Top News

• D-Link router models affected by remote code execution issue that will not be fixed

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers.

https://securityaffairs.co/wordpress/92227/hacking/d-link-router-models-...

TLP¹ : Green

• Speakers Censored at AISA Conference in Melbourne

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne

https://www.schneier.com/blog/archives/2019/10/speakers_censor.html

TLP¹ : Green

• Researchers discovered a code execution flaw in NSA GHIDRA

Security researchers discovered a code-execution vulnerability that affects versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework.

https://securityaffairs.co/wordpress/92280/hacking/ghidra-code-execution...

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions

California-based software company Adobe on Monday announced to soon ban accounts and cancel the subscriptions for all of its customers in Venezuela in order to comply with economic sanctions that the United States imposed on the Latin American country.

https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html

TLP¹ : Green

• California Bans Deepfakes in Elections, Porn

A pair of laws provides recourse for victims of deepfake technology.

https://threatpost.com/california-bans-deepfakes-elections-porn/148950/

TLP¹ : Green

• Hackers found tracking web traffic of Chrome and Firefox browsers

Russian group by the handle of Turla has been attempting to track encrypted traffic of both browsers. With targets identified in Russia and Belarus; they do so by attacking the systems through a remote access trojan (RAT) which stealthily allows them to modify the browsers.

https://www.hackread.com/hackers-track-web-traffic-chrome-and-firefox-br...

TLP¹ : Green

Breaches: Data Breaches and Hacks

•  Scammer exploited ATO security lapses to access thousands of Darwin man's superannuation

The Australian Tax Office (ATO) had fallen for a scam that targeted security weaknesses through the myGov website and a 2017 federal government First Home Super Saver Scheme.

https://www.abc.net.au/news/2019-10-07/cyber-crime-nt-ato-mygov-fraud-sc...

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• McAfee Chief Scientist: Guard against ransomware or prepare to shut down

BY DEFINITION, ransomware is a piece of code or software that is designed to disrupt, damage, or gain unauthorized access to a computer — especially one in a corporate environment, with plenty of valuable data on it.

https://techwireasia.com/2019/10/mcafee-chief-scientist-guard-against-ra...

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• The European Union Military Staff visits ENISA

A delegation from the European Union Military Staff (EUMS) visited the EU Agency for Cybersecurity today for an initial discussion on how ENISA and EUMS are approaching the areas of cybersecurity exercises, support for policy development and trainings.

https://www.enisa.europa.eu/news/enisa-news/the-european-union-military-...

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Penta - Open Source All-In-One CLI Tool To Automate Pentesting

Penta is is Pentest automation tool using Python3. (Future!) It provides advanced features such as metasploit and nexpose to extract vuln info found on specific servers.

https://www.kitploit.com/2019/10/penta-open-source-all-in-one-cli-tool.html

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp