Top Security News for 01/07/2022

US TSA issues relaxed pipeline cybersecurity directives. A new approach to the development of international cyber norms. CISA issues guidance on migrating to Modern auth in Microsoft Exchange Online.
https://thecyberwire.com/newsletters/policy-briefing/4/125

Key takeaways from CSA’s SaaS Governance Best Practices guide
https://www.csoonline.com/article/3664935/key-takeaways-from-csa-s-saas-governance-best-practices-guide.html#tk.rss_all

C2C market differentiation and commodification. Hacktivists tied to Russia's government. New cyber phases of a hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/11/125

Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks
https://thehackernews.com/2022/06/ex-canadian-government-employee-pleads.html

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers
https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html

North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack
https://thehackernews.com/2022/06/north-korean-hackers-suspected-to-be.html

Influence ops for economic advantage. Targeting think tanks. Russia dismisses its missile strike on a shopping mall as a Ukrainian provocation. Leaving Snake Island.
https://thecyberwire.com/newsletters/disinformation-briefing/4/26

Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
https://www.reddit.com/r/netsec/comments/voetlt/weaponizing_and_abusing_hidden_functionalities/

Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter)
https://malware.news/t/case-of-attack-exploiting-anydesk-remote-tool-cobalt-strike-and-meterpreter/61456/1

Pro-Russian hackers launched a massive DDoS attack against Norway
https://securityaffairs.co/wordpress/132765/hacking/legion-ddos-norway.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/07/2022

RanSim: a ransomware simulation script written in PowerShell. Useful for testing your defenses and backups in a controlled simulation. The same script is used for encryption and decryption.
https://www.reddit.com/r/netsec/comments/voii89/ransim_a_ransomware_simulation_script_written_in/

Are reverse search warrants a violation of privacy? NFT marketplace involved in massive user data breach. Renter, beware. CISA on MedusaLocker ransomware.
https://thecyberwire.com/podcasts/privacy-briefing/617/notes

CISA Alert AA22-181A – #StopRansomware: MedusaLocker.
https://thecyberwire.com/podcasts/cisa-cybersecurity-alerts/23/notes

Dining table set George
https://www.bleepingcomputer.com/forums/t/774072/dining-table-set-george/

DPRK hacking for profit. MedusaLocker warning. C2C market notes. Cyber conflict in the Middle East and in Russia's war.
https://thecyberwire.com/newsletters/daily-briefing/11/126

It’s Been Zero Days Since BIND9 Crashed
https://www.reddit.com/r/netsec/comments/voxiu2/its_been_zero_days_since_bind9_crashed/

Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps
https://thehackernews.com/2022/07/microsoft-warns-about-evolving.html

Google Improves Its Password Manager to Boost Security Across All Platforms
https://thehackernews.com/2022/07/google-improves-its-password-manager-to.html

CVE-2022-28219 Detection: Critical RCE Vulnerability in Zoho ManageEngine ADAudit Plus
https://www.reddit.com/r/Malware/comments/vp20nc/cve202228219_detection_critical_rce_vulnerability/

Java Serialisation - the gift that keeps on taking (Part 3)
https://malware.news/t/java-serialisation-the-gift-that-keeps-on-taking-part-3/61475/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/07/2022

Malware keeps opening and closing Google Chrome
https://www.reddit.com/r/Malware/comments/vqwtnw/malware_keeps_opening_and_closing_google_chrome/

DS620slim tiny home server
https://malware.news/t/ds620slim-tiny-home-server/61479/1

Half of actively exploited zero-day issues in H1 2022 are variants of previous flaws
https://securityaffairs.co/wordpress/132813/security/h1-2022-zero-day-variants-previous-flaws.html

Microsoft: Raspberry Robin worm already infected hundreds of networks
https://securityaffairs.co/wordpress/132826/malware/microsoft-raspberry-robin-spreading.html

HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains
https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html

7-Zip & MoW, (Sun, Jul 3rd)
https://isc.sans.edu/diary/rss/28810

Tens of Jenkins plugins are affected by zero-day vulnerabilities
https://securityaffairs.co/wordpress/132836/security/jenkins-plugins-zero-day-flaws.html

Enterprise encryption and cybersecurity first principles, with Rick Howard.
https://thecyberwire.com/podcasts/cso-perspectives-public/51/notes

Over 900k Kubernetes Clusters Were Found Exposed Online
https://www.reddit.com/r/netsec/comments/vqd9ya/over_900k_kubernetes_clusters_were_found_exposed/

Bypassing Firefox's HTML Sanitizer API
https://www.reddit.com/r/netsec/comments/vqo7xq/bypassing_firefoxs_html_sanitizer_api/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/07/2022

Unfaithful HackerOne employee steals bug reports to claim additional bounties
https://securityaffairs.co/wordpress/132846/cyber-crime/hackerone-incident.html

Google fixes the fourth Chrome zero-day in 2022
https://securityaffairs.co/wordpress/132863/hacking/4th-chrome-zero-day.html

ISC Stormcast For Tuesday, July 5th, 2022 https://isc.sans.edu/podcastdetail.html?id=8074, (Tue, Jul 5th)
https://malware.news/t/isc-stormcast-for-tuesday-july-5th-2022-https-isc-sans-edu-podcastdetail-html-id-8074-tue-jul-5th/61501/1

When good-faith hacking gets people arrested, with Harley Geiger: Lock and Code S03E14
https://blog.malwarebytes.com/podcast/2022/07/when-good-faith-hacking-gets-people-arrested-with-harley-geiger-lock-and-code-s03e14/

HackerOne insider fired for trying to claim other people’s bounties
https://malware.news/t/hackerone-insider-fired-for-trying-to-claim-other-people-s-bounties/61499/1

Insider Threat: Employees indicted for stealing $88 million of license keys
https://blog.malwarebytes.com/cybercrime/2022/07/insider-threat-employees-indicted-for-stealing-88-million-of-license-keys/

From Misconfigured Certificate Template to Windows Domain Admin
https://www.reddit.com/r/netsec/comments/vrgs55/from_misconfigured_certificate_template_to/

Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH
https://thehackernews.com/2022/07/ukrainian-authorities-arrested-phishing.html

Data of a billion Chinese residents available for sale on the dark web
https://securityaffairs.co/wordpress/132860/data-breach/chinese-residents-data-dark-web.html

Threat Report Portugal: Q2 2022
https://securityaffairs.co/wordpress/132842/security/threat-report-portugal-q2-2022.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 06/07/2022

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web
https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html

putlocker and similar websites
https://www.reddit.com/r/Malware/comments/vsbzen/putlocker_and_similar_websites/

NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/05-07-2022

变脸, Teng Snake (a.k.a. Code Core)
https://malware.news/t/teng-snake-a-k-a-code-core/61543/1

#McAfeePride2022
https://malware.news/t/mcafeepride2022/61540/1

Smart or Stupid? Cybercriminal Group Names Decoded!
https://cisomag.com/smart-or-stupid-cybercriminal-group-names-decoded/

TikTok is “unacceptable security risk” and should be removed from app stores, says FCC
https://blog.malwarebytes.com/privacy-2/2022/07/tiktok-is-unacceptable-security-risk-and-should-be-removed-from-app-stores-says-fcc/

ISC StormCast for Wednesday, July 6th, 2022
https://isc.sans.edu/podcastdetail.html?id=8076

From NtObjectManager to PetitPotam
https://www.reddit.com/r/netsec/comments/vrz3xy/from_ntobjectmanager_to_petitpotam/

A Tech Millionaire Bought a Giant Cold War Radar to ‘Find UFOs’
https://www.vice.com/en_us/article/k7ba9x/a-tech-millionaire-bought-a-giant-cold-war-radar-to-find-ufos


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/07/2022

Is the American Innovation and Online Choice Act beneficial?
https://thecyberwire.com/podcasts/caveat/132/notes

NIST names new post-quantum cryptography standards
https://www.csoonline.com/article/3665695/nist-names-new-post-quantum-cryptography-standards.html#tk.rss_all

Apple to launch ‘lockdown mode’ to protect against Pegasus-style hacks
https://www.theguardian.com/technology/2022/jul/06/apple-to-launch-lockdown-mode-to-protect-against-pegasus-style-hacks

Human errors and why they're made.
https://thecyberwire.com/podcasts/hacking-humans/203/notes

Attacker groups adopt new penetration testing tool Brute Ratel
https://www.csoonline.com/article/3666508/attacker-groups-adopt-new-penetration-testing-tool-brute-ratel.html#tk.rss_all

Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
https://www.reddit.com/r/netsec/comments/vsqi5l/optimizing_cicd_credential_hygiene_a_comparison/

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
https://thehackernews.com/2022/07/nist-announces-first-four-quantum.html

YamaBot Malware Used by Lazarus
https://malware.news/t/yamabot-malware-used-by-lazarus/61590/1

Georgia’s Conspiracy-Magnet Guidestones Monument Has Been Bombed
https://www.vice.com/en_us/article/dy7v8x/georgias-conspiracy-magnet-guidestones-monument-has-been-bombed

Safe way to warn a business that their website URL has been hijacked?
https://www.bleepingcomputer.com/forums/t/774271/safe-way-to-warn-a-business-that-their-website-url-has-been-hijacked/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/07/2022

ENISA released the Threat Landscape Methodology
https://securityaffairs.co/wordpress/132973/security/enis-athreat-landscape-methodology.html

FBI and MI-5 warn of Chinese industrial espionage. Trickbot's privateering. Cozy Bear sighting. Chinese APTs target Russia.
https://thecyberwire.com/newsletters/daily-briefing/11/129

Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign
https://thehackernews.com/2022/07/over-1200-npm-packages-found-involved.html

What to Look for in a Network Vulnerability Scanner
https://malware.news/t/what-to-look-for-in-a-network-vulnerability-scanner/61628/1

Automating binary vulnerability discovery with Ghidra and Semgrep
https://www.reddit.com/r/netsec/comments/vtcsdv/automating_binary_vulnerability_discovery_with/

New NIST Software Supply Chain Security Guidance Recommends Use of Security Ratings
https://malware.news/t/new-nist-software-supply-chain-security-guidance-recommends-use-of-security-ratings/61629/1

Apple Lockdown Mode helps protect users from spyware
https://blog.malwarebytes.com/malwarebytes-news/2022/07/apple-lockdown-mode-helps-protect-users-from-spyware/

5 things security pros want from XDR platforms
https://www.csoonline.com/article/3665913/5-things-security-pros-want-from-xdr-platforms.html#tk.rss_all

Revelstoke’s SOAR to improve case management with replicable sub-workflows
https://www.csoonline.com/article/3666728/revelstokes-soar-to-improve-case-management-with-replicable-sub-workflows.html#tk.rss_all

What is Malware and How to Avoid Becoming a Victim
https://malware.news/t/what-is-malware-and-how-to-avoid-becoming-a-victim/61626/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 09/07/2022

How to Find a Mortgage Expert in the UK
https://www.bleepingcomputer.com/forums/t/774340/how-to-find-a-mortgage-expert-in-the-uk/

Evolution of the LockBit Ransomware operation relies on new techniques
https://securityaffairs.co/wordpress/133027/cyber-crime/lockbit-2-0-evolution.html

Avoid travel digital disasters – Week in security with Tony Anscombe
https://malware.news/t/avoid-travel-digital-disasters-week-in-security-with-tony-anscombe/61653/1

Shanghaied data. Update on the Marriott breach. California college suffers cyberattack. Maui ransomware. NPM supply chain attack update.
https://thecyberwire.com/podcasts/privacy-briefing/621/notes

Thread hijacking operation linked to TA578. Gun owner data leaked by California Justice Department.
https://thecyberwire.com/newsletters/privacy-briefing/4/130

Dell security advisory (AV22-381)
https://malware.news/t/dell-security-advisory-av22-381/61657/1

Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets
https://thehackernews.com/2022/07/researchers-detail-techniques-lockbit.html

Royal Army accounts hijacked. A hacktivist group claims to have hit Iranian sites. Very large database of PII for sale on the dark web.
https://thecyberwire.com/newsletters/week-that-was/6/27

Thread hijacking operation linked to TA578. Gun owner data leaked by California Justice Department.
https://thecyberwire.com/podcasts/research-saturday/621/notes

Recorded Future closes acquisition of malware analysis firm Hatching
https://www.csoonline.com/article/3666693/recorded-future-closes-acquisition-of-malware-analysis-firm-hatching.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 10/07/2022

Simple_listener.py
https://malware.news/t/simple-listener-py/61662/1

Weekly News Roundup — July 3 to July 9
https://malware.news/t/weekly-news-roundup-july-3-to-july-9/61660/1

Ongoing Raspberry Robin campaign leverages compromised QNAP devices
https://securityaffairs.co/wordpress/133039/cyber-crime/raspberry-robin-infection-attacks.html

Cyberpunk Future
https://0x00sec.org/t/cyberpunk-future/30127

Simone Petrella: Fake it, until you make it. [CEO]
https://thecyberwire.com/podcasts/career-notes/107/notes

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor
https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html

Does "Autostart" Really Mean "Autostart"?
https://malware.news/t/does-autostart-really-mean-autostart/61661/1

Fortinet addressed multiple vulnerabilities in several products
https://securityaffairs.co/wordpress/133059/security/fortinet-multiple-issues-several-products.html

Rozena backdoor delivered by exploiting the Follina bug
https://securityaffairs.co/wordpress/133051/hacking/follina-bug-rozena-backdoor.html

Apple Lockdown Mode will protect users against highly targeted cyberattacks
https://securityaffairs.co/wordpress/133065/mobile-2/apple-lockdown-mode.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 11/07/2022

PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects
https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html

Private 5G Network Security Expectations Part 3
https://malware.news/t/private-5g-network-security-expectations-part-3/61674/1

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity
https://thehackernews.com/2022/07/hackers-used-fake-job-offer-to-hack-and.html

WAF from the scratch
https://www.reddit.com/r/netsec/comments/vw9utw/waf_from_the_scratch/

How the FBI quietly added itself to criminals’ instant message conversations
https://blog.malwarebytes.com/reports/2022/07/how-the-fbi-quietly-added-itself-to-criminals-instant-message-conversations/

Totmania.net DO NOT OPEN
https://www.reddit.com/r/Malware/comments/vw4lg8/totmanianet_do_not_open/

4 ways businesses can save money on cyber insurance
https://malware.news/t/4-ways-businesses-can-save-money-on-cyber-insurance/61669/1

North Korean APT targets US healthcare sector with Maui ransomware
https://blog.malwarebytes.com/ransomware/2022/07/north-korean-apt-targets-us-healthcare-sector-with-maui-ransomware/

Meterpreter Distributed to Vulnerable Server of Korean Medical Institution
https://malware.news/t/meterpreter-distributed-to-vulnerable-server-of-korean-medical-institution/61671/1

Debug Log: Why is my M.2 SSD so slow?
https://gynvael.coldwind.pl/?id=749


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 12/07/2022

Sneaky Orbit Malware Backdoors Linux Devices
https://packetstormsecurity.com/news/view/33618/Sneaky-Orbit-Malware-Backdoors-Linux-Devices.html

One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem
https://securityintelligence.com/articles/colonial-pipeline-federal-regulation-update/

Anubis Networks is back with new C2 server
https://securityaffairs.co/wordpress/133115/hacking/anubis-networks-new-c2.html

Australian incident reporting law comes into effect. UK agencies recommend (strongly) against paying ransom.
https://thecyberwire.com/newsletters/policy-briefing/4/131

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs
https://thehackernews.com/2022/07/cloud-based-cryptocurrency-miners.html

Text-based fraud: from 419 scams to vishing
https://securelist.com/mail-text-scam/106926/

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems
https://thehackernews.com/2022/07/microsoft-windows-autopatch-is-now.html

Accounts getting hacked
https://www.reddit.com/r/Malware/comments/vwuz3v/accounts_getting_hacked/

‘Don’t Ask Me Why’: NYC Releases Video About What to Do in Case of Nuclear War
https://www.vice.com/en_us/article/pkgbq7/dont-ask-me-why-nyc-releases-video-about-what-to-do-in-case-of-nuclear-war

ISC StormCast for Tuesday, July 12th, 2022
https://isc.sans.edu/podcastdetail.html?id=8082


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 13/07/2022

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021
https://securityaffairs.co/wordpress/133154/hacking/aitm-phishing-campaigns.html

NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/12-07-2022

Microsoft Azure Site Recovery DLL Hijacking ($10,000 Bug Bounty)
https://www.reddit.com/r/netsec/comments/vxg4f9/microsoft_azure_site_recovery_dll_hijacking_10000/

Shitposting Shiba Inu Accounts Chased a Russian Diplomat Offline
https://www.vice.com/en_us/article/y3pd5y/shitposting-shiba-inu-accounts-chased-a-russian-diplomat-offline

The dangers of real time bidding. Round-up of recent US healthcare breaches. Threat groups just made it easier to find stolen data on leak sites.
https://thecyberwire.com/podcasts/privacy-briefing/623/notes

Concentric launches new data privacy and cybersecurity solution Eclipse
https://www.csoonline.com/article/3666696/concentric-launches-new-data-privacy-and-cybersecurity-solution-eclipse.html#tk.rss_all

Barracuda report: Almost everyone faced an industrial attack in the last year
https://www.csoonline.com/article/3666523/barracuda-report-almost-everyone-faced-an-industrial-attack-in-the-last-year.html#tk.rss_all

Microsoft announced the general availability of Windows Autopatch feature
https://securityaffairs.co/wordpress/133139/security/microsoft-autopatch.html

Misconfiguration on Digital Guardian Endpoint DLP
https://www.reddit.com/r/netsec/comments/vwc2d4/misconfiguration_on_digital_guardian_endpoint_dlp/

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies
https://thehackernews.com/2022/07/avoiding-death-by-thousand-scripts.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 14/07/2022

Three UEFI Firmware flaws found in tens of Lenovo Notebook models
https://securityaffairs.co/wordpress/133186/security/lenovo-uefi-firmware-flaws.html

U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens' Sensitive Data
https://thehackernews.com/2022/07/us-ftc-vows-to-crack-down-on-illegal.html

Why Threat Analysis Will Continue to Play a Vital Role in Security
https://securityintelligence.com/posts/threat-analysis-vital-role-security/

Ransomware rolled through business defenses in Q2 2022
https://blog.malwarebytes.com/business/2022/07/ransomware-rolled-through-business-defenses-in-q2-2022/

Update now—July Patch Tuesday patches include fix for exploited zero-day
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-july-patch-tuesday-patches-include-fix-for-exploited-zero-day/

Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware
https://thehackernews.com/2022/07/researchers-uncover-new-variants-of.html

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models
https://thehackernews.com/2022/07/new-uefi-firmware-vulnerabilities.html

Exostar launches CMMC 2.0-compliant Microsoft 365, other solutions for SMBs
https://www.csoonline.com/article/3666832/exostar-launches-new-microsoft-365-cmmc-2-0-solutions-for-smbs.html#tk.rss_all

NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/13-07-2022

Dealing with Failure: Failure Escalation Policy in CLR Hosts
https://www.reddit.com/r/netsec/comments/vybzbn/dealing_with_failure_failure_escalation_policy_in/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/07/2022

Open source security needs automation as usage climbs amongst organisations
https://malware.news/t/open-source-security-needs-automation-as-usage-climbs-amongst-organisations/61862/1

Build your first LLVM Obfuscator
https://www.reddit.com/r/netsec/comments/w14fsr/build_your_first_llvm_obfuscator/

StartupApproved\Run, pt II
https://malware.news/t/startupapproved-run-pt-ii/61859/1

Google is going to remove App Permissions List from the Play Store
https://securityaffairs.co/wordpress/133334/mobile-2/google-removes-app-permissions-list-play-store.html

Python: Files In Use By Another Process, (Sun, Jul 17th)
https://isc.sans.edu/diary/rss/28848

Adding Your Own Keywords To My PDF Tools, (Mon, Jul 18th)
https://isc.sans.edu/diary/rss/28852

Going beyond Alert with XSS
https://zdresearch.com/going-beyond-alert-with-xss/

Enterprise backups and cybersecurity first principles, with Rick Howard.
https://thecyberwire.com/podcasts/cso-perspectives-public/53/notes

Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever
https://securityaffairs.co/wordpress/133339/cyber-crime/crooks-stole-375k-from-premint-nft-it-is-one-of-the-biggest-nft-hacks-ever.html

Adding Your Own Keywords To My PDF Tools, (Mon, Jul 18th)
https://malware.news/t/adding-your-own-keywords-to-my-pdf-tools-mon-jul-18th/61865/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 19/07/2022

A Deep Dive Into ALPHV/BlackCat Ransomware
https://www.reddit.com/r/Malware/comments/w26smy/a_deep_dive_into_alphvblackcat_ransomware/

A Deep Dive Into ALPHV/BlackCat Ransomware
https://www.reddit.com/r/netsec/comments/w20ai0/a_deep_dive_into_alphvblackcat_ransomware/

new privesc on AWS (DataScientist policy)
https://www.reddit.com/r/netsec/comments/w29e8l/new_privesc_on_aws_datascientist_policy/

ISC Stormcast For Tuesday, July 19th, 2022 https://isc.sans.edu/podcastdetail.html?id=8092, (Tue, Jul 19th)
https://isc.sans.edu/diary/rss/28854

Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch
https://thehackernews.com/2022/07/mind-gap-how-to-ensure-your.html

Lending Tree says leaked data aren’t theirs. One year after the Pegasus Project, the spyware remains at large. US child privacy legislation updates.
https://thecyberwire.com/newsletters/privacy-briefing/4/136

chip-red-pill/MicrocodeDecryptor - understand how Intel mitigated spectre vulnerability, explore the implementation of Intel TXT, SGX,VT-x technologies
https://www.reddit.com/r/netsec/comments/w2gcuu/chipredpillmicrocodedecryptor_understand_how/

Auth0’s OpenFGA explained: Open source universal authorization
https://www.csoonline.com/article/3667268/auth0-s-openfga-explained-open-source-universal-authorization.html#tk.rss_all

New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks
https://thehackernews.com/2022/07/new-study-finds-most-enterprise-vendors.html

Ukraine at D+144: Firing for whatever effect.
https://thecyberwire.com/stories/b3116afd3de447209bff4d030315f834/ukraine-at-d144


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 20/07/2022

BrandPost: How CSPs can Future Proof 5G Mobile Networks
https://www.csoonline.com/article/3667438/how-csps-can-future-proof-5g-mobile-networks.html#tk.rss_all

Darktrace launches new PREVENT AI security products to pre-empt cyberthreats
https://www.csoonline.com/article/3667494/darktrace-launches-new-prevent-ai-security-products-to-pre-empt-cyberthreats.html#tk.rss_all

ISC Stormcast For Wednesday, July 20th, 2022 https://isc.sans.edu/podcastdetail.html?id=8094, (Wed, Jul 20th)
https://isc.sans.edu/diary/rss/28858

GPS trackers used for vehicle fleet management can be hijacked by hackers
https://www.csoonline.com/article/3667316/gps-trackers-used-for-vehicle-fleet-management-can-be-hijacked-by-hackers.html#tk.rss_all

EU warns of risks of spillover effects associated with the ongoing war in Ukraine
https://securityaffairs.co/wordpress/133436/cyber-warfare-2/eu-warns-ukraine-spillover.html

New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals
https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware
https://securityaffairs.co/wordpress/133394/malware/play-store-apps-joker-facestealer-coper.html

Malicious Python Script Behaving Like a Rubber Ducky, (Wed, Jul 20th)
https://isc.sans.edu/diary/rss/28860

PayPal phishing campaign goes after more than just your login credentials
https://blog.malwarebytes.com/social-engineering/2022/07/paypal-phishing-campaign-goes-after-more-than-just-your-login-credentials/

Security Alert: Oracle Releases Critical Patch Update, July 2022
https://malware.news/t/security-alert-oracle-releases-critical-patch-update-july-2022/61935/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 21/07/2022

Malware Being Distributed by Disguising Itself as Icon of V3 Lite
https://malware.news/t/malware-being-distributed-by-disguising-itself-as-icon-of-v3-lite/61979/1

Session On Android – An App Wrapped in Signal
https://www.reddit.com/r/netsec/comments/w3du6v/session_on_android_an_app_wrapped_in_signal/

ISC Stormcast For Thursday, July 21st, 2022 https://isc.sans.edu/podcastdetail.html?id=8096, (Thu, Jul 21st)
https://isc.sans.edu/diary/rss/28864

RE-AOL Is a Faithful Recreation of AOL 3.0
https://www.vice.com/en_us/article/93aby3/re-aol-is-a-faithful-recreation-of-aol-30

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers
https://securityaffairs.co/wordpress/133445/hacking/micodus-tracker-flaws.html

DNS-over-HTTP/3 in Android
https://www.reddit.com/r/netsec/comments/w3i930/dnsoverhttp3_in_android/

Microsoft Azure Arc Logging Passwords in Plaintext
https://www.reddit.com/r/netsec/comments/w2tuqh/microsoft_azure_arc_logging_passwords_in_plaintext/

ISC Stormcast For Thursday, July 21st, 2022 https://isc.sans.edu/podcastdetail.html?id=8096, (Thu, Jul 21st)
https://malware.news/t/isc-stormcast-for-thursday-july-21st-2022-https-isc-sans-edu-podcastdetail-html-id-8096-thu-jul-21st/61981/1

[SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky
https://blog.rootshell.be/2022/07/20/sans-isc-malicious-python-script-behaving-like-a-rubber-ducky/

Robot Dog Not So Cute With Submachine Gun Strapped to Its Back
https://www.vice.com/en_us/article/m7gv33/robot-dog-not-so-cute-with-submachine-gun-strapped-to-its-back


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 22/07/2022

Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities
https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html

Official: White House to Meet with Rail Industry Before Issuing Cybersecurity Rules
https://malware.news/t/official-white-house-to-meet-with-rail-industry-before-issuing-cybersecurity-rules/62018/1

TA4563 group leverages EvilNum malware to target European financial and investment entities
https://securityaffairs.co/wordpress/133535/apt/ta4563-group-evilnum-malware.html

Vulnerabilities in GPS tracker could have “life-threatening” implications
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/vulnerabilities-in-gps-tracker-could-have-life-threatening-implications/

The Return of Candiru: Zero-days in the Middle East
https://www.reddit.com/r/netsec/comments/w4fhyu/the_return_of_candiru_zerodays_in_the_middle_east/

DHS buys phone location data. Hacker lets Neopets’ cat out of the bag. Black Basta takes credit for attack on Knauf Insulation.
https://thecyberwire.com/podcasts/privacy-briefing/630/notes

BrandPost: Identity-first Security: How to Keep Your Security Team Strategic
https://www.csoonline.com/article/3667474/identity-first-security-how-to-keep-your-security-team-strategic.html#tk.rss_all

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
https://thehackernews.com/2022/07/new-linux-malware-framework-let.html

FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers
https://thehackernews.com/2022/07/fbi-seizes-500000-ransomware-payments.html

Deloitte expands its managed XDR platform
https://www.csoonline.com/article/3668129/deloitte-expands-its-managed-xdr-platform.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 23/07/2022

Ukraine at D+148: Spycraft, traditional and cyber.
https://thecyberwire.com/stories/83498ea4e93148a7878ff84539c9a01a/ukraine-at-d148

vSMTP : an alternative to current MTAs. Fully written in Rust, vSMTP now includes SPF and open relay filters in addition to vSL, an email scripting language that allows full traffic control.
https://www.reddit.com/r/netsec/comments/w54xm7/vsmtp_an_alternative_to_current_mtas_fully/

[Control systems] Johnson Controls security advisory (AV22-410)
https://malware.news/t/control-systems-johnson-controls-security-advisory-av22-410/62050/1

‘There’s a Recession Coming’: The Rich Rush to Offload Luxury Properties
https://www.vice.com/en_us/article/epzx5j/theres-a-recession-coming-the-tech-bloodbath-comes-for-the-luxury-housing-market

Report: Mercenary spyware exploited Google Chrome zero-day to target journalists
https://malware.news/t/report-mercenary-spyware-exploited-google-chrome-zero-day-to-target-journalists/62047/1

Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health
https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html

[Control systems] Rockwell Automation security advisory (AV22-411)
https://malware.news/t/control-systems-rockwell-automation-security-advisory-av22-411/62051/1

Defeating Javascript Obfuscation
https://www.reddit.com/r/netsec/comments/w5hpqv/defeating_javascript_obfuscation/

SonicWall fixed critical SQLi in Analytics and GMS products
https://securityaffairs.co/wordpress/133579/security/sonicwall-critical-sqli.html

Thailand's use of intercept tools. San Francisco PD’s proposed use of surveillance footage. Candiru exploits Chrome zero-day.
https://thecyberwire.com/newsletters/privacy-briefing/4/140


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 24/07/2022

Turning Open Reporting Into Detections
https://malware.news/t/turning-open-reporting-into-detections/62053/1

The people behind Chengdu 404
https://malware.news/t/the-people-behind-chengdu-404/62054/1

FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks
https://securityaffairs.co/wordpress/133587/cyber-warfare-2/fbi-seized-bitcoin-maui-ransomware.html

Here are the top phone security threats in 2022 and how to avoid them
https://malware.news/t/here-are-the-top-phone-security-threats-in-2022-and-how-to-avoid-them/62055/1

Analysis of SSH Honeypot Data with PowerBI, (Sat, Jul 23rd)
https://isc.sans.edu/diary/rss/28872

Analysis of SSH Honeypot Data with PowerBI, (Sat, Jul 23rd)
https://malware.news/t/analysis-of-ssh-honeypot-data-with-powerbi-sat-jul-23rd/62056/1

BEST GROUP ON TELEGRAM:https://t.me/letsrobthebank
https://0x00sec.org/t/best-group-on-telegram-t-me-letsrobthebank/30362

A DGA Seeded by the Bitcoin Genesis Block
https://malware.news/t/a-dga-seeded-by-the-bitcoin-genesis-block/62057/1

An informal review of CTF abuse
https://gynvael.coldwind.pl/?id=750

Update: oledump.py Version 0.0.69
https://malware.news/t/update-oledump-py-version-0-0-69/62052/1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 25/07/2022

Security Affairs newsletter Round 375 by Pierluigi Paganini
https://securityaffairs.co/wordpress/133601/breaking-news/security-affairs-newsletter-round-375-by-pierluigi-paganini.html

Video: Maldoc: non-ASCII VBA Identifiers, (Sun, Jul 24th)
https://isc.sans.edu/diary/rss/28874

PowerShell Script with Fileless Capability, (Mon, Jul 25th)
https://isc.sans.edu/diary/rss/28878

Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France
https://thehackernews.com/2022/07/roaming-mantis-financial-hackers.html

A database containing data of 5.4 million Twitter accounts available for sale
https://securityaffairs.co/wordpress/133593/data-breach/twitter-leaked-data.html

ISC Stormcast For Monday, July 25th, 2022 https://isc.sans.edu/podcastdetail.html?id=8100, (Mon, Jul 25th)
https://malware.news/t/isc-stormcast-for-monday-july-25th-2022-https-isc-sans-edu-podcastdetail-html-id-8100-mon-jul-25th/62065/1

Amadey malware spreads via software cracks laced with SmokeLoader
https://securityaffairs.co/wordpress/133617/cyber-crime/amadey-malware-spreads-smokeloader.html

ISC StormCast for Monday, July 25th, 2022
https://isc.sans.edu/podcastdetail.html?id=8100

PowerShell Script with Fileless Capability, (Mon, Jul 25th)
https://malware.news/t/powershell-script-with-fileless-capability-mon-jul-25th/62071/1

Drupal developers fixed a code execution flaw in the popular CMS
https://securityaffairs.co/wordpress/133625/security/drupal-flaws-2.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman