Top News

• Ex-Amazon worker suspected of hacking Capital One, faces charges of breaching 30 other companies to mine cryptocurrency

"At the end of July, the FBI arrested a 33-year-old woman in Seattle in connection with a massive data breach at financial services firm Capital One."

Link

TLP¹ : Green

• A very deep dive into iOS Exploit chains found in the wild

"Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere."

Link

TLP¹ : Green

• Expanding bug bounties on Google Play

"We’re constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Top PayPal Scams and Protection Tips

"This article will give you insights into the common PayPal hoaxes circulating these days. Additionally, you will learn how to keep your payment experience safe when using the popular service in question."

Link

TLP¹ : Green

• Swedish Data Protection Authority Issues First Fine Under GDPR

"On August 21, 2019, the Swedish Data Protection Authority (the “Swedish DPA”) imposed its first fine since the EU General Data Protection Regulation (“GDPR”) came into effect in May, 2018. The Swedish DPA fined a school 200,000 Swedish Kroner for creating a facial recognition program in violation of the GDPR."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Critical Cisco VM Bug Allows Remote Takeover of Routers

"A critical remote authentication-bypass vulnerability – with the highest possible severity level of 10 out of 10 on the CvSS scale – has been found in the Cisco REST API virtual service container for Cisco IOS XE Software."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• iPhone exploits in hacked websites went unnoticed for years

"Researchers from Google's Project Zero security initiative on Thursday revealed the discovery of a collection of hacked websites that for years hosted a series of exploits targeting iPhone models up to iPhone X running the current version of iOS 12. "

Link

TLP¹ : Green

• Ubuntu 4113-1: Apache HTTP Server vulnerabilities

"A security issue affects these releases of Ubuntu and its derivatives"

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• NebulousAD - Automated Credential Auditing Tool

"The -snap param will automatically snapshot Active Directory (using ntdsutil.exe), and dump the ntds.dit file as well as the SYSTEM registry hive, if you have the privledges. You can dump this manually using any variety of methods or the ntdsutil.exe tool."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Microsoft Windows PowerShell privilege escalation

"A vulnerability classified as critical was found in Microsoft Windows (Operating System) (the affected version is unknown). This vulnerability affects some unknown functionality of the component PowerShell. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability. "

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp