Top News

• Network Solutions data breach – hacker accessed data of more 22 Million accounts

"Network Solutions, one of the world’s biggest domain registrars, disclosed a data breach that impacted 22 million accounts."

Link

TLP¹ : Green

• Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

"Two grey hat hackers have pleaded guilty to blackmailing Uber, LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Hackers Target Indian Nuclear Power Plant – Everything We Know So Far

"Due to some experts commentary on social media even after lack of information about the event and overreactions by many, the incident received factually incorrect coverage widely suggesting a piece of malware has compromised "mission-critical systems" at the Kudankulam Nuclear Power Plant."

Link

TLP¹ : Green

• Cybercriminals using custom phishing tools to target the world’s largest tech brands

"Cybercriminals are using enterprise-based development and deployment strategies, such as phishing as a service (PaaS), to leverage some of the world’s largest tech brands, with 42.63% of domains observed targeting Microsoft, PayPal, DHL, and Dropbox, according to Akamai."

Link

TLP¹ : Green

• City of Johannesburg, on Second Hit, Refuses to Pay Ransom

"A Shadow Kill Hackers attack that compromised the city’s network and shut down key services was the second ransom-related attack on the city in months."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Murky Details Surround Bed, Bath and Beyond Breach

"The housewares giant disclosed a breach with few details– but security researchers have some theories."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Apple macOS Multiple Security Vulnerabilities

"Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, obtain sensitive information or cause denial-of-service conditions."

Link

TLP¹ : Green

• Autonomy and the Death of CVEs? IS the Manual Process of Reporting Bugs Holding Back the Advent of Automated Tools?

"How many potholes did you encounter on your way into work today? How many of them did you report to the city? Vulnerability reporting works much the same way. Developers find bugs – and vulnerabilities – and don’t always report them. Unfortunately, the manual process to diagnose and report each one is a deterrent. That manual process is holding automated tools back."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Incident Response Ransomware Series – Part 2

"In part one of this blog post series, we provided an introduction into what ransomware is and how it works. We also provided examples of different types of ransomware, variation of ransomware tactics, and identified that ransomware delivery is traditionally accompanied by other malware to assist in lateral movement and deployment. If you haven’t had a chance to read the first part of this series, take a few minutes to get caught up and then jump back into part two where I will cover ransomware attack vectors, ransomware threat reduction, and ransomware detection and protection."

Link

TLP¹ : Green

• How PR Teams Can Prepare for Data Breach Risks With Incident Response Planning

"If you work in incident response, you’ll recognize this scenario all too well: It’s Friday night and you just started the book you’ve been keen on reading for a couple of weeks when suddenly, you hear your beeper buzzing."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Cloud Storage Acquisition from Endpoint Devices

"Over the past several years, multiple tools have been released to enable API-based collection of cloud storage data. While this is an important capability, it has the often fatal liability that API-based collections require valid user credentials (and multi-factor authentication). An often overlooked area of cloud forensics is data and metadata stored on the local device. Unsurprisingly, endpoints which have synchronized to a cloud storage service may contain a wealth of information relevant to an investigation."

Link

TLP¹ : Green

•  Pockint - A Portable OSINT Swiss Army Knife For DFIR/OSINT Professionals 

"POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried within USBs or investigation VMs), it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box accepts typical indicators (URL, IP, MD5) and gives users the ability to perform basic OSINT data mining tasks in an iterable manner."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp