Está aqui

InfoSec News 20200227

Publicado: Qui, 27/02/2020 - 11:29

Top News

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

"The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others."

Link

TLP¹ : Green

HackerOne rewards bughunter who found critical security hole

"A researcher using the handle msdian7 was given an $8,500 payout for discovering and reporting how an attacker could game the project invite feature on the site to view the hidden email addresses of other users."

Link

TLP¹ : Green

Empty Promises Won’t Save the .ORG Takeover

"The Internet Society’s (ISOC) November announcement that it intended to sell the Public Interest Registry (PIR, the organization that oversees the .ORG domain name registry) to a private equity firm sent shockwaves through the global NGO sector."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

Lift the DDoS Smokescreen: Investigate Underlying Attacks

"The sophistication of cybercriminals and the attraction of the “Black Hat” cyberspace have grown dramatically over the years. In the past, cyber assaults were carried out mostly by amateurs, motivated by boredom or plain curiosity."

Link

TLP¹ : Green

Apple’s iOS pasteboard leaks location data to spy apps

"To most iOS users, pasteboard is simply part of the way to copy and paste data from one place to another."

Link

TLP¹ : Green

21 Cybersecurity Trends Experts are Diligently Watching in 2020

"As the internet continues to evolve, so do the ways consumer and business data can be manipulated. For tech businesses operating in big data, it is up to cybersecurity professionals to stay ahead of cybersecurity trends in order to prevent attacks."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

Redcar council IT hack confirmed as ransomware attack

"A council has admitted its IT service was targeted by hackers, who scrambled files and made a demand for money."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

NSA Releases Cloud Vulnerability Guidance

"The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing."

Link

TLP¹ : Green

Web Owners Ignore Alerts as Magecart Hits 40 More Sites

"A notorious group behind digital skimming attacks has upped its game recently, infecting at least 40 new websites, according to researchers."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Want fast DFIR results? Learn how with the EZ Tools command-line poster

"Forensics investigators and incident responders may lean toward graphical user interface (GUI) tools that present interactive and graphical representations of data, especially if they don’t have years of experience under their belts. But don’t rule out command line interface (CLI) tools, just because they seem more complex and require some knowledge of commands."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

"We identified suspicious code on the website for a popular Parisian boutique store. However, to the naked eye, the script in question looks just like another jQuery library loaded from a third-party CDN."

Link

TLP¹ : Green

Iranian APT Targets Govs With New Malware

"A new campaign is targeting governments with the ForeLord malware, which steals credentials."

Link

TLP¹ : Green

Intertrust launches enterprise-ready white-box cryptography solution for web apps

"The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing: