Top News

• Voice Phishing Scams Are Getting More Clever

“Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).”

https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/

TLP¹ : Green

• How to Safeguard Against APT Attacks

“The term “advanced persistent threat” (APT) describes a continuous series of persistent, covert cyber attacks that target specific business or political organizations.”

https://securityboulevard.com/2018/10/how-to-safeguard-against-apt-attacks/

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Free buyer’s guide to evaluating fraud detection & prevention tools

“Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!”

https://www.grahamcluley.com/feed-sponsor-onespan-3/

TLP¹ : Green

• Could Your Organisation’s Servers Be A Botnet?

“Most organisations are aware that they could be the target of a DDoS attack and have deployed protection to keep their public-facing services online in the face of such attacks. However, far fewer have thought about the potential for their servers to be harnessed for use in a botnet that conducts DDoS attacks.”

https://threatbrief.com/could-your-organisations-servers-be-a-botnet/

TLP¹ : Green

Breaches: Data Breaches and Hacks

• More on the Five Eyes Statement on Encryption and Backdoors

“Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. (Short summary: they like them.) One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a consortium of intelligence agencies.”

https://www.schneier.com/blog/archives/2018/10/more_on_the_fiv.html

TLP¹ : Green

• Tesco Bank FCA fine proves its not just the ICO that will fine companies for security breaches, say lawyers

“Organisations will increasingly face heavy fines from multiple authorities for security breaches, lawyers at London law firm Fieldfisher have warned.”

https://www.computing.co.uk/ctg/news/3063725/tesco-bank-fca-fine-proves-its-not-just-the-ico-that-will-fine-companies-for-security-breaches-say-lawyers

TLP¹ : Green

Vulnerabilities: Vulnerability Advsisories, Zero-Days,Patches and Exploits

• Adobe security updates for Acrobat fix 86 Vulnerabilities, 46 rated as critical

“Adobe has released security updates to address 86 vulnerabilities affecting Mac and Windows version of Adobe Acrobat and Adobe Reader. The security updates fix 47 vulnerabilities classified as ‘critical’ and 39 flaws classified as ‘important’.”

https://securityaffairs.co/wordpress/76746/security/adobe-acrobat-security-updates.html

TLP¹ : Green

• wordpress-mobile-pack Plugin up to 2.1.2 on WordPress JSON export/content.php information disclosure

“A vulnerability was found in wordpress-mobile-pack Plugin up to 2.1.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file export/content.php of the component JSON Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. As an impact it is known to affect confidentiality.”

https://vuldb.com/?id.124639

TLP¹ : Green

• Martem TELEM GW6-GWM prior 2.0.87-4018403-k4 RTU Default Credentials weak authentication

“A vulnerability classified as critical has been found in Martem TELEM GW6-GWM. This affects an unknown function of the component RTU. The manipulation with an unknown input leads to a weak authentication vulnerability (Default Credentials). CWE is classifying the issue as CWE-798. This is going to have an impact on confidentiality, integrity, and availability.”

https://vuldb.com/?id.124641

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers

“Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites.”

https://securityaffairs.co/wordpress/76727/malware/ghostdns-malware-campaign.html

TLP¹ : Green

• Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]

“A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls (or Unstable UDP Environment). Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer.”

https://www.kitploit.com/2018/09/udp2raw-tunnel-udp-tunnel-which-tunnels.html

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Dark Web Azorult Generator Offers Free Binaries to Cybercrooks

“A malicious build-it-yourself platform for the Azorult info-stealing malware has debuted on the Dark Web. The online builder, which its authors have named Gazorp, allows cybercriminals to generate their very own strains of Azorult, along with the apparatus to control it. And, it’s free.”

https://threatbrief.com/dark-web-azorult-generator-offers-free-binaries-to-cybercrooks/

TLP¹ : Green

• ATM wiretapping is on the rise, Secret Service warns

“The US Secret Service has issued a warning to banks due to a recent surge in incidents of ATM wiretapping. According to a copy of the notice secured by Krebs on Security, the non-public alert states that multiple reports have been received relating to the ATM hacking tactic.”

https://threatbrief.com/atm-wiretapping-is-on-the-rise-secret-service-warns/

TLP¹ : Green

• Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

“Lenovo is warning of nine vulnerabilities rated “high” and impacting 20 separate network attached storage (NAS) devices sold by the company, including its LenovoEMC, Iomega and its Lenovo-branded  NAS devices.”

https://threatpost.com/nine-nas-bugs-open-lenovoemc-iomega-devices-to-attack/137829/

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp