InfoSec News 20191030
Top News
-
DNS over HTTPS Will Give You Back Privacy that Big ISPs Fought to Take Away
"An absurd thing is happening in the halls of Congress. Major ISPs such as Comcast, AT&T, and Verizon are banging on the doors of legislators to stop the deployment of DNS over HTTPS (DoH), a technology that will give users one of the biggest upgrades to their Internet privacy and security since the proliferation of HTTPS."
TLP1 : Green
-
Facebook Faces Another Congressional Grilling
"Facebook chief executive Mark Zuckerberg was called back to Capitol Hill to speak about the company’s impact on the financial and housing sectors—particularly in light of its proposal to launch a cryptocurrency wallet, Calibra, and its involvement in the creation of the Libra cryptocurrency."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies
"WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists."
TLP1 : Green
-
Uber sues LA in bid to protect scooter riders’ geolocation data
"Los Angeles wants to know exactly when you hop on an Uber scooter or bike, when you hop off, and where you go, promising that such location data is “respectful of user privacy” because it’s not asking for personally identifiable information (PII) about users – well, at least not directly."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Data breach causes 10 percent of small businesses to shutter
"Data breaches hitting massive entities like Equifax, Facebook and Target grab headlines, but the impact on small businesses is just as severe with attacks causing bankruptcy or even forcing a firm to shutter its doors."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
"Malicious app hides itself, downloads other threats, displays ads, and is mainly targeting users in India, U.S., and Russia."
TLP1 : Green
-
New Adwind Variant Targets Windows, Chromium Credentials
"A new version of the typically platform-agnostic Adwind trojan has been spotted targeting Windows applications and systems and Chromium-based browsers."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Ransomware, Phishing, and Supply Chain the Most Significant Threats to UK Businesses
"Trend analysis is an important topic within threat intelligence. It lets us forecast where things are headed; whether they’re getting better, worse or different; and where we should be focusing our precious budgets. The UK’s National Cyber Security Centre (NCSC) recently released the Incident trends report (October 2018 – April 2019). This highlights some of the trends seen across various UK government entities, organizations and sectors."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
DNS Encryption Explained
"The Domain Name System (DNS) is the address book of the Internet. When you visit cloudflare.com or any other site, your browser will ask a DNS resolver for the IP address where the website can be found. Unfortunately, these DNS queries and answers are typically unprotected. Encrypting DNS would improve user privacy and security. In this post, we will look at two mechanisms for encrypting DNS, known as DNS over TLS (DoT) and DNS over HTTPS (DoH), and explain how they work."
TLP1 : Green
-
XORpass - Encoder To Bypass WAF Filters Using XOR Operations
"XORpass - Encoder To Bypass WAF Filters Using XOR Operations "
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.