Infosec News 20191205

  • Publicado: Qui, 05/12/2019 - 08:33

Top News

  • Website of gunmaker Smith & Wesson hit by a Magecart attack

"The US Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer."

Link

TLP1 : Green

  • 3 arrested, 30,000+ piracy sites shut down in global operation IOSX

"Today, Europol announced that over 30,000 (30,506 to be precise) domain names have been taken down for selling pirated services/products including “counterfeit pharmaceuticals and pirated movies, illegal television streaming, music, software, electronics, and other bogus products.” ""

Link

TLP1 : Green

  • Are Passwords Now Passé?

"Originated at the Massachusetts Institute of Technology in 1961, passwords have long been a central component of digital security. But in the nearly 60 years since they were first implemented as a standard safeguard, technological advancements and societal changes have exposed this once-stalwart defense mechanism‘s vulnerabilities."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Iran-Linked APT groups target energy, industrial sectors with ZeroCleare Wiper

"Experts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East."

Link

TLP1 : Green

  • RMIT to tackle cyber security challenges

"The CIC is part of a global network of centres spearheaded by cloud supplier Amazon Web Services (AWS) to drive innovation in the public sector, through collaborations with universities including Arizona State University and Swinburne University of Technology in Melbourne."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • This Smartwatch is exposing real-time location data of thousands of kids

"Recently, it has been discovered that SMA-WATCH-M2, a smartwatch featuring a GPS tracker manufactured by a Chinese firm named Shenzhen Smart Care Technology has been found vulnerable in terms of data and location data and location security"

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • The Future of Texting Is Far Too Easy to Hack

"Ask practically any phone carrier, and they'll tell you that the future of smartphone features from texting to video calls is a protocol called Rich Communication Services. Think of RCS as the successor to SMS, an answer to iMessage that can also handle phone and video calls "

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • APT review: what the world’s threat actors got up to in 2019

"What were the most interesting developments in terms of APT activity during the year and what can we learn from them?"

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • Mozilla Releases Security Updates for Firefox and Firefox ESR

"Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system."

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News