Top News

• A critical flaw in Jetpack exposes millions of WordPress

"A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1.."

Link

TLP¹ : Green

• Roboto, a new P2P botnet targets Linux Webmin servers

"Researchers at 360Netlab discovered a new P2P botnet, tracked as Roboto, that is targeting Linux servers running unpatched installations of Webmin installs.."

Link

TLP¹ : Green

• New Fake UPS Malware Email Campaign

"We have detected evidence of a malware distribution campaign using messages masquerading as UPS delivery notification emails.."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Ransomware: A free tool can decrypt this malware variant that puts a ransom note on your desktop wallpaper

"A security company has released a decryption tool for a new ransomware variant which places its ransom demand over the PC's desktop wallpaper."

Link

TLP¹ : Green

• Twitter just fixed a major problem with its security settings

"That's because the company is finally, finally fixing a major issue with its two-factor authentication security settings.."

Link

TLP¹ : Green

• Google will pay up to $1.5m for full chain RCE for Android on Titan M chips

"At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• AccorHotels subsidiary Gekko Group exposes hotels and travelers data in massive data leak

"Gekko Group is a leading European B2B hotel booking platform that also owns smaller hospitality brands, including Teldar Travel & Infinite Hotel. ”"

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• "Podcast: The Cybersecurity Blanket”

"While you’re browsing the web, reading news articles, scrolling through Facebook, checking your bank account or logging into your company’s system, there’s always a looming threat that could compromise your personal information.."

Link

TLP¹ : Green

• 5 Buffer Overflow Vulnerabilities in Popular Apps

"The 2019 CWE Top 25 Most Dangerous Software Errors lists improper restriction of operations within the bounds of a memory buffer as the most critical weakness that leads to a dangerous vulnerability"

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• IBM offers Cybersecurity Tool for Multi and Hybrid cloud environments

"IBM has announced a new tool dubbed Cloud Pak for multi and hybrid cloud environments"

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Top 10 anti-malware solutions by market share

"Interested in knowing the market share occupied by anti-malware vendors…? Then OPSWAT is the company that helps collect such data and publishes monthly market share reports for the Windows anti-malware market solutions.."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp