Top News

• Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

"Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices."

Link

TLP¹ : Green

• US cyberattack temporarily paralyzed the ability of Iran to target oil tankers in the Gulf

"The United States cyber army carried out a cyberattack in June on a database used by Iran’s Islamic Revolutionary Guard Corps to plot attacks on oil tankers in the Gulf."

Link

TLP¹ : Green

• The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

"Journalists revealed the role of a mole recruited by the Dutch intelligence in the US-Israeli Stuxnet attack on the Natanz plant in Iran."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Teenage Hackers Wanted: Could Your Kid Be The Next £20M Cybersecurity Superhero?

"Shivam Subudhi is 15 and lives in London. Three years ago, he was so inspired by the movies he was watching that featured hackers, he coded a simple port scanner revealing network doors that might let a hacker enter uninvited."

Link

TLP¹ : Green

• Google cracks the code, reveals how an 'implant' allowed access to your iPhone's WhatsApp & iMessage chats

"The implant was primarily focused on stealing files and uploading live location data."

Link

TLP¹ : Green

• The biggest cybersecurity risks in the financial services industry

"A new study reveals some important findings for companies in the financial services industry when it comes to cybersecurity."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• China’s Social Credit System Raises Data Security Fears

"A new system of social and corporate control in China raises serious new data security risks for multi-national foreign firms operating in the country, according to a new report from the EU Chamber of Commerce in China."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Barq - The AWS Cloud Post Exploitation Framework!

"Barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS."

Link

TLP¹ : Green

• Wordlister - A Simple Wordlist Generator And Mangler Written In Python

"A simple wordlist generator and mangler written in python. It makes use of python multiprocessing capabilities in order to speed up his job (CPU intensive)."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• It will soon be possible to pay by Swish abroad

"Swedish cashless app Swish is teaming up with six other companies to form a European network of mobile payment solutions."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• WordPress sites are being backdoored with rogue admin users

"Lock up your WordPress – a recent malvertising campaign targeting vulnerable plugins is now trying to backdoor sites by creating rogue admin accounts"

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp