Infosec News 20200526
Top News
· Security issues affecting Titan, Google’s security key
"After performing an information security audit, Google revealed a security flaw in Titan, its Bluetooth security key, which would allow an attacker located near the device to bypass the protection that this tool provides. Google announced that it would replace the users’ faulty security keys."
TLP1 : Green
· Critical vulnerability in Microsoft remote desktop services; update now
"Microsoft has just announced the launch of a set of update patches to correct a critical vulnerability in Remote Desktop services. If exploited, the flaw could quickly spread over the Internet; according to information security services, the vulnerability affects previous versions of Windows, including those that are no longer supported by the company."
TLP1 : Green
· Russian experts assessed the level of protection of corporate data from hacker attacks
"Even a low-skilled hacker can hack the internal network of global companies..."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
· Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid
"Threat actors are offering for sale more than two dozen SQL databases belonging to e-commerce websites for different countries."
TLP1 : Green
· Blue Mockingbird Hacker Group Attack Windows Machines at Multiple Organizations to Deploy cryptocurrency-mining Malware
"Security researchers from Red Canary discovered potential hacker group Blue Mockingbirddeploying Monero cryptocurrency-mining payloads deployed on the Internet-facing Windows machines at multiple organizations"
TLP1 : Green
· Bugs in open-source libraries impact 70% of modern software
"Bugs in open-source libraries impact 70% of modern software."
TLP1 : Green
Breaches: Data Breaches and Hacks
· 3 hacking forums have been hacked and database have been leaked online
"Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to have been hacked and their databases have been leaked online"
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
· Poppler 0.24.5 on Ubuntu Annot.h getCoordsLength denial of service
"A vulnerability was found in Poppler 0.24.5 on Ubuntu"
TLP1 : Green
· Cisco fixed a critical issue in the Unified Contact Center Express
"Cisco has released several security patches, including one for a critical issue..."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
· Everything You Wanted to Know About IP Address Hacking
"A lot of people think that they can do whatever they want on the Internet and remain anonymous. However, we all can leave a trial on the web thanks to…"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
· Secondary DNS — A faster, more resilient way to serve your DNS records
"What is secondary DNS, and why is it important?"
TLP1 : Green
· What to Look for When Reverse Engineering Android Apps
"Reverse engineering refers to the process of taking something apart to see how it works..."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.