Infosec News 20191209

  • Publicado: Seg, 09/12/2019 - 13:30

Top News

  • Top 5 cybersecurity predictions for 2020

"When it comes to cybersecurity, staying ahead of threats – rather than reacting to them – is critical. In a constantly evolving threat landscape, plugging holes – or designing one’s security posture for yesterday’s threats – just isn’t enough anymore. "

Link

TLP1 : Green

  • Indian Telecom App Exposed Data Of 320 Million Users, Thanks To A Bug

"A security bug in the Airtel Mobile app, the official app of India’s telecom giant Bharti Airtel, exposed the personal information of millions of users, according to reports.""

Link

TLP1 : Green

  • Two malicious Python libraries were stealing SSH and GPG keys

"The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers"

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • US authorities charged Dridex gang members for stealing over $100 Million

"US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. "

Link

TLP1 : Green

  • Real Life Director of Evil Corp Indicted for 10-Year Cybercrime Spree

"US and UK authorities have indicted the leader of a notorious cybercrime gang that stole $70m from bank accounts around the world using malware.."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks

"Alleged Vietnamese Ocean Lotus (APT32) hackers breached the networks of the car manufacturers BMW and Hyundai to steal automotive trade secrets."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Amazon Battles Leaky S3 Buckets with a New Security Tool

"Anyone who has been following security trends in recent years cannot fail to have noticed the preponderance of data breaches which have stemmed from unsecured Amazon S3 bucket "

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • Red Team Engagement Guide: How an Organization Should React

"A lengthy Red Team engagement is coming. What should the defense do if they catch the offense? Reimage systems? Notify and allow? What is the course of action that allows the engagement to proceed and deliver maximum value to the organization? These can be difficult questions to answer, "

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • Ngrev - Tool For Reverse Engineering Of Angular Applications

"Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. "

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News