InfoSec News 20190808
Top News
-
Hackers usaram endereço do ISCTE para lançar ataque de phishing contra alunos
"Especialistas da CyberS3c detetaram uma campanha de phishing direcionada a alunos do ISCTE-IUL. O endereço usado na campanha leva a crer que foram usadas técnicas de spoofing. ISCTE nega que os sistemas tenham sido alvo de intrusão."
TLP1 : Green
-
WhatsApp flaw allows hackers to manipulate messages
"New vulnerabilities found in messaging app WhatsApp can be used by hackers to manipulate and intercept messages between users, a cybersecurity firm found."
TLP1 : Green
-
Black Hat 2019: 5G Security Flaw Allows MiTM, Targeted Attacks
"Academic researchers carry out attacks on high-end commercial devices as well as narrowband IoT sensors."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
AT&T workers bribed to install malware on company network and unlock iPhones
"The US government has extradited 34-year-old Muhammad Fahd from Hong Kong, and charged him for his part in a criminal scheme that is said to have cost AT&T millions of dollars."
TLP1 : Green
-
Kazakhstan halts introduction of internet surveillance system
"Kazakhstan has halted the implementation of an internet surveillance system criticised by lawyers as illegal, with the government describing its initial rollout as a test."
TLP1 : Green
-
Fraudster stole $870,000 from 2 US universities with spear-phishing mails
"A crook involved in a spear phishing scheme and that was in Kenya is facing up to 20 years in the US federal prison for stealing thousands of dollars from US universities."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Genki Sushi Singapore fined after employee data compromised in ransomware attack
"Sushi chain Genki Sushi has been fined S$16,000 for breaching the Personal Data Protection Act, after failing to secure the personal data of current and former employees."
TLP1 : Green
-
Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer
"Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC (Know Your Customer) data of thousands of its customers."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
"It turns out that Microsoft silently patched this vulnerability (CVE-2019-0887) just last month as part of its July Patch Tuesday updates after Eyal Itkin, security researcher at CheckPoint, found the same issue affecting Microsoft's Hyper-V technology as well."
TLP1 : Green
-
IBM's Warshipping Attacks Wi-Fi Networks From Afar
"You've heard about wardriving, but what about warshipping? Researchers at IBM X-Force Red have detailed a new tactic that they say can break into victims' Wi-Fi networks from far."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
The Fully Remote Attack Surface of the iPhone
"While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well as the underlying attack surface they occur in. I investigated the remote, interaction-less attack surface of the iPhone, and found several serious vulnerabilities."
TLP1 : Green
-
Varenyky: Spambot à la Française
"ESET researchers document malware-distributing spam campaigns targeting people in France"
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.