Infosec News 20191125

  • Publicado: Seg, 25/11/2019 - 13:07

Top News

  • Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

""Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system..""

Link

TLP1 : Green

  • Cybercriminals targeting e-commerce website vulnerabilities this holiday season

""Expect unprecedented levels of online data theft this holiday season due to a lack of deployed client-side security measures.""

Link

TLP1 : Green

  • Apache Solr RCEs with public PoCs could soon be exploited

"Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other – currently without a CVE number – seems to still be unpatched."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Iran – Government blocks Internet access in response to the protests

"Iran – After the announcement of the government to cut fuel subsidies, protests erupted in the country and the authorities blocked Internet access"

Link

TLP1 : Green

  • Cyborg ransomware posing as Windows update hits PCs

"If you’ve updated your Windows today like me, this article may just end up scaring you a bit. In the latest, it has been discovered that a malicious campaign has been installing ransomware under the pretext of updating your operating system. "

Link

TLP1 : Green

  • Russia to ban sale of devices that don’t come with “Russian software”

"The Russian Government’s campaign to control how its citizens use the internet seems to be gathering steam."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • Smartphone maker OnePlus discloses data breach

"Hackers accessed some OnePlus customer data through a vulnerability in the vendor's website."

Link

TLP1 : Green

  • Over One Billion Consumers Exposed in Data Leak

"Personal information on over one billion individuals harvested by two data enrichment firms has been exposed online, according to security researchers."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Multiple Jenkins Plugins Multiple Security Vulnerabilities

"Jenkins plugins are prone to vulnerabilities"

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • The NSA Warns of TLS Inspection

"The NSA has released a security advisory warning of the dangers of TLS inspection:"

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • About Internet Anonymity, Our Life and Its Relativity

"So, you have some reason to remain anonymous on the net. You open Google, type in something like: “Basics of Internet anonymity” and get some results. One way or another, all the search results offer several basic solutions, including proxy, VPN, Tor, and I2P. These options help to form the basic level of anonymity."

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News