Top News

• #deepweb | Honor among thieves? Cybercriminals urge others not to take advantage of pandemic

"Alex Guirakhoo, strategy and research analyst at Digital Shadows Ltd. has published a report on the reaction of those of the dark web "

Link

TLP¹ : Green

• Whatever happened to cryptojacking?

"A couple of years ago it felt like you couldn’t turn your head in any direction without seeing another headline about cryptomining and – its more evil sibling – cryptojacking."

Link

TLP¹ : Green

• Smashing Security #170: PornHub, Coronavirus apps, and remote working

"It’s a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you’re unexpectedly working from home."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Norsk Hydro Outage May Have Been Destructive State Attack

"The crippling ransomware attack on Norsk Hydro may have been a state-backed attempt to disrupt rather than extort money, and as such provides a “blueprint” for how similar future campaigns may work, Dragos has warned.;

Link

TLP¹ : Green

• CERT France – Pysa ransomware is targeting local governments

"is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments."

Link

TLP¹ : Green

• Emergency Surveillance During COVID-19 Crisis

"Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Food Delivery Website in Germany Targeted by DDoS Attackers

"Malicious individuals targeted a food delivery website located in Germany with a distributed denial-of-service (DDoS) attack."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• D-Link DIR-846 100.26 SetNetworkTomographySettings Request privilege escalation>

"A vulnerability, which was classified as critical, has been found in D-Link DIR-846 100.26 (Router Operating System)."

Link

TLP¹ : Green

• Drupal addresses two XSS flaws by updating the CKEditor

"Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. "

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• How to Protect Your VPN: Lessons From a DDoS Attack Test

"In the wake of the COVID-19 pandemic, many IT organizations find themselves scrambling to meet the sudden spike in VPN traffic."

Link

TLP¹ : Green

• How To Prevent SQL Injections? (Complete Guide)

"Are you worried about SQL injection attacks on your site? If you’re reading this, you might already be aware of the devastating impact it can have!"

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• LDAPFragger: Command and Control over LDAP attributes

"A while back during a penetration test of an internal network, we encountered physically segmented networks. "

Link

TLP¹ : Green

• A Random List of Free Resources

"We were floating this list around internally and thought it might be of value beyond our walls. Below is a partial list of companies that have released resources to help support the community during this time (included Tech, Health & Wellness, Children specific)."

Link

TLP¹ : Green

• So You’re Having to Work from Home Due to the Coronavirus Pandemic … Now What? Here are 18 Tips to Help You Make the Best of Working Remote

"The SANS mission is to empower current and future cybersecurity practitioners through training, education, and skills validation to create a safer global community. …We interrupt our regularly scheduled programing to address the impact that the coronavirus outbreak is having on our daily work life. Working from home may sound like a dream come true for many people, but if this is your first experience taking your workforce virtual, the transition will likely be a bit overwhelming at first."

Link

TLP¹ : Green

• Why cybersecurity matters more than ever during the coronavirus pandemic

"As the coronavirus pandemic continues to disrupt global health, economic, political and social systems, there's another unseen threat rising in the digital space: the risk of cyberattacks that prey on our increased reliance on digital tools and the uncertainty of the crisis."

Link

TLP¹ : Green

• Facebook accidentally blocks genuine COVID-19 news

"(...)But when humans are taken out of the content moderation loop, it might suggest that automated systems are running the show. Facebook is denying that a recent content moderation glitch has anything to do with workforce issues, but it’s also saying that automated systems are to blame for being overzealous in stamping out misinformation."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp