Top News

• Stantinko botnet adds cryptomining to its pool of criminal activities

"ESET researchers have discovered that the criminals behind the Stantinko botnet are distributing a cryptomining module to the computers they control"

Link

TLP¹ : Green

• Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

"Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim."

Link

TLP¹ : Green

• Nursing Home Patients at Risk After Ransomware Attack

"An IT services company has been hit with a $14 million ransom demand after suffering a major infection which could impact crucial patient care at many of its US nursing home clients, according to reports."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Russia's 2016 Election Meddling Was a 'Well-Choreographed Military Operation,' Former FBI Counterintelligence Expert Says

"A former FBI expert in counterintelligence and cyberwarfare has warned that Russia's meddling in the 2016 election was not a one-off, and that Moscow's dedicated network of operatives never stopped their malign activities after President Donald Trump's victory"

Link

TLP¹ : Green

• TrickBot Evolves to Go After SSH Keys

"The TrickBot info-stealing malware has updated its password grabber to target data from OpenSSH and OpenVPN applications."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• The overlooked part of an infosec strategy: Cyber insurance underwriting

   

" When a data breach or cyber attack hits the headlines one of the last things businesses are likely to consider is how cyber insurance could helped. "

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability

"A vulnerability, which was classified as very critical, was found in Oracle Healthcare Master Person Index 4.x (Medical Device Software). Affected is an unknown functionality of the component Apache Groovy. CWE is classifying the issue as CWE-502. "

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• DEEP DIVE: EFF to DHS: Stop Mass Collection of Social Media Information

"The Department of Homeland Security (DHS) recently released a proposed rule expanding the agency’s collection of social media information on key visa forms and immigration applications."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Some Fortinet products used hardcoded keys and weak encryption for communications

"Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp