Top News

• CEO ‘Deep Fake’ Swindles Company Out of $243K

"Cybercrooks successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive’s voice, according to a report."

Link

TLP¹ : Green

• Chinese tech firm Huawei says it was hacked by the United States

"Things have got even hotter in the bun-fight between Chinese technology giant and the United States."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• This start-up lets cryptocurrency firms know when terrorists are trying to raise money

"When Hamas was trying to raise bitcoin by funneling it through a number of digital wallets, one start-up was able to see what was going on and warn its customers."

Link

TLP¹ : Green

• New Bedford City in Massachusetts offers $400,000 Ransomware payment

"A US city named New Bedford located in Massachusetts, US has reportedly become a victim of a ransomware attack in July this year. Although this incident happened almost two months ago, Jon Mitchell, the Mayor of New Bedford decided to reveal the details through a press conference on Wednesday this week."

Link

Breaches: Data Breaches and Hacks

• A huge database of Facebook users’ phone numbers found online

"Hundreds of millions of phone numbers linked to Facebook accounts have been found online."

Link

TLP¹ : Green

• Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers

"International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

"The zero-day vulnerability could enable privilege escalation, and is not part of Google’s Android September security update."

Link

TLP¹ : Green

• Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

"Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• SOC Second Defense Phase – Understanding the Cyber Threat Profiles

"In the first phase of architecturing the SOC, we have seen the basic level understanding of the attacks and necessary steps to breaking the Attack Chain. Let’s move on to the phases of SOC and advanced level of protecting the organization from various Threat Profiles."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Btlejack - Bluetooth Low Energy Swiss-army Knife

"Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware."

Link

TLP¹ : Green

• mpDNS - Multi-Purpose DNS Server

"Simple, configurable "clone & run" DNS Server with multiple useful features."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp