InfoSec News 20191104
Top News
-
The SER, Everis and Accenture, victims of a cyber attack that has 'hijacked' their computers
"The SER chain has suffered this morning an attack of computer virus of the ransomware type, (a program that encrypts the files of the computer and prevents access to them), which has had a "serious and widespread" affectation of all its computer systems , as reported by the station itself. Accenture and Everis also seem to have been affected."
TLP1 : Green
-
Stubborn Malware Targets QNAP NAS Hardware Specifically
"QNAP Systems says there is no known way to remove the Qsnatch malware infecting its NAS devices besides a full factory reset."
TLP1 : Green
-
Antimalware Day 2019: Building a culture of cybersecurity awareness
"First off, why Antimalware Day? How did it come to be? A brief trip into recent history will help answer these questions. On this very day 36 years ago, Fred Cohen, then a graduate student, created a proof-of-concept computer program that was capable of spreading to all users of the system and obtaining control of its data and privileges."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
China-linked APT41 group targets telecommunications companies with new backdoor
"China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals."
TLP1 : Green
-
Fraudsters Use Salary Increase Scam to Steal Employees’ Credentials
"Digital fraudsters have launched a new phishing campaign that uses a salary increase scam to trick employees into handing over their credentials."
TLP1 : Green
-
#cybersecurity | #hackerspace | NIST’s New Framework to Mitigate Privacy Risks
" Over the past few years, there has been a massive cultural and legal shift in the way consumers view and secure their personal data online that’s in line with the rise of advanced technologies like artificial intelligence "
TLP1 : Green
Breaches: Data Breaches and Hacks
-
WhatsApp privacy breach puts focus on govt’s digital security agencies
"WhatsApp, this episode has also put the spotlight on the digital security agencies of the government. Not only has it raised questions about who procured the Pegasus spyware found on these citizens’ devices, but also the Indian state’s own capacities to escalate matters of cyber security, especially when foreign operators are involved."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
First Cyberattack Spotted in Wild to Exploit Windows BlueKeep RDP Flaw
"Security researchers spotted the first mass cyberattack campaign exploiting BlueKeep RDP Flaw to install a cryptocurrency miner on the vulnerable installations."
TLP1 : Green
-
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
"A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers, and connected network devices."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Macro Pack – Automatize Obfuscation and Generation of Malicious Office Documents
"Malware delivery trends change every day. For the last few years, we have observed various hacker groups like ( APT12 to Turla ) uses various techniques to deliver malware on the system or network."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
VB2019 paper: We need to talk – opening a discussion about ethics in infosec
"Infosec is not like other jobs. We handle personal data, sensitive information, vulnerabilities that can affect thousands of computers. Our skills are sought after by the most powerful companies and governments. Yet we like to see ourselves as technologists; morally agnostic technicians who focus on solving virtual-world problems."
TLP1 : Green
-
Gosec - Golang Security Checker
" Inspects source code for security problems by scanning the Go AST. "
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.