Top News

• North Korean Malicious Cyber Activity

"The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) released three Malware Analysis Reports (MARs) on malware variants used by the North Korean government."

Link

TLP¹ : Green

• The top 10 most-targeted security vulnerabilities – despite patches having been available for years

"This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years."

Link

TLP¹ : Green

• Adobe addresses critical issues in Acrobat, Reader, and DNG SDK

"Adobe has released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• A cybercrime store is selling access to more than 43,000 hacked servers

"The MagBo portal provides access to hacked servers, with some belonging to local and state government, hospitals, and financial organizations."

Link

TLP¹ : Green

• BlueScope Steel operations disrupted due to Ransomware Cyber Attack

"Australian Steel producer ‘BlueScope Steel Limited’ reportedly became a victim of a cyber attack on Thursday this week i.e. on May 14th, 2020."

Link

TLP¹ : Green

• Microsoft open-sources its coronavirus threat data for security researchers

"For the last couple of months, cybercriminals have taken advantage of the coronavirus pandemic to launch a series of attacks on individuals and companies, with a COVID-19 angle. In order to fight these threats, Microsoft has open-sourced its threat knowledge to help the security community build protective solutions for users."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• The Unattributable "db8151dd" Data Breach

"The study of "db8151dd" Data Breach and its conclusions."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Patch now your vBulletin install before hacker will target your forum

"Maintainers of the vBulletin project have released an important fix to address a security vulnerability tracked as CVE-2020-12720."

Link

TLP¹ : Green

• Popular Page Builder WordPress plugin fixes critical issues. Update it now!

"Two issues in the popular Page Builder by SiteOrigin WordPress plugin could be exploited to carry out code execution attacks on vulnerable websites."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• DISC – SANS ICS Virtual Conference Highlights

"A look at all the top highlights from the recent DISC – SANS ICS Virtual Conference."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

"Lockphish it's the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link."

Link

TLP¹ : Green

• DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang

"XSS Scanning and Parameter Analysis tool."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp