InfoSec News 20190902
Top News
-
Twitter account of Jack Dorsey, Twitter CEO and co-founder, has been hacked
"Hackers compromised the Twitter account of Jack Dorsey, CEO at Twitter, and published and retweeted offensive and racist messages."
TLP1 : Green
-
Facebook: ‘Technical error’ let strangers into Messenger Kids chats
"We are “disturbed” to learn that thousands of children using Facebook’s Messenger Kids chat app were able to join group chats with strangers, senators told Facebook earlier this month."
TLP1 : Green
-
Google warns of system-controlling Chrome bug
"Google is patching a serious bug in the desktop version of its Chrome browser that could let an attacker take over a computer simply by luring users to a website."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Five Concerns about Amazon Ring’s Deals with Police
"More than 400 police departments across the country have partnered with Ring, tech giant Amazon’s “smart” doorbell program, to create a troubling new video surveillance system."
TLP1 : Green
-
Sextortion phishing emails trying to blackmail people are on the rise
"Over the last few months, millions of threatening emails have been distributed to users from all over the world. Starting with Germany, through the UK and mainly in the USA and Canada, anonymous cybercriminals have been targeting predominantly westerners with phishing emails."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Ransomware Bites Dental Data Backup Firm
"PerCSoft, a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Coin-mining malware jumps from Arm IoT gear to Intel servers
"Cryptocurrency crooks look to siphon cycles from enterprise kit"
TLP1 : Green
-
Critical 'Backdoor Attack' Warning Issued For 60 Million WordPress Users
"In a warning posted to the WordFence security blog on August 30, Veenstra revealed that a malicious JavaScript dropped into compromised websites looks to "create a new user with administrator privileges on the victim’s site." If a logged-in administrator is identified as viewing the infected page, it then goes on to make an AJAX call via jQuery, one that creates a rogue administrator account."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Over 50% of incident response requests occur after damage complete
"Around 56% of Incident Response (IR) requests processed by Kaspersky security experts in 2018 happened after the affected organisation experienced an attack that had visible consequences such as unauthorised money transfers, workstations encrypted by ransomware and service unavailability."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF
"Toolkit to detect and keep track on Blind XSS, XXE & SSRF."
TLP1 : Green
-
0xsp Mongoose v1.7 - Linux/Windows Privilege Escalation intelligent Enumeration Toolkit
"Using 0xsp mongoose you will be able to scan targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.