Top News

• Hackers share SQL databases from unsecured AWS buckets, including the archive belonging to the BGR tech news site in India

"Hackers are sharing SQL databases from unsecured Amazon S3 buckets, one of them belongs to the BGR tech news site in India."

Link

TLP¹ : Green

• Reddit CEO accuses TikTok of being ‘fundamentally parasitic’

"Condemning the app, Huffman said that it was “fundamentally parasitic” and accused it of “always listening” in on its users. On the app’s biometric features, he said the fingerprinting technology used by TikTok was “truly terrifying.”"

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

"A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study."

Link

TLP¹ : Green

• “Shark Tank” TV star loses almost $400,000 in Business Email Compromise scam

"Barbara Corcoran, one of the business moguls who head up the judging team on US TV’s “Shark Tank” investment show, has lost nearly $400,000 to an email scammer."

Link

TLP¹ : Green

• A former Microsoft engineer stole more than $10 million from the company and used it to buy a $1.6 million lakefront home and a Tesla

"Volodymyr Kvashuk — who worked at Microsoft from August 2016 to June 2018, first as a contractor, then as a full-time employee — was convicted Tuesday in the US District Court in Seattle following a five-day trial, according to the US Attorney's Office. "

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Clearview AI has billions of photos of innocent and unsuspecting users – Its entire list of clients was reportedly stolen by unknown hackers.

"Clearview AI is currently bearing the brunt of its relentless penchant for privacy invasion of innocent users as the start-up has been hacked. The hackers were able to access its entire client list, which certainly is no ordinary feat. However, the company has gone into damage-control mode and claiming that the hackers couldn’t breach its servers. "

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Cisco addresses vulnerabilities in FXOS, UCS Manager and NX-OS Software

"The first issue tracked as CVE-2020-3172 is caused by the lack of insufficient validation of Cisco Discovery Protocol packet headers. The flaw could be exploited by an attacker to send a crafted packet to a Layer 2-adjacent vulnerable device and trigger a buffer overflow to run arbitrary code or cause a DoS condition."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• A Guide to Easy and Effective Threat Modeling

"Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Progress-Burp - Burp Suite Extension To Track Vulnerability Assessment Progress

"UBurp Suite extension to track vulnerability assessment progress. "

Link

TLP¹ : Green

• Why Businesses Should Consider Managed Cloud-Based WAF Protection

"With the rising cost of data breaches and cyber-attacks, cybersecurity has become a board room conversation on an unprecedented scale. In this ever-connected online world, web application security is the cornerstone of the overall cybersecurity of any company."

Link

TLP¹ : Green

• The Hidden Vulnerabilities of Open Source Software

"Commonly used free and open source software (FOSS) is one of the most significant technological trends of the decade. After all, 80-90 percent of a typical application contains FOSS components (pdf). And that trend is only increasing with its use in smart phones, cars, the Internet of Things, and numerous pieces of critical infrastructure."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp