Top News

• Hackers are trying to steal admin passwords from F5 BIG-IP devices

"Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed."

Link

TLP¹ : Green

• Hackers are targeting unsecured MongoDB database

"A new wave of attacks is targeting unsecured MongoDB database servers and wiping their content attempting to extort a ransom to the victims."

Link

TLP¹ : Green

•  US Schools and Colleges Have Leaked 24.5 Million Records Since 2005

"Schools and colleges in the US have leaked 24.5 million records since 2005, according to new research by technology website Comparitech. K–12 school districts across the country have suffered 1327 breaches in the last 15 years – with last year’s count setting an all-time high."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Hackers hijack Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data

" An advertisement was published offering a database for sale – containing details of tourist payments made during June 2020 to the Public Services Portal of the Russian Federation.Anyone interested in purchasing the database is invited to pay the tidy sum of 66 bitcoins (approximately US $499,000)."

Link

TLP¹ : Green

• North Korean hackers linked to web skimming (Magecart) attacks, report says

"After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores."

Link

TLP¹ : Green

• FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps

"New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

•  BMW customer database for sale on dark web

"A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to KELA, a darknet threat intelligence firm, based in Tel Aviv."

Link

TLP¹ : Green

• V Shred data leak exposes PII, sensitive photos of fitness customers and trainers

"Fitness brand V Shred exposed the personally identifiable information (PII) of over 99,000 customers and trainers -- and has yet to fully resolve the leaking database responsible."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• .NET Core vulnerability lets attackers evade malware detection

"A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software.This vulnerability is caused by a Path Traversal bug in Microsoft’s .NET Core library that allows malicious garbage collection DLLs to be loaded by users with low privileges."

Link

TLP¹ : Green

• Oracle Java SE 8u212 JCE denial of service

"A vulnerability was found in Oracle Java SE 8u212 (Programming Language Software) and classified as problematic. This issue affects an unknown function of the component JCE. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-284. Impacted is availability."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Snake Ransomware isolates infected Systems before encrypting files

"Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Try2Cry ransomware tries to worm its way to other Windows systems

"A new ransomware known as Try2Cry is trying to worm its way onto other Windows computers by infecting USB flash drives and using Windows shortcuts (LNK files) posing as the targets' files to lure them into infecting themselves."

Link

TLP¹ : Green

•  How to Report IP Addresses

"Spam is a common nuisance for users of the Internet. However, it is not just annoying - these messages may cause substantial harm. While businesses use spam as a cheap way of promotion, criminals send it to snatch sensitive data. Fortunately, there is a quick way to counteract the offenders. "

Link

TLP¹ : Green

• Bash one-liner to check if a device is vulnerable for CVE-2020-5902

"This GitHub page has a one-liner bash code, to check for CVE-2020-5902, which affects BIG-IP devices"

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp