Infosec News 20200707
Top News
-
Ex-Yahoo employee avoids jail, despite hacking 6000 accounts, and stealing explicit photos and videos
"A former employee of Yahoo has been sentenced and ordered to pay a fine after exploiting his privileged access to hack into the personal accounts of thousands of Yahoo users, in his hunt for naked photographs and videos of young women."
TLP1 : Green
-
NASA Still Struggling With Agency-Wide Cybersecurity Program
"A recent inspector general's report finds that NASA still struggles with implementing agency-wide cybersecurity policies despite spending about $2.3 billion on IT, networking and security technology in 2019."
TLP1 : Green
-
New Mac Ransomware Is Even More Sinister Than It Appears
"The malware known as ThiefQuest or EvilQuest also has spyware capabilities that allow it to grab passwords and credit card numbers."
TLP1 : Green
-
Infosec community disagrees with changing 'black hat' term due to racial stereotyping
"A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Alleged cyber attacks caused fire and explosions at nuclear and military facilities in Iran
"The root cause of a series of explosions at important facilities in Iran may be cyberattacks allegedly launched by Israel."
TLP1 : Green
-
US Secret Service reports an increase in hacked managed service providers (MSPs)
"US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams."
TLP1 : Green
-
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
"A credit-card skimmer is exclusively targeting websites that are hosted on Microsoft IIS servers and running ASP.NET, the company's web framework for developing web applications and services."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Unsecured Chinese companies leak users’ sensitive personal and business data
"Researchers at Cybernews uncovered two unsecured databases, with millions of records, belonging to Chinese companies."
TLP1 : Green
-
5 dating apps caught leaking millions of user-sensitive data
"The IT researchers at WizCase recently discovered data leaks and privacy breaches on 5 different dating apps in the US and East Asia."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Bitcoin’s Lightning Network Is Vulnerable to ‘Looting’: New Research Explains
"Savvy attackers might be able to “loot” bitcoin from others by way of the Lightning Network if users aren’t careful, a new cybersecurity report warns. "
TLP1 : Green
-
OnePlus Fixes Security Flaw in Repair Invoicing System for US Customers
"OnePlus has fixed a vulnerability in its out-of-warranty repair invoicing system, and claims it was done before it could have been exploited to gain customer details in the US."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Revealed: How home router manufacturers dropped the ball on security
"The Fraunhofer Institute discovered an average of 53 critical vulnerabilities in each of the 127 routers it examined. No device was entirely protected."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Indirect Command Execution
"The techniques described below could be used to bypass application whitelisting products if rules are not configured properly (whitelist by path or file name) or to confuse windows events"
TLP1 : Green
-
Tampering With Digitally Signed VBA Projects
"The VBA code contained in Module Streams can be modified in order to change the behaviour of a signed document, without invalidating the signature"
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.