Está aqui

Infosec News 20200601

Publicado: Seg, 01/06/2020 - 09:32

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

The Cybersecurity Implications of 5G Technology

"The coming of widespread 5G technology promises more than just faster everything, enhanced capacity and greater reliability."

Link

TLP¹ : Green

Anonymous demands justice for George Floyd and threatens attacks

"The hacktivist collective group Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police."

Link

TLP¹ : Green

Analysing the (Alleged) Minneapolis Police Department "Hack"

"(...)I was CC'd into a bunch of threads that were redistributing the alleged email addresses and passwords, most of them referring to a data breach (or "leak") of some kind allegedly perpetrated by "Anonymous"."

Link

TLP¹ : Green

Ransomware, malware exploit coronavirus themes

"Monitoring of billions of security events daily has revealed that cyber criminals are exploiting fears of COVID-19 to step up ransomware and malware attacks, reports Fortinet FortiGuard Labs."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

KingNull leaks DB of Daniel’s Hosting dark web hosting provider

"Earlier this year a hacker breached Daniel’s Hosting, the largest free web hosting provider for dark web hidden services and now leaked its DB."

Link

TLP¹ : Green

The team behind the Joomla CMS discloses a data breach

"Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site (resources.joomla.org) on an unsecured Amazon Web Services S3 bucket operated by the company."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Russian Actors Are Targeting Vulnerable Exim Mail Servers. Patching Is Up, but More Than 900k Remain Online

"On May 28, 2020, the United States National Security Agency (NSA) released a Cyber Security Advisory that warned of a Russian Espionage campaign associated with the Sandworm group that was actively exploiting vulnerabilities in the Exim mail transfer agent."

Link

TLP¹ : Green

Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

"Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple' system"

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

"Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed."

Link

TLP¹ : Green

Password Changing After a Breach

"This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password."

Link

TLP¹ : Green

Career Choice Tip: Cybercrime is Mostly Boring

"When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way to combat cybercrime and steer offenders toward a better path."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

Red:Not for disclosure, restricted to participants only.
Amber: Limited disclosure, restricted to participants organizations.
Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp

Infosec News

Análise / Investigações

Campanha Social Engineering

Analise ao Emotet

Campanha Smishing CTT

Campanha de Phishing BBVA

Campanha de phishing/ malware Millennium BCP

Newsletters

Para subscrever ou anular a subscrição da nossa newsletter InfoSec, seleccione a opção e preencha os campos abaixo.

CSIRT.MAI

Infosec News 20200601

Top News

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

Tripwire Patch Priority Index for May 2020

Cybersecurity market to exceed $430 billion by 2027 – report

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

The Cybersecurity Implications of 5G Technology

Anonymous demands justice for George Floyd and threatens attacks

Analysing the (Alleged) Minneapolis Police Department "Hack"

Ransomware, malware exploit coronavirus themes

Breaches: Data Breaches and Hacks

KingNull leaks DB of Daniel’s Hosting dark web hosting provider

The team behind the Joomla CMS discloses a data breach

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Russian Actors Are Targeting Vulnerable Exim Mail Servers. Patching Is Up, but More Than 900k Remain Online

Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

Password Changing After a Breach

Career Choice Tip: Cybercrime is Mostly Boring