Top News

• Pwn2Own Tokyo 2019 -Day2: experts hacked Samsung Galaxy S10 and Xiaomi Mi9 phones and TP-Link AC1750 routers

"Four out of seven hacking attempts scheduled for day two were a success. The security duo Amat Cama and Richard Zhu of the Fluoroacetate team earned $50,000 for pushing an arbitrary file onto a Samsung Galaxy S10. The experts tricked the device into connecting to their rogue base station that triggered a stack overflow."

Link

TLP¹ : Green

• Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

" It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat. "

Link

TLP¹ : Green

• Amazon Kindle, Embedded Devices Open to Code-Execution

"Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• VB2019 paper: DNS on fire

"The DNSpionage [1] and Sea Turtle [2] campaigns show just how important DNS can be to attackers and how the abuse and manipulation of DNS can lead to success for the attackers. Each of these campaigns has a very specific focus and they demonstrate the determination of state-sponsored actors to ensure their operations are successful. Organizations and governments alike need to work together to establish a set of rules and potential punishments around the targeting of DNS and to cooperate in pursuing actors that irresponsibly target this system."

Link

TLP¹ : Green

• Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

"Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes."

Link

TLP¹ : Green

• Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

"Domain fraud is a widespread problem for organizations of all sizes. The practice begins with the purchase of a domain by a cybercriminal that closely resembles the genuine web and email domain of an organization they wish to impersonate, and then using that to conduct multiple forms of fraud."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• DNA-testing startup Veritas Genetics disclosed a security breach

"DNA-testing startup Veritas Genetics disclosed a security breach that exposed customer information, but genetic information, health records are not affected."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• CVE-2019-15005 Detail

"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check."

Link

TLP¹ : Green

• CVE-2019-18835 Detail

"Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Network traffic analysis for incident response (IR): What incident responders should know about networking

"Incident response involves responding to security breaches and handling them in a manner that contains the damage and eradicates the primary cause of the incident."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• EyeWitness - Tool To Take Screenshots Of Websites, Provide Some Server Header Info, And Identify Default Credentials If Possible

"EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp