Está aqui

Infosec News 20200630

Publicado: Ter, 30/06/2020 - 11:42

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

Govt reveals $1.35bn investment in cybersecurity over next decade

"The government has unveiled a $1.35 billion investment to beef up Australia’s cybersecurity capabilities over the next decade, a third of which will go into a new team of 500 specialists."

Link

TLP¹ : Green

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

"Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes."

Link

TLP¹ : Green

Chinese hackers aggressive since Galwan clash, stealing sensitive info from India: Cyber research expert

"In an exclusive interview to India Today TV, Cyfirma Chairman and CEO Kumar Ritesh said that their research has found there is a marked shift in the cyber attacks on India since the Galwan Valley clashes."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

Into the Dark: Scratching the Surface of the Dark Web and Its Potential Risks to Users

"Numerous data leaks appeared on the dark web in the second quarter of 2020. At the end of May, for instance, Cyble found a government database containing the personal information of more than 20 million Taiwanese citizens for sale on an underground web marketplace."

Link

TLP¹ : Green

Voice recordings from domestic violence alerting app exposed on the internet

"A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button. What isn’t a good idea is for voice recordings made by the app to be left exposed on an unsecured Amazon Web Services (AWS) S3 bucket, allowing anyone with internet access to download them and listen if they so wish."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Your Phone Is Vulnerable Because of 2G, But it Doesn't Have to Be

"Security researchers have been talking about the vulnerabilities in 2G for years. 2G technology, which at one point underpinned the entire cellular communications network, is widely known to be vulnerable to eavesdropping and spoofing."

Link

TLP¹ : Green

Financial organisations are prone to lax cybersecurity practices and are putting themselves at data breach risk

"Netwrix announced additional findings from its 2020 Data Risk & Security Report. The report reveals that financial organisations are prone to a range of insufficient cybersecurity controls that make them vulnerable to escalating cyber threats."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Sucuri Academy: Free Website Security Courses

"We are happy to announce that we have launched Sucuri Academy to offer free website security courses."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...

"Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../"

Link

TLP¹ : Green

Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark

"kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

Red:Not for disclosure, restricted to participants only.
Amber: Limited disclosure, restricted to participants organizations.
Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp

Infosec News

Análise / Investigações

Campanha Social Engineering

Analise ao Emotet

Campanha Smishing CTT

Campanha de Phishing BBVA

Campanha de phishing/ malware Millennium BCP

Newsletters

Para subscrever ou anular a subscrição da nossa newsletter InfoSec, seleccione a opção e preencha os campos abaixo.

CSIRT.MAI

Infosec News 20200630

Top News

iPhone Apps Stealing Clipboard Data

AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals

REvil Ransomware Gang Adds Auction Feature for Stolen Data

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

Govt reveals $1.35bn investment in cybersecurity over next decade

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Chinese hackers aggressive since Galwan clash, stealing sensitive info from India: Cyber research expert

Breaches: Data Breaches and Hacks

Into the Dark: Scratching the Surface of the Dark Web and Its Potential Risks to Users

Voice recordings from domestic violence alerting app exposed on the internet

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Your Phone Is Vulnerable Because of 2G, But it Doesn't Have to Be

Financial organisations are prone to lax cybersecurity practices and are putting themselves at data breach risk

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Sucuri Academy: Free Website Security Courses

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...

Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark