InfoSec News 20200109

  • Publicado: Qui, 09/01/2020 - 10:42

Top News

  • New SHA-1 Attack

"There's a new, practical, collision attack against SHA-1:"

Link

TLP1 : Green

  • SNAKE Ransomware is targeting business networks

"A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks."

Link

TLP1 : Green

  • TikTok vulnerability allowed hackers to send SMS with malware

"recently with the help of Checkpoint, the app was found to have several vulnerabilities that now have been fixed thankfully. "

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Insta-SCAM

"'Get rich quick' Instagram trader, 20, 'empties accounts of more than 1,000 investors in £3.5m fraud' - three days after UK medical student posed with Ferrari at Eiffel Tower"

Link

TLP1 : Green

  • Asia warned to brace for US-Iran cyberwar

"Although both sides have backed away for now from further military action, cryptocurrency exchanges, financial infrastructure and the supply chains of American and Saudi Arabian companies are all potential targets for Iranian-backed hackers wanting to skirt U.S. sanctions and disrupt corporate and government networks."

Link

TLP1 : Green

  • Tricky Phish Angles for Persistence, Not Passwords

"Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user's data stored in the cloud without actually stealing the account password. "

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • The Difficulty of Disclosure, Surebet247 and the Streisand Effect

". This is a post about how hard disclosure remains and how Surebet247's behaviour now has them experiencing the full blown Streisand effect."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Mozilla Patches Critical Vulnerability

"Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild."

Link

TLP1 : Green

  • Google Releases Security Updates for Chrome

"Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy

"Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then. "

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • XposedOrNot

"Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords "

Link

TLP1 : Green

1Traffic Light Protocol (TLP) [1] for information sharing:

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News