InfoSec News 20191010
Top News
-
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
"A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app."
TLP1 : Green
-
You Gave Your Phone Number to Twitter for Security and Twitter Used it for Ads
"After exposing private tweets, plaintext passwords, and personal information for hundreds of thousands of its users, here is a new security blunder social networking company Twitter admitted today."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Hackers compromised Volusion infrastructure to siphon card details from thousands of sites
"Hackers have compromised the infrastructure of Volusion and are distributing malicious software skimmers to steal payment card data provided by users."
TLP1 : Green
-
Apple bans app that warns Hong Kong citizens about police activity, again
"Apple has banned HKmap.live — a Waze-like crowdsourced maps app used by protestors in Hong Kong to track police movements in the city state — merely days after approving it."
TLP1 : Green
-
Ransomware victim hacks attacker, turning the tables by stealing decryption keys
"Normally it works like this. Someone gets infected by ransomware, and then they pay the ransom. The victim then licks their wounds and hopefully learns something from the experience. And that’s what happened to Tobias Frömel, a German developer and web designer who found himself paying a Bitcoin ransom of 670 Euros (US $735) after his QNAP NAS drive was hit by the Muhstik ransomware. However, Frömel didn’t just put down the whole unpleasant episode to experience, vow to better protect his devices and employ a more reliable backup regime in future."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Aligning the Capital One breach with the CSA Cloud Penetration Testing Playbook
"In March 2019, Capital One suffered a unique cloud breach. 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed, along with some 1 million Canadian Social Insurance Numbers. It isn’t the numbers that make the breach special and worth learning about."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
October Patch Tuesday: Microsoft fixes critical remote desktop bug
"Microsoft fixed 59 vulnerabilities in October’s Patch Tuesday, including several critical remote code execution (RCE) flaws."
TLP1 : Green
-
Android Security Bulletin—October 2019
"The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-10-06 or later address all of these issues. To learn how to check a device's security patch level, see Check & update your Android version."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Ispy - Eternalblue (MS17-010) / Bluekeep (CVE-2019-0708) Scanner And Exploit
" ispy : Eternalblue(ms17-010)/Bluekeep(CVE-2019-0708) Scanner and exploiter ( Metasploit automation )"
TLP1 : Green
-
Zeek - A Powerful Network Analysis Framework That Is Much Different From The Typical IDS You May Know
"A powerful framework for network traffic analysis and security monitoring."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.