InfoSec News 20191107
Top News
-
Recebeu uma SMS do Cartão Continente mencionando um "sorteio de novembro"? Apague-a
"Não há prémios para quem recebe estas mensagens, apenas para quem as envia. Piratas usam mensagens do Continente para roubar dados pessoais"
TLP1 : Green
-
Facebook discloses a new leak that exposes group members’ data
"Facebook disclosed a new security incident, the social network giant admitted that app developers may have accessed its group users’ data."
TLP1 : Green
-
You’ve Been Served…with Subpoena-Themed Phishing Emails
"A targeted campaign is delivering an information-stealing malware called Predator the Thief."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
FTC Takes Action Against Stalkerware Company Retina-X
"The FTC recently took action against stalkerware developer Retina-X, the company behind apps Flexispy, PhoneSheriff, and Teenspy. The FTC settlement bars Retina-X from distributing its mobile apps until it can adequately secure user information and ensure its apps will only be used for “legitimate purposes.” But here’s the problem: there are simply no legitimate purposes for secret stalking apps."
TLP1 : Green
-
Mozilla says ISPs are lying to Congress about encrypted DNS
"Mozilla on Friday posted a letter urging Congress to take the broadband industry’s lobbying against encrypted DNS within Firefox and Chrome with a grain of salt – they’re dropping “factual inaccuracies” about “a plan that doesn’t exist,” it says."
TLP1 : Green
-
Two Former Twitter Employees Caught Spying On Users For Saudi Arabia
"Two former employees of Twitter have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government, likely with the purpose of unmasking the identity of dissidents."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
California DMV data breach exposes thousands of drivers’ Social Security information
"Already besieged by problems including long wait times, the California Department of Motor Vehicles on Tuesday said it suffered a data breach in which federal agencies, including the U.S. Department of Homeland Security, had improper access to the Social Security information of 3,200 people issued driver’s licenses."
TLP1 : Green
-
This is the impact of a data breach on enterprise share prices
"Wall Street does not take cybersecurity incidents kindly, it seems."
TLP1 : Green
-
New Website Mocks Excuses Given by Breached Companies
"The excuses made by companies that have suffered a data breach are being parodied online by a new website, whose creator is unknown."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD
"A compression library included by default in Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD, and NetBSD distros, contains a vulnerability that can allow hackers to execute code on user machines."
TLP1 : Green
-
Cisco: All these routers have the same embedded crypto keys, so update firmware
"Cisco removes static encryption keys that were shared across its small-business routers."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Measure and Improve the Maturity of Your Incident Response Team
"Incident response and management requires continual growth. Your team will not become proficient overnight, and acquiring knowledge, expertise and maturity takes time, effort, training and a lot of practice. It’s also not a single milestone that you reach and then rest on your laurels. As attackers continue to apply innovative techniques and use new tools, it’s necessary to lay out a development plan to keep up with the ever-evolving threat landscape."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
"A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.