "workflow_run" trigger
https://www.reddit.com/r/netsec/comments/1042m5w/github_actions_privilege_escalations_the_workflow/

The BISO: bringing security to business and business to security
https://www.csoonline.com/article/3684728/the-biso-bringing-security-to-business-and-business-to-security.html#tk.rss_all

Google patches 60 vulnerabilities in first Android update of 2023
https://www.malwarebytes.com/blog/news/2023/01/first-android-update-of-2023-patches-60-vulnerabilities


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/01/2023

WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship
https://thehackernews.com/2023/01/whatsapp-introduces-proxy-support-to.html

I made an Open Source Browser extension to aid in Threat Investigations!
https://www.reddit.com/r/netsec/comments/1057mto/i_made_an_open_source_browser_extension_to_aid_in/

Automotive vulnerabilities discovered.
https://thecyberwire.com/stories/602e4789b3254c9489cc245bc0ef9995/automotive-vulnerabilities-discovered

Update on LastPass and Twitter breaches. Vice Society leaks stolen UK school data. Data incident at health organization prompts questions about disclosure rules.
https://thecyberwire.com/newsletters/privacy-briefing/5/4

I scanned every package on PyPi and found 57 live AWS keys
https://www.reddit.com/r/netsec/comments/10524mo/i_scanned_every_package_on_pypi_and_found_57_live/

Malware targets 30 unpatched WordPress plugins
https://www.malwarebytes.com/blog/news/2023/01/update-your-wordpress-plugins-now-mass-backdoor-campaign-underway

Latest activity from Turla {Mandiant}
https://www.reddit.com/r/netsec/comments/104zjm8/latest_activity_from_turla_mandiant/

New Twitter data dump is a cleaned up version of old Twitter dump
https://www.malwarebytes.com/blog/news/2023/01/new-twitter-data-dump-is-a-cleaned-up-version-of-old-twitter-dump

Igor’s Tip of the Week #122: Manual load
https://malware.news/t/igor-s-tip-of-the-week-122-manual-load/66202#post_1

Variant analysis of CVE-2022-3515 affecting libksba, which resulted in CVE-2022-47629
https://www.reddit.com/r/netsec/comments/104nnug/variant_analysis_of_cve20223515_affecting_libksba/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/01/2023

IcedID malware campaign targets Zoom users
https://securityaffairs.com/140465/malware/icedid-targets-zoom-users.html

Teresa Rothaar: Outwork the competition. [Analyst]
https://thecyberwire.com/podcasts/career-notes/131/notes

Hive Ransomware gang leaked 550 GB stolen from Consulate Health Care
https://securityaffairs.com/140452/cyber-crime/consulate-health-care-hive-ransomware.html

GUARDARA 0.9.9 Available with Web Service Testing
https://www.reddit.com/r/netsec/comments/1060n8h/guardara_099_available_with_web_service_testing/

connmap now works with all DE/WM! Desktop widget that shows location of your current TCP peers on a world map in real-time.
https://www.reddit.com/r/netsec/comments/105q5pl/connmap_now_works_with_all_dewm_desktop_widget/

Bing redirection
https://www.reddit.com/r/Malware/comments/1061nnz/bing_redirection/

VSCode Supply Chain Attacks: Protect Your IDE from Malicious Extensions
https://www.reddit.com/r/netsec/comments/105xfqa/vscode_supply_chain_attacks_protect_your_ide_from/

Reflections on Trusting VEX (or when humans can improve SBOMs)
https://www.reddit.com/r/netsec/comments/105nsbp/reflections_on_trusting_vex_or_when_humans_can/

Setting up your bug bounty scripts with Python and Bash — The subdomain monitoring bot
https://www.reddit.com/r/netsec/comments/105jjlt/setting_up_your_bug_bounty_scripts_with_python/

Moldovaʼs government hit by flood of phishing attacks
https://malware.news/t/moldova-s-government-hit-by-flood-of-phishing-attacks/66207#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 09/01/2023

ISC Stormcast For Monday, January 9th, 2023 https://isc.sans.edu/podcastdetail.html?id=8316, (Mon, Jan 9th)
https://malware.news/t/isc-stormcast-for-monday-january-9th-2023-https-isc-sans-edu-podcastdetail-html-id-8316-mon-jan-9th/66212#post_1

ISC StormCast for Monday, January 9th, 2023
https://isc.sans.edu/podcastdetail.html?id=8316

One of America's most hated companies hired a security robot. It didn't go well
https://malware.news/t/one-of-americas-most-hated-companies-hired-a-security-robot-it-didnt-go-well/66209#post_1

YARA v4.3.0-rc1 --skip-larger, (Sat, Jan 7th)
https://malware.news/t/yara-v4-3-0-rc1-skip-larger-sat-jan-7th/66208#post_1

Digital Personal Data Protection Bill 2022
https://malware.news/t/digital-personal-data-protection-bill-2022/66214#post_1

DShield Sensor JSON Log Analysis, (Sun, Jan 8th)
https://malware.news/t/dshield-sensor-json-log-analysis-sun-jan-8th/66210#post_1

Unwrapping Ursnifs Gifts
https://malware.news/t/unwrapping-ursnifs-gifts/66211#post_1

History of Infosec: a primer.
https://thecyberwire.com/podcasts/cso-perspectives-public/74/notes

Dridex targets MacOS users with a new delivery technique
https://securityaffairs.com/140488/malware/dridex-banking-malware-macos.html

Russian and Belarusian men charged with spying for Russian GRU
https://securityaffairs.com/140507/intelligence/poland-charged-russian-gru-spies.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 10/01/2023

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
https://thehackernews.com/2023/01/malicious-pypi-packages-using.html

Schneider Electric Teams With BitSight on OT Risk Detection
https://malware.news/t/schneider-electric-teams-with-bitsight-on-ot-risk-detection/66249#post_1

ChatGPT and academic standards. Social engineering capers. Schools sue social media platforms.
https://thecyberwire.com/newsletters/daily-briefing/12/5

Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”
https://thecyberwire.com/podcasts/daily-podcast/1735/notes

DNSChanger and the Global Scope of Cybersecurity
https://securityintelligence.com/articles/dnschanger-and-global-cybersecurity/

Unwrapping Ursnifs Gifts
https://www.reddit.com/r/netsec/comments/107dwc1/unwrapping_ursnifs_gifts/

PUP (noun)
https://thecyberwire.com/podcasts/word-notes/131/notes

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
https://thehackernews.com/2023/01/new-study-uncovers-text-to-sql-model.html

Louisiana wants your ID if you're looking at adult-only websites
https://www.malwarebytes.com/blog/news/2023/01/attempts-to-stop-under-aged-from-accessing-adult-only-content-on-the-internet

Yokogawa to Sell Unidirectional Gateways from Waterfall Security Solutions Under New Partnership
https://malware.news/t/yokogawa-to-sell-unidirectional-gateways-from-waterfall-security-solutions-under-new-partnership/66250#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 11/01/2023

Zoom Rooms was affected by four “high” severity vulnerabilities
https://securityaffairs.com/140607/security/zoom-rooms-vulnerabilities.html

Turla piggybacks on abandoned malware infrastructure. Bluebottle targets African countries. Blind Eagle goes after Ecuador. Automotive vulnerabilities.
https://thecyberwire.com/podcasts/research-briefing/150/notes

How to Analyze JavaScript Malware – A Case Study of Vjw0rm
https://www.reddit.com/r/netsec/comments/108cj7d/how_to_analyze_javascript_malware_a_case_study_of/

ISC Stormcast For Wednesday, January 11th, 2023 https://isc.sans.edu/podcastdetail.html?id=8320, (Wed, Jan 11th)
https://malware.news/t/isc-stormcast-for-wednesday-january-11th-2023-https-isc-sans-edu-podcastdetail-html-id-8320-wed-jan-11th/66301#post_1

Polite WiFi loophole could allow attackers to drain device batteries
https://www.malwarebytes.com/blog/news/2023/01/polite-wifi-loophole-could-allow-attackers-to-drain-device-batteries

StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
https://thehackernews.com/2023/01/strongpity-hackers-distribute.html

Semgrep rules for Swift language (iOS mobile apps)
https://www.reddit.com/r/netsec/comments/108ftxi/semgrep_rules_for_swift_language_ios_mobile_apps/

Startup Uses AI Chatbot to Provide Mental Health Counseling and Then Realizes It 'Feels Weird'
https://www.vice.com/en_us/article/4ax9yw/startup-uses-ai-chatbot-to-provide-mental-health-counseling-and-then-realizes-it-feels-weird

BrandPost: Adaptive DDoS Suppression for a Safer, More Resilient Internet
https://www.csoonline.com/article/3685288/adaptive-ddos-suppression-for-a-safer-more-resilient-internet.html#tk.rss_all

A View Into Web(View) Attacks in Android
https://securityintelligence.com/posts/view-into-webview-attacks-android/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 12/01/2023

Cisco security advisory (AV23-018)
https://malware.news/t/cisco-security-advisory-av23-018/66332#post_1

Identity thieves bypass security questions to access Experian credit reports
https://www.malwarebytes.com/blog/news/2023/01/identity-thieves-bypass-security-questions-to-access-experian-credit-reports

Cyberespionage and hybrid-war hacktivism. Healthcare cyber risk. Cryptojacking Kubernetes. Patch Tuesday.
https://thecyberwire.com/newsletters/daily-briefing/12/7

T95 Allwinner T616 Malware Analysis - "Pre-owned" Android TV Device
https://www.reddit.com/r/netsec/comments/109f5cy/t95_allwinner_t616_malware_analysis_preowned/

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams
https://www.csoonline.com/article/3685368/study-shows-attackers-can-use-chatgpt-to-significantly-enhance-phishing-and-bec-scams.html#tk.rss_all

Legitify supports scanning GitLab for security misconfigurations and best practices
https://www.reddit.com/r/netsec/comments/1093fxk/legitify_supports_scanning_gitlab_for_security/

Save 20% on a Tile Mate tracker
https://malware.news/t/save-20-on-a-tile-mate-tracker/66335#post_1

NetSPI acquires nVisium. Netskope raises $401 million in convertible notes. Executive moves.
https://thecyberwire.com/newsletters/business-briefing/5/2

Maternal &Family Health Services discloses ransomware attack months after discovery
https://www.malwarebytes.com/blog/news/2023/01/maternal-family-health-services-discloses-ransomware-attack-months-after-discovery

Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability
https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 13/01/2023

Threat actors actively exploit Control Web Panel RCE following PoC release
https://securityaffairs.com/140698/hacking/web-panel-rce-exploitation.html

List of git commits before and after a security audit
https://www.reddit.com/r/netsec/comments/10aajbk/list_of_git_commits_before_and_after_a_security/

WhatsApp lawsuit against NSO Group greenlit by Supreme Court
https://www.malwarebytes.com/blog/news/2023/01/whatsapp-lawsuit-against-nso-group-greenlit-by-supreme-court-

Keeping the wolves out of wolfSSL (Protocol Fuzzing)
https://www.reddit.com/r/netsec/comments/10a94b9/keeping_the_wolves_out_of_wolfssl_protocol_fuzzing/

US and Japanese ministers meet to discuss cyber collaboration. US President Joe Biden speaks out about user data privacy. New bill focuses on energy cybersecurity research.
https://thecyberwire.com/newsletters/policy-briefing/5/8

Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System
https://thehackernews.com/2023/01/twitter-denies-hacking-claims-assures.html

Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
https://thecyberwire.com/podcasts/daily-podcast/1738/notes

Prominent AI Philosopher and ‘Father’ of Longtermism Sent Very Racist Email to a 90s Philosophy Listserv
https://www.vice.com/en_us/article/z34dm3/prominent-ai-philosopher-and-father-of-longtermism-sent-very-racist-email-to-a-90s-philosophy-listserv

If you're looking for hackers, please contact me
https://0x00sec.org/t/if-youre-looking-for-hackers-please-contact-me/32920

BrandPost: How Financial Institutions Can SOAR to Success with Devo SOAR
https://www.csoonline.com/article/3685191/how-financial-institutions-can-soar-to-success-with-devo-soar.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 14/01/2023

How to use Open Source CloudQuery for Attack Surface Management and Graph Visualization for Cloud and AWS | CloudQuery
https://www.reddit.com/r/netsec/comments/10av9td/how_to_use_open_source_cloudquery_for_attack/

DUCKTAIL waddles back again.
https://thecyberwire.com/podcasts/research-saturday/264/notes

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html

🚀 Announcing Matano + Suricata: Build your own Security Data Lake on AWS using Suricata Logs
https://www.reddit.com/r/netsec/comments/10ax24v/announcing_matano_suricata_build_your_own/

Android TV box on Amazon came pre-installed with malware
https://www.reddit.com/r/Malware/comments/10b05fd/android_tv_box_on_amazon_came_preinstalled_with/

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws
https://thehackernews.com/2023/01/tiktok-fined-54-million-by-french.html

Clear communication is crucial: why writing effective vulnerability reports matters
https://www.reddit.com/r/netsec/comments/10avk6s/clear_communication_is_crucial_why_writing/

CircleCI incident report for January 4, 2023 security incident
https://www.reddit.com/r/netsec/comments/10b7jhw/circleci_incident_report_for_january_4_2023/

NortonLifeLock: threat actors breached Norton Password Manager accounts
https://securityaffairs.com/140772/data-breach/norton-password-manager-security-breach.html

CYBER: The Government Isn’t Coming for Your Gas Stoves
https://www.vice.com/en_us/article/m7gyb8/cyber-the-government-isnt-coming-for-your-gas-stoves


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 15/01/2023

e-Discovery Law and Lawyers in Fifty Years
https://malware.news/t/e-discovery-law-and-lawyers-in-fifty-years/66406#post_1

just got infected with vipersoftx and i dont know how
https://www.reddit.com/r/Malware/comments/10bo8sn/just_got_infected_with_vipersoftx_and_i_dont_know/

santa-linux: a proof of concept binary authorization system for linux, based on Google's Santa
https://www.reddit.com/r/netsec/comments/10bt2e1/santalinux_a_proof_of_concept_binary/

Mysql SOUNDEX function in Symfony with Doctrine
https://malware.news/t/mysql-soundex-function-in-symfony-with-doctrine/66405#post_1

Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
https://www.reddit.com/r/netsec/comments/10bzr8n/analysis_of_fgir22398_fortios_heapbased_buffer/

Impact of the CircleCI Security Incident on the Datadog Agent
https://www.reddit.com/r/netsec/comments/10bvjm4/impact_of_the_circleci_security_incident_on_the/

Most internet-exposed Cacti servers exposed to hacking
https://securityaffairs.com/140797/hacking/cacti-servers-cve-2022-46169-flaw.html

Is it possible to hack iCloud info for missing person (last known location of phone)
https://www.reddit.com/r/netsec/comments/10c5ps9/is_it_possible_to_hack_icloud_info_for_missing/

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
https://thehackernews.com/2023/01/cacti-servers-under-attack-as-majority.html

French CNIL fined Tiktok $5.4 Million for violating cookie laws
https://securityaffairs.com/140786/digital-id/cnil-fined-tiktok.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 16/01/2023

Monitoring of operating system versions in Google Workspace
https://malware.news/t/monitoring-of-operating-system-versions-in-google-workspace/66410#post_1

Timely patching is good, but sometimes it's not enough
https://www.malwarebytes.com/blog/news/2023/01/timely-patching-is-good-but-does-not-provide-full-ransomware-protection

Gene Fay: Lead from the front. [CEO]
https://thecyberwire.com/podcasts/career-notes/132/notes

Ransomware Diaries: Undercover with the Leader of Lockbit
https://malware.news/t/ransomware-diaries-undercover-with-the-leader-of-lockbit/66417#post_1

AI Can Write Malware Now. Are We Doomed?
https://malware.news/t/ai-can-write-malware-now-are-we-doomed/66411#post_1

ISC Stormcast For Monday, January 16th, 2023 https://isc.sans.edu/podcastdetail.html?id=8326, (Mon, Jan 16th)
https://isc.sans.edu/diary/rss/29436

Timely patching is good, but sometimes it's not enough
https://malware.news/t/timely-patching-is-good-but-sometimes-its-not-enough/66413#post_1

Ransomware has now become a problem for everyone, and not just tech
https://malware.news/t/ransomware-has-now-become-a-problem-for-everyone-and-not-just-tech/66412#post_1

ISC Stormcast For Monday, January 16th, 2023 https://isc.sans.edu/podcastdetail.html?id=8326, (Mon, Jan 16th)
https://malware.news/t/isc-stormcast-for-monday-january-16th-2023-https-isc-sans-edu-podcastdetail-html-id-8326-mon-jan-16th/66416#post_1

Wi-Fi Geolocation, Then and Now
https://malware.news/t/wi-fi-geolocation-then-and-now/66415#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 17/01/2023

Accountant ordered to pay ex-employer after bossware shows "time theft"
https://www.malwarebytes.com/blog/news/2023/01/accountant-ordered-to-pay-ex-employer-after-bossware-shows-time-theft

T95 Android TV Box sold on Amazon hides sophisticated malware
https://securityaffairs.com/140866/security/t95-android-tv-box-malware.html

Fighting technology's gender gap with TracketPacer: Lock and Code S04E02
https://www.malwarebytes.com/blog/podcast/2023/01/fighting-technologys-gender-gap-with-tracketpacer

[CVE-2023-0179] Linux kernel stack buffer overflow in nftables: PoC and writeup
https://www.reddit.com/r/netsec/comments/10d98w1/cve20230179_linux_kernel_stack_buffer_overflow_in/

New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild
https://thehackernews.com/2023/01/new-backdoor-created-using-leaked-cias.html

ISC Stormcast For Tuesday, January 17th, 2023 https://isc.sans.edu/podcastdetail.html?id=8328, (Tue, Jan 17th)
https://isc.sans.edu/diary/rss/29440

Unauthenticated Configuration Export in Multiple WAGO Products
https://www.reddit.com/r/netsec/comments/10dblrc/unauthenticated_configuration_export_in_multiple/

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware
https://securityaffairs.com/140892/malware/free-bianlian-ransomware-decryptor.html

"Untraceable" surveillance firm sued for scraping Facebook and Instagram data
https://www.malwarebytes.com/blog/news/2023/01/untraceable-surveillance-firm-sued-for-scraping-facebook-and-instagram-data

The misadventures of SPF: Delivering SPF authenticated emails on behalf of the Ukrainian MoD, MIT and 1000+ others.
https://www.reddit.com/r/netsec/comments/10e4rk9/the_misadventures_of_spf_delivering_spf/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/01/2023

Web skimmer found on website of Liquor Control Board of Ontario
https://www.malwarebytes.com/blog/news/2023/01/web-skimmer-found-on-website-of-liquor-control-board-of-ontario

Introducing RPC Investigator
https://www.reddit.com/r/netsec/comments/10ed95w/introducing_rpc_investigator/

4 Places to Supercharge Your SOC with Automation
https://thehackernews.com/2023/01/4-places-to-supercharge-your-soc-with.html

Thousands of Norton LifeLock accounts compromised. Hacktivists spill Cellebrite data. ODIN Intelligence website defaced.
https://thecyberwire.com/newsletters/privacy-briefing/5/10

NEW OUTFITS FOR HACKER BABIES ANNOUNCED
https://www.2600.com/content/new-outfits-hacker-babies-announced

Artists Are Suing Over Stable Diffusion Stealing Their Work for AI Art
https://www.vice.com/en_us/article/dy7b5y/artists-are-suing-over-stable-diffusion-stealing-their-work-for-ai-art

US Maritime Administrator to study port crane cybersecurity concerns
https://www.csoonline.com/article/3685378/us-maritime-administrator-to-study-port-crane-cybersecurity-concerns.html#tk.rss_all

2023-01-16 - Google ad --> Fake 7-Zip page --> Malicious .msi file
https://malware.news/t/2023-01-16-google-ad-fake-7-zip-page-malicious-msi-file/66471#post_1

2023-01-12 - IcedID (Bokbot) infection with Cobalt Strike
https://malware.news/t/2023-01-12-icedid-bokbot-infection-with-cobalt-strike/66472#post_1

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware
https://thehackernews.com/2023/01/hackers-can-abuse-legitimate-github.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 19/01/2023

ISC StormCast for Thursday, January 19th, 2023
https://isc.sans.edu/podcastdetail.html?id=8332

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers
https://thehackernews.com/2023/01/critical-security-vulnerabilities.html

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks
https://securelist.com/corporate-threat-predictions-2023/108456/

ISC Stormcast For Thursday, January 19th, 2023 https://isc.sans.edu/podcastdetail.html?id=8332, (Thu, Jan 19th)
https://isc.sans.edu/diary/rss/29450

Trustwave relaunches Advanced Continual Threat Hunting with human-led methodology
https://www.csoonline.com/article/3685575/trustwave-relaunches-advanced-continual-threat-hunting-with-human-led-methodology.html#tk.rss_all

What is Business Attack Surface Management?
https://malware.news/t/what-is-business-attack-surface-management/66505#post_1

Chinese cyberespionage against Iran. Threats to industrial systems. CISA updates. Notes on the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/11

NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/18-01-2023

Perception Point launches Advanced Threat Protection for Zendesk
https://www.csoonline.com/article/3685383/perception-point-launches-advanced-threat-protection-for-zendesk.html#tk.rss_all

Experts found SSRF flaws in four different Microsoft Azure services
https://securityaffairs.com/140947/hacking/microsoft-azure-services-ssrf-flaws.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 20/01/2023

Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
https://thecyberwire.com/podcasts/daily-podcast/1742/notes

People, Process and Technology: The Incident Response Trifecta
https://securityintelligence.com/articles/incident-response-trifecta/

Ukraine at D+329: Disinformation and cyber in combined arms.
https://thecyberwire.com/stories/04a3c88d22544c0ea383e1b5adcbba78/ukraine-at-d329

Privacy experts raise their voices about the dangers of voice-assisted tech. MailChimp swiftly responds to data breach.
https://thecyberwire.com/newsletters/privacy-briefing/5/12

Synthetic Media Creates New Social Engineering Threats
https://securityintelligence.com/articles/synthetic-media-new-social-engineering-threats/

TLS Connection Cryptographic Protocol Vulnerabilities
https://malware.news/t/tls-connection-cryptographic-protocol-vulnerabilities/66550#post_1

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html

SeeProxy: Golang reverse proxy with CobaltStrike malleable profile validation.
https://www.reddit.com/r/netsec/comments/10g06ki/seeproxy_golang_reverse_proxy_with_cobaltstrike/

How CISOs can manage the cybersecurity of high-level executives
https://www.csoonline.com/article/3685415/how-cisos-can-manage-the-security-of-high-level-executives.html#tk.rss_all

Privacy legislation revisions in Australia and India. Recent actions in data handling regulation in the EU. US HHS issues healthcare cybersecurity guidance.
https://thecyberwire.com/newsletters/policy-briefing/5/12


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 21/01/2023

How Much is the U.S. Investing in Cyber (And is it Enough)?
https://securityintelligence.com/articles/how-much-is-us-investing-in-cyber/

Ransomware money laundering operation disrupted, founder arrested
https://www.malwarebytes.com/blog/news/2023/01/bitzlato-ransomware-laundry-operation-sees-founder-arrested

Vijilan - Managed service Providers (msp)
https://www.reddit.com/r/netsec/comments/10h71z4/vijilan_managed_service_providers_msp/

Paul Martini from iboss discusses their survey about Zero Trust cybersecurity.
https://thecyberwire.com/podcasts/interview-selects/143/notes

Mailchimp breach feels like deja vu
https://malware.news/t/mailchimp-breach-feels-like-deja-vu/66571#post_1

Orca describes, Microsoft fixes, four Azure SSRF issues. DNV recovering from ransomware. T-Mobile discloses a data breach. Cyberattack hits Nunavut utility.
https://thecyberwire.com/newsletters/week-that-was/7/3

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html

Russia Needs to Learn to Lose Like America
https://www.vice.com/en_us/article/qjkq9w/russia-needs-to-learn-to-lose-like-america

NIST to rework its cybersecurity guidelines. NSA updates its internet protocol guidance. CRA violations could mean steep fines.
https://thecyberwire.com/newsletters/policy-briefing/5/13

T-Mobile suffered a new data breach, 37 million accounts have been compromised
https://securityaffairs.com/141086/data-breach/t-mobile-data-breach-5.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman