Top Security News for 28/05/2022
RCE over ham radio - Reverse shell via WinAPRS
https://www.reddit.com/r/netsec/comments/uxo9bk/rce_over_ham_radio_reverse_shell_via_winaprs/
How To Build a Trusted Cybersecurity Program
https://malware.news/t/how-to-build-a-trusted-cybersecurity-program/60553/1
Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw
https://securityaffairs.co/wordpress/131698/hacking/poc-exploit-code-vmware-cve-2022-22972.html
Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach
https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html
CISA, DOD Report Gaps for Agencies Assessing 5G Security Risks
https://malware.news/t/cisa-dod-report-gaps-for-agencies-assessing-5g-security-risks/60550/1
Man who helped Infraud cybercrime cartel steal millions of credit cards sentenced
https://malware.news/t/man-who-helped-infraud-cybercrime-cartel-steal-millions-of-credit-cards-sentenced/60551/1
Cecelia Marinier from RSAC and Niloo Howe, judge, on the RSAC Innovation Sandbox contest.
https://thecyberwire.com/podcasts/interview-selects/112/notes
AWS universal rate-limiter bypass
https://www.reddit.com/r/netsec/comments/uyz6zw/aws_universal_ratelimiter_bypass/
Ukraine at D+92: Artillery, DDoS, and remittances in a hybrid war.
https://thecyberwire.com/stories/eb35d7ba848d4b16ac000f6936d75779/ukraine-at-d92
Firefox, Thunderbird, receive patches for critical security issues
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/firefox-thunderbird-receive-patches-for-critical-security-issues/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
RCE over ham radio - Reverse shell via WinAPRS
https://www.reddit.com/r/netsec/comments/uxo9bk/rce_over_ham_radio_reverse_shell_via_winaprs/
How To Build a Trusted Cybersecurity Program
https://malware.news/t/how-to-build-a-trusted-cybersecurity-program/60553/1
Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw
https://securityaffairs.co/wordpress/131698/hacking/poc-exploit-code-vmware-cve-2022-22972.html
Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach
https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html
CISA, DOD Report Gaps for Agencies Assessing 5G Security Risks
https://malware.news/t/cisa-dod-report-gaps-for-agencies-assessing-5g-security-risks/60550/1
Man who helped Infraud cybercrime cartel steal millions of credit cards sentenced
https://malware.news/t/man-who-helped-infraud-cybercrime-cartel-steal-millions-of-credit-cards-sentenced/60551/1
Cecelia Marinier from RSAC and Niloo Howe, judge, on the RSAC Innovation Sandbox contest.
https://thecyberwire.com/podcasts/interview-selects/112/notes
AWS universal rate-limiter bypass
https://www.reddit.com/r/netsec/comments/uyz6zw/aws_universal_ratelimiter_bypass/
Ukraine at D+92: Artillery, DDoS, and remittances in a hybrid war.
https://thecyberwire.com/stories/eb35d7ba848d4b16ac000f6936d75779/ukraine-at-d92
Firefox, Thunderbird, receive patches for critical security issues
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/firefox-thunderbird-receive-patches-for-critical-security-issues/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
RCE over ham radio - Reverse shell via WinAPRS
Posted in r/netsec by u/rickostuff • 53 points and 21 comments
Top Security News for 29/05/2022
Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass)
https://www.reddit.com/r/netsec/comments/uzkf6p/understanding_cve202222972_vmware_workspace_one/
Stealthy Linux malware bypasses firewalls for remote access
https://www.reddit.com/r/Malware/comments/uzr2gb/stealthy_linux_malware_bypasses_firewalls_for/
Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks
https://securityaffairs.co/wordpress/131762/apt/gamaredon-apt-ddos-attacks.html
New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme
https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html
Mining museums’ genomic treasures
https://arstechnica.com/?p=1856930
Are TikTok algorithms changing how people talk about suicide?
https://arstechnica.com/?p=1857008
Rikkei Finance Hack: Explained
https://www.reddit.com/r/netsec/comments/uzjfyx/rikkei_finance_hack_explained/
Compromised military tech?
https://thecyberwire.com/podcasts/research-saturday/234/notes
The strange link between Industrial Spy and the Cuba ransomware operation
https://securityaffairs.co/wordpress/131754/cyber-crime/industrial-spy-cuba-ransomware.html
How to secure Kubernetes Deployment
https://www.reddit.com/r/netsec/comments/uzk9od/how_to_secure_kubernetes_deployment/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass)
https://www.reddit.com/r/netsec/comments/uzkf6p/understanding_cve202222972_vmware_workspace_one/
Stealthy Linux malware bypasses firewalls for remote access
https://www.reddit.com/r/Malware/comments/uzr2gb/stealthy_linux_malware_bypasses_firewalls_for/
Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks
https://securityaffairs.co/wordpress/131762/apt/gamaredon-apt-ddos-attacks.html
New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme
https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html
Mining museums’ genomic treasures
https://arstechnica.com/?p=1856930
Are TikTok algorithms changing how people talk about suicide?
https://arstechnica.com/?p=1857008
Rikkei Finance Hack: Explained
https://www.reddit.com/r/netsec/comments/uzjfyx/rikkei_finance_hack_explained/
Compromised military tech?
https://thecyberwire.com/podcasts/research-saturday/234/notes
The strange link between Industrial Spy and the Cuba ransomware operation
https://securityaffairs.co/wordpress/131754/cyber-crime/industrial-spy-cuba-ransomware.html
How to secure Kubernetes Deployment
https://www.reddit.com/r/netsec/comments/uzk9od/how_to_secure_kubernetes_deployment/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass)
Posted in r/netsec by u/Mempodipper • 21 points and 0 comments
Top Security News for 30/05/2022
The mystery of China’s sudden warnings about US hackers
https://arstechnica.com/?p=1856999
Curious - What is Skillbrains ?
https://www.bleepingcomputer.com/forums/t/772662/curious-what-is-skillbrains/
ForceAdmin : Create infinate #UAC prompts forcing a user to run as admin.
https://www.reddit.com/r/netsec/comments/v08p38/forceadmin_create_infinate_uac_prompts_forcing_a/
Pro-Russian hacker group KillNet plans to attack Italy on May 30
https://securityaffairs.co/wordpress/131776/hacking/killnet-threatens-italy.html
JPG to Malware
https://www.reddit.com/r/netsec/comments/v08plj/jpg_to_malware/
Extracting The Overlay Of A PE File, (Sun, May 29th)
https://malware.news/t/extracting-the-overlay-of-a-pe-file-sun-may-29th/60555/1
Clop ransomware gang is back, hits 21 victims in a single month
https://www.reddit.com/r/Malware/comments/v03we1/clop_ransomware_gang_is_back_hits_21_victims_in_a/
How to stop malware extension from automatically re-installing every time i open Chrome
https://www.reddit.com/r/Malware/comments/v0k9fo/how_to_stop_malware_extension_from_automatically/
grsecurity - Tetragone: A Lesson in Security Fundamentals
https://www.reddit.com/r/netsec/comments/v06ok1/grsecurity_tetragone_a_lesson_in_security/
Extracting The Overlay Of A PE File, (Sun, May 29th)
https://isc.sans.edu/diary/rss/28692
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The mystery of China’s sudden warnings about US hackers
https://arstechnica.com/?p=1856999
Curious - What is Skillbrains ?
https://www.bleepingcomputer.com/forums/t/772662/curious-what-is-skillbrains/
ForceAdmin : Create infinate #UAC prompts forcing a user to run as admin.
https://www.reddit.com/r/netsec/comments/v08p38/forceadmin_create_infinate_uac_prompts_forcing_a/
Pro-Russian hacker group KillNet plans to attack Italy on May 30
https://securityaffairs.co/wordpress/131776/hacking/killnet-threatens-italy.html
JPG to Malware
https://www.reddit.com/r/netsec/comments/v08plj/jpg_to_malware/
Extracting The Overlay Of A PE File, (Sun, May 29th)
https://malware.news/t/extracting-the-overlay-of-a-pe-file-sun-may-29th/60555/1
Clop ransomware gang is back, hits 21 victims in a single month
https://www.reddit.com/r/Malware/comments/v03we1/clop_ransomware_gang_is_back_hits_21_victims_in_a/
How to stop malware extension from automatically re-installing every time i open Chrome
https://www.reddit.com/r/Malware/comments/v0k9fo/how_to_stop_malware_extension_from_automatically/
grsecurity - Tetragone: A Lesson in Security Fundamentals
https://www.reddit.com/r/netsec/comments/v06ok1/grsecurity_tetragone_a_lesson_in_security/
Extracting The Overlay Of A PE File, (Sun, May 29th)
https://isc.sans.edu/diary/rss/28692
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ars Technica
The mystery of China’s sudden warnings about US hackers
China has recently begun saber-rattling about American cyberespionage.
Top Security News for 31/05/2022
Is 3rd Party App Access the New Executable File?
https://thehackernews.com/2022/05/is-3rd-party-app-access-new-executable.html
POS Small Business Operation
https://www.bleepingcomputer.com/forums/t/772687/pos-small-business-operation/
WorldWide Deadbolt Ransomware : 1,216. title: "ALL YOUR FILES HAVE BEEN LOCKED BY DEADBOLT."
https://www.reddit.com/r/Malware/comments/v1ddoc/worldwide_deadbolt_ransomware_1216_title_all_your/
How Costa Rica found itself at war over ransomware
https://www.csoonline.com/article/3662311/how-costa-rica-found-itself-at-war-over-ransomware.html#tk.rss_all
I found a malicious chrome extension
https://www.reddit.com/r/Malware/comments/v1ddvb/i_found_a_malicious_chrome_extension/
Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/
Remembering Apple’s Newton, 30 years on
https://arstechnica.com/?p=1856644
Offensive Windows IPC Internals 3: ALPC
https://www.reddit.com/r/netsec/comments/v0uhc6/offensive_windows_ipc_internals_3_alpc/
Linux malware is on the rise—6 types of attacks to look for
https://www.csoonline.com/article/3662151/linux-malware-is-on-the-rise-6-types-of-attacks-to-look-for.html#tk.rss_all
Intuit phish says “we have put a temporary hold on your account”
https://blog.malwarebytes.com/social-engineering/2022/05/intuit-phish-says-we-have-put-a-temporary-hold-on-your-account/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Is 3rd Party App Access the New Executable File?
https://thehackernews.com/2022/05/is-3rd-party-app-access-new-executable.html
POS Small Business Operation
https://www.bleepingcomputer.com/forums/t/772687/pos-small-business-operation/
WorldWide Deadbolt Ransomware : 1,216. title: "ALL YOUR FILES HAVE BEEN LOCKED BY DEADBOLT."
https://www.reddit.com/r/Malware/comments/v1ddoc/worldwide_deadbolt_ransomware_1216_title_all_your/
How Costa Rica found itself at war over ransomware
https://www.csoonline.com/article/3662311/how-costa-rica-found-itself-at-war-over-ransomware.html#tk.rss_all
I found a malicious chrome extension
https://www.reddit.com/r/Malware/comments/v1ddvb/i_found_a_malicious_chrome_extension/
Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/
Remembering Apple’s Newton, 30 years on
https://arstechnica.com/?p=1856644
Offensive Windows IPC Internals 3: ALPC
https://www.reddit.com/r/netsec/comments/v0uhc6/offensive_windows_ipc_internals_3_alpc/
Linux malware is on the rise—6 types of attacks to look for
https://www.csoonline.com/article/3662151/linux-malware-is-on-the-rise-6-types-of-attacks-to-look-for.html#tk.rss_all
Intuit phish says “we have put a temporary hold on your account”
https://blog.malwarebytes.com/social-engineering/2022/05/intuit-phish-says-we-have-put-a-temporary-hold-on-your-account/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
BleepingComputer.com
POS Small Business Operation - General Security
POS Small Business Operation - posted in General Security: When setting up a new Point of Sale system in a small business, are there any recommendations/standards for safeguarding those systems? Thank you.
Top Security News for 01/06/2022
Code execution 0-day in Windows has been under active exploit for 7 weeks
https://arstechnica.com/?p=1857315
Is quantum teleportation the future of secure communications?
https://blog.malwarebytes.com/reports/2022/05/is-quantum-teleportation-the-future-of-secure-communications/
FBI warns of education sector credentials on dark web forums
https://blog.malwarebytes.com/privacy-2/2022/05/fbi-warns-of-education-sector-credentials-on-dark-web-forums/
Runescape phish claims your email has been changed
https://blog.malwarebytes.com/scams/2022/05/runescape-phish-claims-your-email-has-been-changed/
Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation
https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html
Marjorie Taylor Greene Says Bill Gates Will Force You to Eat Burgers Made in a ‘Peach Tree Dish’
https://www.vice.com/en_us/article/5dgne3/marjorie-taylor-greene-says-bill-gates-will-force-you-to-eat-burgers-made-in-a-peach-tree-dish
Technical Advisory: CVE-2022-30190 Zero-day Vulnerability “Follina” in Microsoft Support Diagnostic Tool
https://malware.news/t/technical-advisory-cve-2022-30190-zero-day-vulnerability-follina-in-microsoft-support-diagnostic-tool/60610/1
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html
Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html
The Internet needs to stop getting excited by vaporware EVs
https://arstechnica.com/?p=1857185
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Code execution 0-day in Windows has been under active exploit for 7 weeks
https://arstechnica.com/?p=1857315
Is quantum teleportation the future of secure communications?
https://blog.malwarebytes.com/reports/2022/05/is-quantum-teleportation-the-future-of-secure-communications/
FBI warns of education sector credentials on dark web forums
https://blog.malwarebytes.com/privacy-2/2022/05/fbi-warns-of-education-sector-credentials-on-dark-web-forums/
Runescape phish claims your email has been changed
https://blog.malwarebytes.com/scams/2022/05/runescape-phish-claims-your-email-has-been-changed/
Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation
https://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html
Marjorie Taylor Greene Says Bill Gates Will Force You to Eat Burgers Made in a ‘Peach Tree Dish’
https://www.vice.com/en_us/article/5dgne3/marjorie-taylor-greene-says-bill-gates-will-force-you-to-eat-burgers-made-in-a-peach-tree-dish
Technical Advisory: CVE-2022-30190 Zero-day Vulnerability “Follina” in Microsoft Support Diagnostic Tool
https://malware.news/t/technical-advisory-cve-2022-30190-zero-day-vulnerability-follina-in-microsoft-support-diagnostic-tool/60610/1
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html
Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html
The Internet needs to stop getting excited by vaporware EVs
https://arstechnica.com/?p=1857185
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malwarebytes
Is quantum teleportation the future of secure communications?
Dutch scientists have demonstrated the next step towards a quantum-based Internet that will make communications immediate and private
Top Security News for 02/06/2022
US Supreme Court puts a hold on enforcement of Texas social media law. INTERPOL issues warning about various forms of online extortion. US Commerce Department will restrict cyber exports to China.
https://thecyberwire.com/newsletters/policy-briefing/4/105
Unofficial patches for the 0-day vulnerability called Follina (CVE-2022-30190)
https://www.reddit.com/r/netsec/comments/v2maa4/unofficial_patches_for_the_0day_vulnerability/
Ransomware attack turns 2022 into 1977 for Somerset County
https://malware.news/t/ransomware-attack-turns-2022-into-1977-for-somerset-county/60662/1
Discord Is the Center of the Crypto World and That’s a Problem
https://www.vice.com/en_us/article/4awkew/discord-is-the-center-of-the-crypto-world-and-thats-a-problem
NASA still “pushing” for a Russian cosmonaut to fly on next SpaceX mission
https://arstechnica.com/?p=1856528
Information Security BASICS - Anvil Secure
https://www.reddit.com/r/netsec/comments/v2mrkd/information_security_basics_anvil_secure/
Minerva's evasion based CTF is open for registration
https://www.reddit.com/r/netsec/comments/v2ehz0/minervas_evasion_based_ctf_is_open_for/
NSIS Installer Malware Included with Various Malicious Files
https://malware.news/t/nsis-installer-malware-included-with-various-malicious-files/60663/1
Mass account takeover in Yunmai smartscale API (full disclosure)
https://www.reddit.com/r/netsec/comments/v0uv1g/mass_account_takeover_in_yunmai_smartscale_api/
OST2 Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities (Taught via explaining > 3 dozen CVEs from the last 3 years)
https://www.reddit.com/r/netsec/comments/v2ep1m/ost2_vulnerabilities_1001_cfamily_software/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
US Supreme Court puts a hold on enforcement of Texas social media law. INTERPOL issues warning about various forms of online extortion. US Commerce Department will restrict cyber exports to China.
https://thecyberwire.com/newsletters/policy-briefing/4/105
Unofficial patches for the 0-day vulnerability called Follina (CVE-2022-30190)
https://www.reddit.com/r/netsec/comments/v2maa4/unofficial_patches_for_the_0day_vulnerability/
Ransomware attack turns 2022 into 1977 for Somerset County
https://malware.news/t/ransomware-attack-turns-2022-into-1977-for-somerset-county/60662/1
Discord Is the Center of the Crypto World and That’s a Problem
https://www.vice.com/en_us/article/4awkew/discord-is-the-center-of-the-crypto-world-and-thats-a-problem
NASA still “pushing” for a Russian cosmonaut to fly on next SpaceX mission
https://arstechnica.com/?p=1856528
Information Security BASICS - Anvil Secure
https://www.reddit.com/r/netsec/comments/v2mrkd/information_security_basics_anvil_secure/
Minerva's evasion based CTF is open for registration
https://www.reddit.com/r/netsec/comments/v2ehz0/minervas_evasion_based_ctf_is_open_for/
NSIS Installer Malware Included with Various Malicious Files
https://malware.news/t/nsis-installer-malware-included-with-various-malicious-files/60663/1
Mass account takeover in Yunmai smartscale API (full disclosure)
https://www.reddit.com/r/netsec/comments/v0uv1g/mass_account_takeover_in_yunmai_smartscale_api/
OST2 Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities (Taught via explaining > 3 dozen CVEs from the last 3 years)
https://www.reddit.com/r/netsec/comments/v2ep1m/ost2_vulnerabilities_1001_cfamily_software/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
US Supreme Court puts a hold on enforcement of Texas social media law. INTERPOL issues warning about various forms of online extortion.…
Top Security News for 03/06/2022
Remotely Controlling Touchscreens
https://malware.news/t/remotely-controlling-touchscreens/60703/1
WinDealer dealing on the side
https://securelist.com/windealer-dealing-on-the-side/105946/
Analysis report on Log4j attack patterns
https://www.reddit.com/r/Malware/comments/v3p7l2/analysis_report_on_log4j_attack_patterns/
Ransomware roundup: System-locking malware dominates headlines
https://www.csoonline.com/article/3662038/ransomware-roundup-system-locking-malware-dominates-headlines.html#tk.rss_all
Analysis of the Massive NDSW/NDSX Malware Campaign
https://malware.news/t/analysis-of-the-massive-ndsw-ndsx-malware-campaign/60704/1
Sandbox Evasion... With Just a Filename!, (Fri, Jun 3rd)
https://isc.sans.edu/diary/rss/28708
Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html
10 of the hottest new cybersecurity startups at RSA 2022
https://www.csoonline.com/article/3662771/10-of-the-hottest-new-cybersecurity-startups-at-rsa-2022.html#tk.rss_all
ExpressVPN Removes Servers in India After Refusing to Comply with Government Order
https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html
NASA just bought the rest of the space station crew flights from SpaceX
https://arstechnica.com/?p=1857926
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Remotely Controlling Touchscreens
https://malware.news/t/remotely-controlling-touchscreens/60703/1
WinDealer dealing on the side
https://securelist.com/windealer-dealing-on-the-side/105946/
Analysis report on Log4j attack patterns
https://www.reddit.com/r/Malware/comments/v3p7l2/analysis_report_on_log4j_attack_patterns/
Ransomware roundup: System-locking malware dominates headlines
https://www.csoonline.com/article/3662038/ransomware-roundup-system-locking-malware-dominates-headlines.html#tk.rss_all
Analysis of the Massive NDSW/NDSX Malware Campaign
https://malware.news/t/analysis-of-the-massive-ndsw-ndsx-malware-campaign/60704/1
Sandbox Evasion... With Just a Filename!, (Fri, Jun 3rd)
https://isc.sans.edu/diary/rss/28708
Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html
10 of the hottest new cybersecurity startups at RSA 2022
https://www.csoonline.com/article/3662771/10-of-the-hottest-new-cybersecurity-startups-at-rsa-2022.html#tk.rss_all
ExpressVPN Removes Servers in India After Refusing to Comply with Government Order
https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html
NASA just bought the rest of the space station crew flights from SpaceX
https://arstechnica.com/?p=1857926
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Remotely Controlling Touchscreens
Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the…
👍2
Top Security News for 04/06/2022
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html
After remote-work ultimatum, Musk reveals plan to cut 10% of Tesla jobs
https://arstechnica.com/?p=1858044
Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
https://thehackernews.com/2022/06/microsoft-blocks-iran-linked-lebanese.html
Hacktivism, nominal and (possibly) real. Cyber gangs rebrand and branch out. CISA alerts. Cyber phases of Russia's hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/11/107
[updated]Unpatched Atlassian Confluence vulnerability is actively exploited
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/unpatched-atlassian-confluence-vulnerability-is-actively-exploited/
Perry Carpenter on his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer"
https://thecyberwire.com/podcasts/interview-selects/113/notes
Critical Atlassian 0-day is under active exploit. You’re patched, right?
https://arstechnica.com/?p=1858307
Threat Roundup for May 27 to June 3
https://malware.news/t/threat-roundup-for-may-27-to-june-3/60734/1
SSO explained: Single sign-on definition, examples, and terminology
https://www.csoonline.com/article/2115776/sso-explained-single-sign-on-definition-examples-and-terminology.html#tk.rss_all
Americans want more electric vehicles, but 50% by 2030 looks unlikely
https://arstechnica.com/?p=1858024
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html
After remote-work ultimatum, Musk reveals plan to cut 10% of Tesla jobs
https://arstechnica.com/?p=1858044
Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
https://thehackernews.com/2022/06/microsoft-blocks-iran-linked-lebanese.html
Hacktivism, nominal and (possibly) real. Cyber gangs rebrand and branch out. CISA alerts. Cyber phases of Russia's hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/11/107
[updated]Unpatched Atlassian Confluence vulnerability is actively exploited
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/unpatched-atlassian-confluence-vulnerability-is-actively-exploited/
Perry Carpenter on his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer"
https://thecyberwire.com/podcasts/interview-selects/113/notes
Critical Atlassian 0-day is under active exploit. You’re patched, right?
https://arstechnica.com/?p=1858307
Threat Roundup for May 27 to June 3
https://malware.news/t/threat-roundup-for-may-27-to-june-3/60734/1
SSO explained: Single sign-on definition, examples, and terminology
https://www.csoonline.com/article/2115776/sso-explained-single-sign-on-definition-examples-and-terminology.html#tk.rss_all
Americans want more electric vehicles, but 50% by 2030 looks unlikely
https://arstechnica.com/?p=1858024
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Hacktivism, nominal and (possibly) real. Cyber gangs rebrand and branch out. CISA alerts. Cyber phases of Russia's hybrid war.
Hacktivism: anti-Iran, and Iran-sponsored. Rebranding to evade sanctions. Conti's threat to firmware. Atlassian works on an actively exploited Confluence vulnerability. CISA releases ICS security advisories. Cyber phases of Russia's hybrid war against Ukraine.
👍1
Top Security News for 05/06/2022
Cyber phases of Russia's hybrid war. Microsoft hits Polonium and mitigates Follina. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. Notes from the underworld.
https://thecyberwire.com/newsletters/week-that-was/6/22
LemonDucks evading detection.
https://thecyberwire.com/podcasts/research-saturday/235/notes
Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552) - including remote write anywhere primitive in its IP stack
https://www.reddit.com/r/netsec/comments/v4ht0r/technical_advisory_multiple_vulnerabilities_in/
The Domain Generation Algorithms of SharkBot
https://malware.news/t/the-domain-generation-algorithms-of-sharkbot/60743/1
Smaller reactors may still have a big nuclear waste problem
https://arstechnica.com/?p=1858107
An actively exploited Microsoft 0-day flaw still doesn’t have a patch
https://arstechnica.com/?p=1858179
Protected: Biweekly Malware Challenge #1: Gozi/ISFB String Decryption
https://malware.news/t/protected-biweekly-malware-challenge-1-gozi-isfb-string-decryption/60740/1
Certificate Ripper released - tool to extract server certificates
https://www.reddit.com/r/netsec/comments/v4qegg/certificate_ripper_released_tool_to_extract/
Anonymous: Operation Russia after 100 days of war
https://securityaffairs.co/wordpress/131933/hacktivism/anonymous-operation-russia-100-days.html
Mind Map of Malware Mitigations
https://www.reddit.com/r/Malware/comments/v4vc7a/mind_map_of_malware_mitigations/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber phases of Russia's hybrid war. Microsoft hits Polonium and mitigates Follina. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. Notes from the underworld.
https://thecyberwire.com/newsletters/week-that-was/6/22
LemonDucks evading detection.
https://thecyberwire.com/podcasts/research-saturday/235/notes
Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552) - including remote write anywhere primitive in its IP stack
https://www.reddit.com/r/netsec/comments/v4ht0r/technical_advisory_multiple_vulnerabilities_in/
The Domain Generation Algorithms of SharkBot
https://malware.news/t/the-domain-generation-algorithms-of-sharkbot/60743/1
Smaller reactors may still have a big nuclear waste problem
https://arstechnica.com/?p=1858107
An actively exploited Microsoft 0-day flaw still doesn’t have a patch
https://arstechnica.com/?p=1858179
Protected: Biweekly Malware Challenge #1: Gozi/ISFB String Decryption
https://malware.news/t/protected-biweekly-malware-challenge-1-gozi-isfb-string-decryption/60740/1
Certificate Ripper released - tool to extract server certificates
https://www.reddit.com/r/netsec/comments/v4qegg/certificate_ripper_released_tool_to_extract/
Anonymous: Operation Russia after 100 days of war
https://securityaffairs.co/wordpress/131933/hacktivism/anonymous-operation-russia-100-days.html
Mind Map of Malware Mitigations
https://www.reddit.com/r/Malware/comments/v4vc7a/mind_map_of_malware_mitigations/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Cyber phases of Russia's hybrid war. Microsoft hits Polonium and mitigates Follina. CISA and its partners warn about the Karakurt…
Cyber phases of Russia's hybrid war. Microsoft shuts down Tehran-directed threat actor. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. Microsoft issues mitigations for Follina zero-day. Notes from the underworld.…
Top Security News for 06/06/2022
Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild
https://securityaffairs.co/wordpress/131942/security/atlassian-fixes-confluence-zero-day.html
ISC StormCast for Monday, June 6th, 2022
https://isc.sans.edu/podcastdetail.html?id=8036
Security Affairs newsletter Round 368 by Pierluigi Paganini
https://securityaffairs.co/wordpress/131958/breaking-news/security-affairs-newsletter-round-368-by-pierluigi-paganini.html
State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S
https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html
ISC Stormcast For Monday, June 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8036, (Mon, Jun 6th)
https://isc.sans.edu/diary/rss/28716
OFFENSIVE C#
https://www.reddit.com/r/Malware/comments/v564kf/offensive_c/
Defining the intruder’s dilemma.
https://thecyberwire.com/podcasts/cyberwire-x/32/notes
Analysis Of An "ms-msdt" RTF Maldoc, (Sun, Jun 5th)
https://isc.sans.edu/diary/rss/28714
Analysis of a large brute force attack campaign against Windows Remote Desktop
https://www.reddit.com/r/netsec/comments/v58po4/analysis_of_a_large_brute_force_attack_campaign/
Making blockchain stop wasting energy by getting it to manage energy
https://arstechnica.com/?p=1858298
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild
https://securityaffairs.co/wordpress/131942/security/atlassian-fixes-confluence-zero-day.html
ISC StormCast for Monday, June 6th, 2022
https://isc.sans.edu/podcastdetail.html?id=8036
Security Affairs newsletter Round 368 by Pierluigi Paganini
https://securityaffairs.co/wordpress/131958/breaking-news/security-affairs-newsletter-round-368-by-pierluigi-paganini.html
State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S
https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html
ISC Stormcast For Monday, June 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8036, (Mon, Jun 6th)
https://isc.sans.edu/diary/rss/28716
OFFENSIVE C#
https://www.reddit.com/r/Malware/comments/v564kf/offensive_c/
Defining the intruder’s dilemma.
https://thecyberwire.com/podcasts/cyberwire-x/32/notes
Analysis Of An "ms-msdt" RTF Maldoc, (Sun, Jun 5th)
https://isc.sans.edu/diary/rss/28714
Analysis of a large brute force attack campaign against Windows Remote Desktop
https://www.reddit.com/r/netsec/comments/v58po4/analysis_of_a_large_brute_force_attack_campaign/
Making blockchain stop wasting energy by getting it to manage energy
https://arstechnica.com/?p=1858298
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Atlassian rolled out fixes for Confluence zero-day actively exploited
Atlassian has addressed on Friday an actively exploited critical RCE flaw (CVE-2022-26134) in Confluence Server and Data Center products.
Top Security News for 07/06/2022
Solid-state batteries for EVs move a step closer to production
https://arstechnica.com/?p=1858366
Russia seeks to hijack German telescope on its X-ray spacecraft
https://arstechnica.com/?p=1858353
Observed In The Wild: Atlassian Confluence Server CVE-2022-26134
https://www.reddit.com/r/netsec/comments/v6iia0/observed_in_the_wild_atlassian_confluence_server/
Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers
https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html
Popping Eagle: How Global Analytics Uncovered a Stealthy Threat Actor
https://www.reddit.com/r/netsec/comments/v4aspa/popping_eagle_how_global_analytics_uncovered_a/
Passwordstate - Revoked its Digicert certificate used to sign the code
https://www.reddit.com/r/netsec/comments/v5xl0o/passwordstate_revoked_its_digicert_certificate/
Ukraine's SSSCIP discusses the cyber phases of Russia's war. Atlassian patches Confluence;. State actor exploits Follina.
https://thecyberwire.com/newsletters/daily-briefing/11/108
Big Tech pulls out all the stops to halt “self-preferencing” antitrust bill
https://arstechnica.com/?p=1858462
Microsoft Autopatch is here…but can you use it?
https://blog.malwarebytes.com/business-2/2022/06/microsoft-autopatch-is-here-but-can-you-use-it/
State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S
https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Solid-state batteries for EVs move a step closer to production
https://arstechnica.com/?p=1858366
Russia seeks to hijack German telescope on its X-ray spacecraft
https://arstechnica.com/?p=1858353
Observed In The Wild: Atlassian Confluence Server CVE-2022-26134
https://www.reddit.com/r/netsec/comments/v6iia0/observed_in_the_wild_atlassian_confluence_server/
Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers
https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html
Popping Eagle: How Global Analytics Uncovered a Stealthy Threat Actor
https://www.reddit.com/r/netsec/comments/v4aspa/popping_eagle_how_global_analytics_uncovered_a/
Passwordstate - Revoked its Digicert certificate used to sign the code
https://www.reddit.com/r/netsec/comments/v5xl0o/passwordstate_revoked_its_digicert_certificate/
Ukraine's SSSCIP discusses the cyber phases of Russia's war. Atlassian patches Confluence;. State actor exploits Follina.
https://thecyberwire.com/newsletters/daily-briefing/11/108
Big Tech pulls out all the stops to halt “self-preferencing” antitrust bill
https://arstechnica.com/?p=1858462
Microsoft Autopatch is here…but can you use it?
https://blog.malwarebytes.com/business-2/2022/06/microsoft-autopatch-is-here-but-can-you-use-it/
State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S
https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ars Technica
Solid-state batteries for EVs move a step closer to production
Solid Power wants to give cells to BMW and Ford for testing later this year.
Top Security News for 08/06/2022
AI Trained on 4Chan Becomes ‘Hate Speech Machine’
https://www.vice.com/en_us/article/7k8zwx/ai-trained-on-4chan-becomes-hate-speech-machine
Network analysis of a targeted phish that got past Defender
https://www.reddit.com/r/netsec/comments/v707vn/network_analysis_of_a_targeted_phish_that_got/
Zero-day flaw in Atlassian Confluence exploited in the wild since May
https://www.csoonline.com/article/3662755/zero-day-flaw-in-atlassian-confluence-exploited-in-the-wild-since-may.html#tk.rss_all
Inside the $100K+ forgery scandal that’s roiling PC game collecting
https://arstechnica.com/?p=1858275
Apple's New Feature Will Install Security Updates Automatically Without Full OS Update
https://thehackernews.com/2022/06/apples-new-feature-will-install.html
Apple will allow Linux VMs to run Intel apps with Rosetta in macOS Ventura
https://arstechnica.com/?p=1859358
Ransomware Task Force priorities see progress in first year
https://malware.news/t/ransomware-task-force-priorities-see-progress-in-first-year/60817/1
You’ll shoot your eye out: Popped champagne cork ejects CO2 at supersonic speeds
https://arstechnica.com/?p=1859317
AWS S3 Scanner: Online tool for finding misconfigurations
https://www.reddit.com/r/netsec/comments/v756tm/aws_s3_scanner_online_tool_for_finding/
DOJ, FBI shut down marketplace for stolen Social Security numbers
https://malware.news/t/doj-fbi-shut-down-marketplace-for-stolen-social-security-numbers/60821/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
AI Trained on 4Chan Becomes ‘Hate Speech Machine’
https://www.vice.com/en_us/article/7k8zwx/ai-trained-on-4chan-becomes-hate-speech-machine
Network analysis of a targeted phish that got past Defender
https://www.reddit.com/r/netsec/comments/v707vn/network_analysis_of_a_targeted_phish_that_got/
Zero-day flaw in Atlassian Confluence exploited in the wild since May
https://www.csoonline.com/article/3662755/zero-day-flaw-in-atlassian-confluence-exploited-in-the-wild-since-may.html#tk.rss_all
Inside the $100K+ forgery scandal that’s roiling PC game collecting
https://arstechnica.com/?p=1858275
Apple's New Feature Will Install Security Updates Automatically Without Full OS Update
https://thehackernews.com/2022/06/apples-new-feature-will-install.html
Apple will allow Linux VMs to run Intel apps with Rosetta in macOS Ventura
https://arstechnica.com/?p=1859358
Ransomware Task Force priorities see progress in first year
https://malware.news/t/ransomware-task-force-priorities-see-progress-in-first-year/60817/1
You’ll shoot your eye out: Popped champagne cork ejects CO2 at supersonic speeds
https://arstechnica.com/?p=1859317
AWS S3 Scanner: Online tool for finding misconfigurations
https://www.reddit.com/r/netsec/comments/v756tm/aws_s3_scanner_online_tool_for_finding/
DOJ, FBI shut down marketplace for stolen Social Security numbers
https://malware.news/t/doj-fbi-shut-down-marketplace-for-stolen-social-security-numbers/60821/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Vice
AI Trained on 4Chan Becomes ‘Hate Speech Machine’
After 24 hours, the nine bots running on 4chan had posted 15,000 times.
👍1
Top Security News for 09/06/2022
People’s Republic of China State-Sponsored Actors Exploit Network Providers and Devices
https://www.reddit.com/r/netsec/comments/v7simm/peoples_republic_of_china_statesponsored_actors/
DoJ shuts down dark web marketplace. Two million patients impacted in healthcare breach. Employee email compromised. Pennsylvania’s proposed incident reporting bill.
https://thecyberwire.com/podcasts/privacy-briefing/601/notes
ISC Stormcast For Thursday, June 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8042, (Thu, Jun 9th)
https://isc.sans.edu/diary/rss/28726
CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices.
https://thecyberwire.com/podcasts/cisa-cybersecurity-alerts/21/notes
MakeMoney malvertising campaign adds fake update template
https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/
Control Loop OT Cybersecurity Briefing for 06.08.22
https://thecyberwire.com/newsletters/control-loop/1/1
A detailed analysis of the new malware used by the Russian APT28/Sofacy called SkinnyBoy
https://www.reddit.com/r/Malware/comments/v7y9e8/a_detailed_analysis_of_the_new_malware_used_by/
RSA: Intel reference design to accelerate SASE, other security tasks
https://www.networkworld.com/article/3663370/rsa-intel-reference-design-to-accelerate-sase-other-security-tasks.html#tk.rss_all
Free tool to discover if your company or supply chain has employees and clients infected with info-stealing malwares
https://www.reddit.com/r/Malware/comments/v826sv/free_tool_to_discover_if_your_company_or_supply/
Confluence Webshells being dropped into the honeypot
https://www.reddit.com/r/netsec/comments/v7kls9/confluence_webshells_being_dropped_into_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
People’s Republic of China State-Sponsored Actors Exploit Network Providers and Devices
https://www.reddit.com/r/netsec/comments/v7simm/peoples_republic_of_china_statesponsored_actors/
DoJ shuts down dark web marketplace. Two million patients impacted in healthcare breach. Employee email compromised. Pennsylvania’s proposed incident reporting bill.
https://thecyberwire.com/podcasts/privacy-briefing/601/notes
ISC Stormcast For Thursday, June 9th, 2022 https://isc.sans.edu/podcastdetail.html?id=8042, (Thu, Jun 9th)
https://isc.sans.edu/diary/rss/28726
CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices.
https://thecyberwire.com/podcasts/cisa-cybersecurity-alerts/21/notes
MakeMoney malvertising campaign adds fake update template
https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/
Control Loop OT Cybersecurity Briefing for 06.08.22
https://thecyberwire.com/newsletters/control-loop/1/1
A detailed analysis of the new malware used by the Russian APT28/Sofacy called SkinnyBoy
https://www.reddit.com/r/Malware/comments/v7y9e8/a_detailed_analysis_of_the_new_malware_used_by/
RSA: Intel reference design to accelerate SASE, other security tasks
https://www.networkworld.com/article/3663370/rsa-intel-reference-design-to-accelerate-sase-other-security-tasks.html#tk.rss_all
Free tool to discover if your company or supply chain has employees and clients infected with info-stealing malwares
https://www.reddit.com/r/Malware/comments/v826sv/free_tool_to_discover_if_your_company_or_supply/
Confluence Webshells being dropped into the honeypot
https://www.reddit.com/r/netsec/comments/v7kls9/confluence_webshells_being_dropped_into_the/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
People’s Republic of China State-Sponsored Actors Exploit Network...
Posted in r/netsec by u/ksr_malware • 214 points and 16 comments
Top Security News for 10/06/2022
ISC Stormcast For Friday, June 10th, 2022 https://isc.sans.edu/podcastdetail.html?id=8044, (Fri, Jun 10th)
https://isc.sans.edu/diary/rss/28730
8 zero-day vulnerabilities discovered in popular industrial control system from Carrier
https://malware.news/t/8-zero-day-vulnerabilities-discovered-in-popular-industrial-control-system-from-carrier/60886/1
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
https://blog.malwarebytes.com/threat-analysis/2022/06/asyncrat-surpasses-dridex-trickbot-and-emotet-to-become-dominant-email-threat/
The tech behind the 2022 US CSO50 winners: Celebrating the CSO50 Solutions Partners
https://www.csoonline.com/article/3663670/the-tech-behind-the-2022-us-cso50-winners-celebrating-the-cso50-solutions-partners.html#tk.rss_all
IDA Plugin for loading extracted firmware images (SVD loader alternative)
https://www.reddit.com/r/netsec/comments/v8h5gp/ida_plugin_for_loading_extracted_firmware_images/
Apple’s passkeys attempt to solve the password problem
https://blog.malwarebytes.com/privacy-2/2022/06/apples-passkeys-attempt-to-solve-the-password-problem/
Snowflake offers cybersecurity data platform with security app integrations
https://www.csoonline.com/article/3663673/snowflake-offers-cybersecurity-data-platform-with-security-app-integrations.html#tk.rss_all
Network Security
https://www.bleepingcomputer.com/forums/t/773112/network-security/
New Emotet Variant Stealing Users' Credit Card Information from Google Chrome
https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html
Hackers using stealthy Linux backdoor Symbiote to steal credentials
https://www.csoonline.com/article/3663510/hackers-using-stealthy-linux-backdoor-symbiote-to-steal-credentials.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC Stormcast For Friday, June 10th, 2022 https://isc.sans.edu/podcastdetail.html?id=8044, (Fri, Jun 10th)
https://isc.sans.edu/diary/rss/28730
8 zero-day vulnerabilities discovered in popular industrial control system from Carrier
https://malware.news/t/8-zero-day-vulnerabilities-discovered-in-popular-industrial-control-system-from-carrier/60886/1
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
https://blog.malwarebytes.com/threat-analysis/2022/06/asyncrat-surpasses-dridex-trickbot-and-emotet-to-become-dominant-email-threat/
The tech behind the 2022 US CSO50 winners: Celebrating the CSO50 Solutions Partners
https://www.csoonline.com/article/3663670/the-tech-behind-the-2022-us-cso50-winners-celebrating-the-cso50-solutions-partners.html#tk.rss_all
IDA Plugin for loading extracted firmware images (SVD loader alternative)
https://www.reddit.com/r/netsec/comments/v8h5gp/ida_plugin_for_loading_extracted_firmware_images/
Apple’s passkeys attempt to solve the password problem
https://blog.malwarebytes.com/privacy-2/2022/06/apples-passkeys-attempt-to-solve-the-password-problem/
Snowflake offers cybersecurity data platform with security app integrations
https://www.csoonline.com/article/3663673/snowflake-offers-cybersecurity-data-platform-with-security-app-integrations.html#tk.rss_all
Network Security
https://www.bleepingcomputer.com/forums/t/773112/network-security/
New Emotet Variant Stealing Users' Credit Card Information from Google Chrome
https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html
Hackers using stealthy Linux backdoor Symbiote to steal credentials
https://www.csoonline.com/article/3663510/hackers-using-stealthy-linux-backdoor-symbiote-to-steal-credentials.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Friday, June 10th, 2022 - SANS ISC
👍1
Top Security News for 11/06/2022
Dell security advisory (AV22-316)
https://malware.news/t/dell-security-advisory-av22-316/60904/1
Vice Society ransomware gang adds the Italian City of Palermo to its data leak site
https://securityaffairs.co/wordpress/132122/cyber-crime/city-of-palermo-vice-society-ransomware.html
"Unpatchable" hardware flaw. Nation-state conflict in cyberspace. Threat actor Aoqin Dragon has been operating since 2013.
https://thecyberwire.com/newsletters/daily-briefing/11/112
Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign
https://securityaffairs.co/wordpress/132140/cyber-crime/cryptomining-campaign-atlassian-confluence-flaw.html
Atlassian patches Confluence. LockBit claims (implausibly) to have hit Mandiant. Effects of ransomware on businesses.
https://thecyberwire.com/newsletters/week-that-was/6/23
Cyber Security
https://www.bleepingcomputer.com/forums/t/773134/cyber-security/
RSA – APIs, your organization’s dedicated backdoors
https://malware.news/t/rsa-apis-your-organization-s-dedicated-backdoors/60901/1
Symbiote: A New, Hard-to-Detect Linux Threat
https://www.reddit.com/r/netsec/comments/v9awqq/symbiote_a_new_hardtodetect_linux_threat/
David Ring at RSAC discussing FBI Cyber Strategy/role in the cyber ecosystem and private sector engagement.
https://thecyberwire.com/podcasts/interview-selects/114/notes
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Dell security advisory (AV22-316)
https://malware.news/t/dell-security-advisory-av22-316/60904/1
Vice Society ransomware gang adds the Italian City of Palermo to its data leak site
https://securityaffairs.co/wordpress/132122/cyber-crime/city-of-palermo-vice-society-ransomware.html
"Unpatchable" hardware flaw. Nation-state conflict in cyberspace. Threat actor Aoqin Dragon has been operating since 2013.
https://thecyberwire.com/newsletters/daily-briefing/11/112
Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign
https://securityaffairs.co/wordpress/132140/cyber-crime/cryptomining-campaign-atlassian-confluence-flaw.html
Atlassian patches Confluence. LockBit claims (implausibly) to have hit Mandiant. Effects of ransomware on businesses.
https://thecyberwire.com/newsletters/week-that-was/6/23
Cyber Security
https://www.bleepingcomputer.com/forums/t/773134/cyber-security/
RSA – APIs, your organization’s dedicated backdoors
https://malware.news/t/rsa-apis-your-organization-s-dedicated-backdoors/60901/1
Symbiote: A New, Hard-to-Detect Linux Threat
https://www.reddit.com/r/netsec/comments/v9awqq/symbiote_a_new_hardtodetect_linux_threat/
David Ring at RSAC discussing FBI Cyber Strategy/role in the cyber ecosystem and private sector engagement.
https://thecyberwire.com/podcasts/interview-selects/114/notes
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Dell security advisory (AV22-316)
Article Link: Dell security advisory (AV22-316) - Canadian Centre for Cyber Security
Top Security News for 12/06/2022
Java for pentesting,malware?
https://0x00sec.org/t/java-for-pentesting-malware/29737
FBI, DOJ say less than 25% of NetWalker ransomware victims reported incidents
https://malware.news/t/fbi-doj-say-less-than-25-of-netwalker-ransomware-victims-reported-incidents/60908/1
Weekly News Roundup — June 5 to June 11
https://malware.news/t/weekly-news-roundup-june-5-to-june-11/60909/1
A Story of a Bug Found Fuzzing
https://www.reddit.com/r/netsec/comments/v9rhxf/a_story_of_a_bug_found_fuzzing/
New developments in the WSL attack.
https://thecyberwire.com/podcasts/research-saturday/236/notes
Iran-linked Lyceum APT adds a new .NET DNS Backdoor to its arsenal
https://securityaffairs.co/wordpress/132164/apt/lyceum-apt-target-energy-dns-backdoor.html
MIT researchers find new hardware vulnerability in the Apple M1 chip
https://malware.news/t/mit-researchers-find-new-hardware-vulnerability-in-the-apple-m1-chip/60910/1
Linternals: Memory Allocators [0x01]
https://www.reddit.com/r/lowlevel/comments/v9v6p1/linternals_memory_allocators_0x01/
PACMAN, a new attack technique against Apple M1 CPUs
https://securityaffairs.co/wordpress/132154/hacking/pacman-attack-apple-m1-cpus.html
Is process hollowing an objectively inferior approach to injecting a beacon?
https://www.reddit.com/r/lowlevel/comments/v9ujdp/is_process_hollowing_an_objectively_inferior/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Java for pentesting,malware?
https://0x00sec.org/t/java-for-pentesting-malware/29737
FBI, DOJ say less than 25% of NetWalker ransomware victims reported incidents
https://malware.news/t/fbi-doj-say-less-than-25-of-netwalker-ransomware-victims-reported-incidents/60908/1
Weekly News Roundup — June 5 to June 11
https://malware.news/t/weekly-news-roundup-june-5-to-june-11/60909/1
A Story of a Bug Found Fuzzing
https://www.reddit.com/r/netsec/comments/v9rhxf/a_story_of_a_bug_found_fuzzing/
New developments in the WSL attack.
https://thecyberwire.com/podcasts/research-saturday/236/notes
Iran-linked Lyceum APT adds a new .NET DNS Backdoor to its arsenal
https://securityaffairs.co/wordpress/132164/apt/lyceum-apt-target-energy-dns-backdoor.html
MIT researchers find new hardware vulnerability in the Apple M1 chip
https://malware.news/t/mit-researchers-find-new-hardware-vulnerability-in-the-apple-m1-chip/60910/1
Linternals: Memory Allocators [0x01]
https://www.reddit.com/r/lowlevel/comments/v9v6p1/linternals_memory_allocators_0x01/
PACMAN, a new attack technique against Apple M1 CPUs
https://securityaffairs.co/wordpress/132154/hacking/pacman-attack-apple-m1-cpus.html
Is process hollowing an objectively inferior approach to injecting a beacon?
https://www.reddit.com/r/lowlevel/comments/v9ujdp/is_process_hollowing_an_objectively_inferior/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
0x00sec - The Home of the Hacker
Java for pentesting,malware?
Currently, I am using 2 other languages. Is Java good for pentesting/networking ?
Top Security News for 13/06/2022
Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks
https://thehackernews.com/2022/06/iranian-hackers-spotted-using-new-dns.html
I wrote a non technical post on my blog regarding security specialists, nihilistic behavior, and how to stay positive. Sometimes we need a reminder that, after all, things are not that bad.
https://www.reddit.com/r/netsec/comments/vap5my/i_wrote_a_non_technical_post_on_my_blog_regarding/
NGINX security: Everything you may not need to know about NGINX error logs - complete guide
https://www.reddit.com/r/netsec/comments/vaf63c/nginx_security_everything_you_may_not_need_to/
Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers
https://securityaffairs.co/wordpress/132186/cyber-crime/ransomware-gangs-cve-2022-26134-rce-atlassian-confluence.html
Found 'phone-to-name.kvcache' in Mac Recovered Files folder
https://www.reddit.com/r/Malware/comments/valixl/found_phonetonamekvcache_in_mac_recovered_files/
ISC Stormcast For Monday, June 13th, 2022 https://isc.sans.edu/podcastdetail.html?id=8046, (Mon, Jun 13th)
https://isc.sans.edu/diary/rss/28736
Quickie: Follina, RTF & Explorer Preview Pane, (Sun, Jun 12th)
https://isc.sans.edu/diary/rss/28734
Quickie: Follina, RTF & Explorer Preview Pane, (Sun, Jun 12th)
https://malware.news/t/quickie-follina-rtf-explorer-preview-pane-sun-jun-12th/60911/1
ISC StormCast for Monday, June 13th, 2022
https://isc.sans.edu/podcastdetail.html?id=8046
ISC Stormcast For Monday, June 13th, 2022 https://isc.sans.edu/podcastdetail.html?id=8046, (Mon, Jun 13th)
https://malware.news/t/isc-stormcast-for-monday-june-13th-2022-https-isc-sans-edu-podcastdetail-html-id-8046-mon-jun-13th/60912/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks
https://thehackernews.com/2022/06/iranian-hackers-spotted-using-new-dns.html
I wrote a non technical post on my blog regarding security specialists, nihilistic behavior, and how to stay positive. Sometimes we need a reminder that, after all, things are not that bad.
https://www.reddit.com/r/netsec/comments/vap5my/i_wrote_a_non_technical_post_on_my_blog_regarding/
NGINX security: Everything you may not need to know about NGINX error logs - complete guide
https://www.reddit.com/r/netsec/comments/vaf63c/nginx_security_everything_you_may_not_need_to/
Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers
https://securityaffairs.co/wordpress/132186/cyber-crime/ransomware-gangs-cve-2022-26134-rce-atlassian-confluence.html
Found 'phone-to-name.kvcache' in Mac Recovered Files folder
https://www.reddit.com/r/Malware/comments/valixl/found_phonetonamekvcache_in_mac_recovered_files/
ISC Stormcast For Monday, June 13th, 2022 https://isc.sans.edu/podcastdetail.html?id=8046, (Mon, Jun 13th)
https://isc.sans.edu/diary/rss/28736
Quickie: Follina, RTF & Explorer Preview Pane, (Sun, Jun 12th)
https://isc.sans.edu/diary/rss/28734
Quickie: Follina, RTF & Explorer Preview Pane, (Sun, Jun 12th)
https://malware.news/t/quickie-follina-rtf-explorer-preview-pane-sun-jun-12th/60911/1
ISC StormCast for Monday, June 13th, 2022
https://isc.sans.edu/podcastdetail.html?id=8046
ISC Stormcast For Monday, June 13th, 2022 https://isc.sans.edu/podcastdetail.html?id=8046, (Mon, Jun 13th)
https://malware.news/t/isc-stormcast-for-monday-june-13th-2022-https-isc-sans-edu-podcastdetail-html-id-8046-mon-jun-13th/60912/1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
I wrote a non technical post on my blog regarding security...
Posted in r/netsec by u/last0x00 • 185 points and 28 comments
Top Security News for 14/06/2022
Using WiFi connection probe requests to track users
https://securityaffairs.co/wordpress/132193/mobile-2/wifi-probe-requests-track-users.html
ASEC Weekly Malware Statistics (May 30th, 2022 – June 5th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-may-30th-2022-june-5th-2022/60950/1
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.
https://thecyberwire.com/podcasts/daily-podcast/1598/notes
Say goodbye to browser ads and malware with this $30 tool
https://malware.news/t/say-goodbye-to-browser-ads-and-malware-with-this-30-tool/60948/1
Taking down the IP2Scam tech support campaign
https://blog.malwarebytes.com/threat-intelligence/2022/06/taking-down-the-ip2scam-tech-support-campaign/
9 ways hackers will use machine learning to launch attacks
https://www.csoonline.com/article/3250144/6-ways-hackers-will-use-machine-learning-to-launch-attacks.html#tk.rss_all
ISC Stormcast For Tuesday, June 14th, 2022 https://isc.sans.edu/podcastdetail.html?id=8048, (Tue, Jun 14th)
https://isc.sans.edu/diary/rss/28740
The many lives of BlackCat ransomware
https://www.reddit.com/r/netsec/comments/vbgh61/the_many_lives_of_blackcat_ransomware/
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html
Experts spotted Syslogk, a Linux rootkit under development
https://securityaffairs.co/wordpress/132232/malware/syslogk-linux-rootkit.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Using WiFi connection probe requests to track users
https://securityaffairs.co/wordpress/132193/mobile-2/wifi-probe-requests-track-users.html
ASEC Weekly Malware Statistics (May 30th, 2022 – June 5th, 2022)
https://malware.news/t/asec-weekly-malware-statistics-may-30th-2022-june-5th-2022/60950/1
A new RAT from Beijing. Muslim hacktivism in India. Ukraine reports a GRU spam campaign against media outlets. A Moscow court fines Wikimedia. And that UK cyber disaster was just a promo.
https://thecyberwire.com/podcasts/daily-podcast/1598/notes
Say goodbye to browser ads and malware with this $30 tool
https://malware.news/t/say-goodbye-to-browser-ads-and-malware-with-this-30-tool/60948/1
Taking down the IP2Scam tech support campaign
https://blog.malwarebytes.com/threat-intelligence/2022/06/taking-down-the-ip2scam-tech-support-campaign/
9 ways hackers will use machine learning to launch attacks
https://www.csoonline.com/article/3250144/6-ways-hackers-will-use-machine-learning-to-launch-attacks.html#tk.rss_all
ISC Stormcast For Tuesday, June 14th, 2022 https://isc.sans.edu/podcastdetail.html?id=8048, (Tue, Jun 14th)
https://isc.sans.edu/diary/rss/28740
The many lives of BlackCat ransomware
https://www.reddit.com/r/netsec/comments/vbgh61/the_many_lives_of_blackcat_ransomware/
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html
Experts spotted Syslogk, a Linux rootkit under development
https://securityaffairs.co/wordpress/132232/malware/syslogk-linux-rootkit.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Using WiFi connection probe requests to track users
Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track.
Top Security News for 15/06/2022
Oblivious HTTP
https://www.reddit.com/r/netsec/comments/vc9bt7/oblivious_http/
Securing the World Cup. Australia's security regulator cautions boards on cybersecurity. CISA sends FEITs to help Federal network security.
https://thecyberwire.com/newsletters/policy-briefing/4/114
Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs)
https://blog.malwarebytes.com/malwarebytes-news/2022/06/introducing-malwarebytes-vulnerability-assessment-for-oneview-how-to-check-for-common-vulnerabilities-and-exposures-cves/
TPM Sniffing Attacks Against Non-Bitlocker Targets
https://www.reddit.com/r/netsec/comments/vciv14/tpm_sniffing_attacks_against_nonbitlocker_targets/
Instagram scam steals your selfies to trick your friends
https://blog.malwarebytes.com/personal/scams-personal/2022/06/instagram-scam-steals-your-selfies-to-trick-your-friends/
Karakurt extortion group: Threat profile
https://blog.malwarebytes.com/cybercrime/2022/06/karakurt-extortion-group-threat-profile/
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
https://www.reddit.com/r/netsec/comments/vc77h9/zimbra_email_stealing_cleartext_credentials_via/
Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens
https://thehackernews.com/2022/06/unpatched-travis-ci-api-bug-exposes.html
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/multiple-adversaries-exploiting-confluence-vulnerability-warns-microsoft/
Stealthy Linux malware. Aoqin Dragon targets Southeast Asia and Australia. Iranian spearphishing campaign. BlackCat RaaS described.
https://thecyberwire.com/podcasts/research-briefing/121/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Oblivious HTTP
https://www.reddit.com/r/netsec/comments/vc9bt7/oblivious_http/
Securing the World Cup. Australia's security regulator cautions boards on cybersecurity. CISA sends FEITs to help Federal network security.
https://thecyberwire.com/newsletters/policy-briefing/4/114
Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs)
https://blog.malwarebytes.com/malwarebytes-news/2022/06/introducing-malwarebytes-vulnerability-assessment-for-oneview-how-to-check-for-common-vulnerabilities-and-exposures-cves/
TPM Sniffing Attacks Against Non-Bitlocker Targets
https://www.reddit.com/r/netsec/comments/vciv14/tpm_sniffing_attacks_against_nonbitlocker_targets/
Instagram scam steals your selfies to trick your friends
https://blog.malwarebytes.com/personal/scams-personal/2022/06/instagram-scam-steals-your-selfies-to-trick-your-friends/
Karakurt extortion group: Threat profile
https://blog.malwarebytes.com/cybercrime/2022/06/karakurt-extortion-group-threat-profile/
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
https://www.reddit.com/r/netsec/comments/vc77h9/zimbra_email_stealing_cleartext_credentials_via/
Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens
https://thehackernews.com/2022/06/unpatched-travis-ci-api-bug-exposes.html
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/multiple-adversaries-exploiting-confluence-vulnerability-warns-microsoft/
Stealthy Linux malware. Aoqin Dragon targets Southeast Asia and Australia. Iranian spearphishing campaign. BlackCat RaaS described.
https://thecyberwire.com/podcasts/research-briefing/121/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
reddit
Oblivious HTTP
Posted in r/netsec by u/nangaparbat • 2 points and 0 comments
Top Security News for 16/06/2022
For one software maker, an SBOM adds value to the product
https://www.csoonline.com/article/3663468/for-one-software-maker-an-sbom-adds-value-to-the-product.html#tk.rss_all
Email platform bug allows for theft of clear-text credentials. Update on the Kaiser Permanente breach. Arizona hospital suffers ransomware attack.
https://thecyberwire.com/newsletters/privacy-briefing/4/115
Hertzbleed - a new family of side-channel attacks
https://www.reddit.com/r/lowlevel/comments/vcf9ua/hertzbleed_a_new_family_of_sidechannel_attacks/
Email compromise leads to healthcare data breach at Kaiser Permanente
https://blog.malwarebytes.com/cybercrime/2022/06/email-compromise-leads-to-healthcare-data-breach-at-kaiser-permanente/
ISC Stormcast For Thursday, June 16th, 2022 https://isc.sans.edu/podcastdetail.html?id=8052, (Thu, Jun 16th)
https://isc.sans.edu/diary/rss/28750
Let’s give a look at the Dark Web Price Index 2022
https://securityaffairs.co/wordpress/132256/deep-web/dark-web-index-2022.html
Email platform bug allows for theft of clear-text credentials. Update on the Kaiser Permanente breach. Arizona hospital suffers ransomware attack.
https://thecyberwire.com/podcasts/privacy-briefing/605/notes
Sophos uncovers how APT groups carried out highly targeted attack
https://malware.news/t/sophos-uncovers-how-apt-groups-carried-out-highly-targeted-attack/61029/1
Update now! Microsoft patches Follina, and many other security updates
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-now-microsoft-patches-follina-and-many-other-security-updates/
Quick Malware Analysis: TA578 Thread-hijacked email, Bumblebee, and Cobalt Strike pcap from 2022-06-14
https://www.reddit.com/r/netsec/comments/vcvay2/quick_malware_analysis_ta578_threadhijacked_email/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
For one software maker, an SBOM adds value to the product
https://www.csoonline.com/article/3663468/for-one-software-maker-an-sbom-adds-value-to-the-product.html#tk.rss_all
Email platform bug allows for theft of clear-text credentials. Update on the Kaiser Permanente breach. Arizona hospital suffers ransomware attack.
https://thecyberwire.com/newsletters/privacy-briefing/4/115
Hertzbleed - a new family of side-channel attacks
https://www.reddit.com/r/lowlevel/comments/vcf9ua/hertzbleed_a_new_family_of_sidechannel_attacks/
Email compromise leads to healthcare data breach at Kaiser Permanente
https://blog.malwarebytes.com/cybercrime/2022/06/email-compromise-leads-to-healthcare-data-breach-at-kaiser-permanente/
ISC Stormcast For Thursday, June 16th, 2022 https://isc.sans.edu/podcastdetail.html?id=8052, (Thu, Jun 16th)
https://isc.sans.edu/diary/rss/28750
Let’s give a look at the Dark Web Price Index 2022
https://securityaffairs.co/wordpress/132256/deep-web/dark-web-index-2022.html
Email platform bug allows for theft of clear-text credentials. Update on the Kaiser Permanente breach. Arizona hospital suffers ransomware attack.
https://thecyberwire.com/podcasts/privacy-briefing/605/notes
Sophos uncovers how APT groups carried out highly targeted attack
https://malware.news/t/sophos-uncovers-how-apt-groups-carried-out-highly-targeted-attack/61029/1
Update now! Microsoft patches Follina, and many other security updates
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-now-microsoft-patches-follina-and-many-other-security-updates/
Quick Malware Analysis: TA578 Thread-hijacked email, Bumblebee, and Cobalt Strike pcap from 2022-06-14
https://www.reddit.com/r/netsec/comments/vcvay2/quick_malware_analysis_ta578_threadhijacked_email/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CSO Online
For one software maker, an SBOM adds value to the product
At Instant Connect, an SBOM has become part of the product offering, says Chief Product Officer Wes Wells.
Top Security News for 17/06/2022
ISC Stormcast For Friday, June 17th, 2022 https://isc.sans.edu/podcastdetail.html?id=8054, (Fri, Jun 17th)
https://malware.news/t/isc-stormcast-for-friday-june-17th-2022-https-isc-sans-edu-podcastdetail-html-id-8054-fri-jun-17th/61068/1
The Android kernel mitigations obstacle race
https://www.reddit.com/r/netsec/comments/vdprqx/the_android_kernel_mitigations_obstacle_race/
How to see the impact installing BApps might have on Burp Suite
https://portswigger.net/blog/how-to-see-the-impact-installing-bapps-might-have-on-burp-suite
Shadow Credentials - Red Teaming Experiments
https://www.reddit.com/r/netsec/comments/vdj28x/shadow_credentials_red_teaming_experiments/
This just in: there are more than 24 billion usernames. US healthcare data breach round-up.
https://thecyberwire.com/newsletters/privacy-briefing/4/116
Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.
https://thecyberwire.com/podcasts/daily-podcast/1601/notes
fast and furious OSCP monkeys doing weird things - learn how to exploit validate suid
https://www.reddit.com/r/netsec/comments/vd9l3v/fast_and_furious_oscp_monkeys_doing_weird_things/
VED (Vault Exploit Defense): Open source implementation
https://www.reddit.com/r/netsec/comments/vdm134/ved_vault_exploit_defense_open_source/
Photos of kids taken from spyware-ridden phones found exposed on the internet
https://blog.malwarebytes.com/stalkerware/2022/06/photos-of-kids-taken-from-spyware-ridden-phones-found-exposed-on-the-internet/
Think that a Ransomware cannot target your OneDrive and Sharepoint environments? Think again!
https://www.reddit.com/r/netsec/comments/vdjaju/think_that_a_ransomware_cannot_target_your/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC Stormcast For Friday, June 17th, 2022 https://isc.sans.edu/podcastdetail.html?id=8054, (Fri, Jun 17th)
https://malware.news/t/isc-stormcast-for-friday-june-17th-2022-https-isc-sans-edu-podcastdetail-html-id-8054-fri-jun-17th/61068/1
The Android kernel mitigations obstacle race
https://www.reddit.com/r/netsec/comments/vdprqx/the_android_kernel_mitigations_obstacle_race/
How to see the impact installing BApps might have on Burp Suite
https://portswigger.net/blog/how-to-see-the-impact-installing-bapps-might-have-on-burp-suite
Shadow Credentials - Red Teaming Experiments
https://www.reddit.com/r/netsec/comments/vdj28x/shadow_credentials_red_teaming_experiments/
This just in: there are more than 24 billion usernames. US healthcare data breach round-up.
https://thecyberwire.com/newsletters/privacy-briefing/4/116
Interpol scores against BEC, online fraud, and money laundering. Developments in C2C markets. Versioning vulnerability. Cyber war and cyber escalation.
https://thecyberwire.com/podcasts/daily-podcast/1601/notes
fast and furious OSCP monkeys doing weird things - learn how to exploit validate suid
https://www.reddit.com/r/netsec/comments/vd9l3v/fast_and_furious_oscp_monkeys_doing_weird_things/
VED (Vault Exploit Defense): Open source implementation
https://www.reddit.com/r/netsec/comments/vdm134/ved_vault_exploit_defense_open_source/
Photos of kids taken from spyware-ridden phones found exposed on the internet
https://blog.malwarebytes.com/stalkerware/2022/06/photos-of-kids-taken-from-spyware-ridden-phones-found-exposed-on-the-internet/
Think that a Ransomware cannot target your OneDrive and Sharepoint environments? Think again!
https://www.reddit.com/r/netsec/comments/vdjaju/think_that_a_ransomware_cannot_target_your/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Friday, June 17th, 2022 - SANS ISC