InfoSec News 20190724
Top News
-
Fake FaceApp Found Delivering MobiDash Adware to Push Unwanted Ads
"According to a report by Kaspersky, around 500 unique users have encountered the problem within the last 48 hours.""
TLP1 : Green
-
Attackers abuse XSS vulnerability in WordPress plugin to display malverts
"The XSS flaw allows an attacker to inject JavaScript or HTML code into the blog front-end of WordPress sites running the ‘Coming Soon Page & Maintenance Mode’ plugin version 1.7.8 or below.#34;
TLP1 : Green
-
Cybercrime gang adds new tactics to credit card data-stealing campaign
"A hacking operation has deployed new malware in the latest evolution of its campaign to make money by stealing credit card data"
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Citrix Confirms Password-Spraying Heist of Reams of Internal IP
" Security experts say the attack stemmed from weak cybersecurity controls. Digital workspace and enterprise networks vendor Citrix has concluded its investigation into a 6TB data heist in March, which it said was the work of international cybercriminals who exploited weak passwords on an internal network.#34;
TLP1 : Green
-
Anonymous’ data might not be so anonymous, study shows
"We’ve all done it: When signing up for an account online, we’ve clicked “I agree” to have our data sold to third parties. It will be anonymized, we’re assured, and only a small percentage of data will be made available to others.."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
As Authoritarian Governments Surveil the Internet, Open Source Projects Decide How to Respond
"Kazakhstan is telling citizens to download a cryptographic certificate, letting authorities monitor their traffic. Mozilla and Wikimedia are discussing how to respond from afar."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Windows zero-days don't usually work against the latest OS version
"Attacks using zero-days are rarely effective against the most recent versions of Windows, according to Matt Miller, a security engineer with the Microsoft Security Response Center."
TLP1 : Green
-
Flaws in widely used corporate VPNs put company secrets at risk
"Researchers have found several security flaws in popular corporate VPNs which they say can be used to silently break into company networks and steal business secrets."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Inside the MSRC – Customer-centric incident response
"Colombia orders Uber to improve data security after 2016 breach"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Cybercrime gang adds new tactics to credit card data-stealing campaign
"FIN8 is distributing new malware as part of its ongoing goal of stealing and selling payment information from customers of retailers and the hospitality sector."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.