InfoSec News 20200305

  • Publicado: Qui, 05/03/2020 - 10:49

Top News

  • Cisco addresses high severity RCE flaws in Webex Player

"Cisco has released security updates to fix multiple vulnerabilities in various products, including two remote code execution flaws in Webex Player. "

Link

TLP1 : Green

  • Coronavirus warning spreads computer virus

"This time, there isn’t a link to a fraudulent website, but an attachment you are urged to read instead.

By now you ought to be suspicious, given that Word documents can contain so-called macros – embedded software modules that are often used to spread malware, and that are an obvious risk to accept from outside your company."

Link

TLP1 : Green

  • Why 3 million Let’s Encrypt certificates are being killed off today

"Let’s Encrypt was all over the news recently – the cybersecurity news, at any rate – for the laudable reason that it just issued its 1,000,000,000th TLS certificate."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • French Firms Rocked by Kasbah Hacker?

"A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of Apple, Dell, and Microsoft for helping to find and fix security vulnerabilities in their products."

Link

TLP1 : Green

  • Karkoff 2020: a new APT34 espionage operation involves Lebanon Government

"Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group."

Link

TLP1 : Green

  • SpaceX and Tesla documents leaked online by hackers

"The cyber crime group known as DoppelPaymer has already leaked non-disclosure agreements signed between Visser Precision and the Elon Musk-led companies SpaceX and Tesla."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • CIA’s 11-year old hacking campaign against China exposed

"APT-C-39 is a hacking group that discreetly works for the CIA. According to research from a well-known Chinese cyber-security firm Qihoo 360, this group has been launching cyberattacks against China from the past eleven years. The attacks started in September 2008 and lasted until June 2019."

Link

TLP1 : Green

  • Tech support scammers hacked back by vigilante

"A UK cybercrime vigilante was so incensed by tech support scammers he reverse-hacked the call centre in India to reveal CCTV footage of perpetrators as they ripped off their victims in real-life calls.

Publicised by a BBC documentary, the hack was the work of ‘Jim Browning’ (not his real name), who has acquired a following on his YouTube channel for his campaigns to expose how these crimes work and the individuals behind them."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability

"A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface."

Link

TLP1 : Green

  • Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

"A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • How to Communicate Risk: Profiles, Dashboards and Responsibilities

"The risk of a data breach with significant financial consequences and damage to brand equity is the fear of most large publicly traded companies. But many smaller businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded and well-defined structures for their data stores. This means that every strategic marketing plan and every company’s overall security strategy should incorporate a data breach communication plan. And to articulate this, there needs to be an understanding of the risk profile of the organization."

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • TwitWork - Monitor Twitter Stream

"Monitor twitter stream.
TwitWork use the twitter stream which allows you to have a tweets in real-time.
There is an input that allows you to filter the flow on one (or more) keywords or on an @ based on twitter tracking"

Link

TLP1 : Green

  • PrivescCheck - Privilege Escalation Enumeration Script For Windows

"This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation.
I built on the amazing work done by @harmj0y and @mattifestation in PowerUp. I added more checks and also tried to reduce the amount of false positives."

Link

TLP1 : Green

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News