Infosec News 20200525

  • Publicado: Seg, 25/05/2020 - 11:59

Top News

  • Windows Security Alert: Core System File Zero-Days Confirmed Unpatched

"Just days after the monthly Patch Tuesday Windows security update, unpatched system file zero-day vulnerabilities have been publicly disclosed."

Link

TLP1 : Green

  • Hackers deface 1000+ Israeli websites in attempt to get webcam access

"Hackers also left a warning message for Israeli agencies to be prepared for a “big surprise."

Link

TLP1 : Green

  • Hackers leak data of 29 million Indian job seekers for download

"The trove of Indian job seekers data is being downloaded by threat actors worldwide."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Personal data of 12 million Facebook users exposed online

"The leak came after a misconfigured Elasticsearch server exposed Facebook users’ data involved in a previous breach."

Link

TLP1 : Green

  • The ransomware that attacks you from inside a virtual machine

"Yesterday, SophosLabs published details of a sophisticated new ransomware attack that takes the popular tactic of “living off the land” to a new level."

Link

TLP1 : Green

  • Maze ransomware operators leak credit card data from Costa Rica’s BCR bank

"Maze ransomware operators published credit card details stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • Home Chef Serves Up Data Breach for 8 Million Records

"The meal-kit company’s customer records were leaked as part of the Shiny Hunters breach."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • EasyJet’s breach notification email to customers – a closer look

"Let’s take a closer look at the email EasyJet is sending to customers affected by its recently-revealed security breach."

Link

TLP1 : Green

  • Coronavirus: Australia calls for stronger defences amid cyber attacks

"The Australian Cyber Security Centre offers guidance for critical infrastructure operators to guard against cyber attacks which have already hit the healthcare sector"

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • Game-based learning platform provides full immersion into cybersecurity

"Working and learning have gone remote, and we have to come to terms with this new reality. Nowadays, several organizations allow their staff to work from home permanently. Most universities consider reducing classroom time wherever possible, and now we are seeing the demand for online courses sky rocket. "

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security

"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. "

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News