Infosec News 20200722
Top News
-
US DoJ charges Chinese hackers for targeting COVID-19 research
"US Justice Department accused two Chinese hackers of stealing trade secrets from companies worldwide and targeting firms developing a COVID-19 vaccine"
TLP1 : Green
-
UK Government chose not to investigate if Russian hackers interfered in Brexit referendum, report reveals
"No-one in Government knew if Russia had interfered in the EU vote, and they actively avoided any effort to ask questions to find out"
TLP1 : Green
-
Google funded delivery service Dunzo hacked; 11GB worth of data leaked
"The exact date of Dunzo data breach is unclear however its database was leaked last week."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Diebold ATM Terminals Jackpotted Using Machine’s Own Software
"The company warned that cybercriminals are using a black box with proprietary code in attacks to illegally dispense cash across Europe."
TLP1 : Green
-
Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions
"An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information"
TLP1 : Green
-
The State of Hacktivism in 2020
"Activism via hacking might not be as noisy as it once was, but it hasn't been silenced yet."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
How BeerAdvocate Learned They'd Been Pwned
"The tl;dr is that someone with a BeerAdvocate account was convinced the service had been pwned"
TLP1 : Green
-
Hacking a Power Supply
"This hack targets the firmware on modern power supplies. (Yes, power supplies are also computers.)"
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Adobe fixed critical code execution flaws in Bridge, Photoshop and Prelude products
"This week, Adobe has addressed several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products."
TLP1 : Green
-
Cisco Small Business 220 up to 1.1.4.3 Web Management Interface command injection
"A vulnerability was found in Cisco Small Business 220 up to 1.1.4.3."
TLP1 : Green
-
Vulnerability Allows Remote Hacking of Devices Running Citrix Workspace App
"Citrix informed customers this week that it has patched a vulnerability in its Workspace app that can allow an attacker to remotely hack the computer running the affected application."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Cheap Security Lab Training with Raspberry Pi 4, Docker & Kali Linux
"The Raspberry Pi is a small yet power platform that is perfect for building a cost effective cybersecurity training lab"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
hackerEnv - An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them
"hackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them"
TLP1 : Green
-
ADB-Toolkit - Tool for testing your Android device
"ADB-Toolkit is a BASH Script with 28 options and an METASPLOIT Section which has 6 options which is made to do easy penetration testing in Android Device."
TLP1 : Green
-
DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records
"More than 4.7 million sources in five countries — the US, China, South Korea, Russia, and India — were used to level distributed denial-of-service (DDoS) attacks against victims in the second quarter of 2020, with the portmap protocol most frequently used as an amplification vector to create massive data floods"
TLP1 : Green
-
Microsoft 365 Updated with New Security, Risk, Compliance Tools
"Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption."
TLP1 : Green
-
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
"New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls."
TLP1 : Green
-
Microsoft to Retire TLS 1.0/1.1 in Office 365 Starting October 15
"Decades old, these protocol versions are considered obsolete, especially since the newer, safer TLS 1.2 and TLS 1.3 have been available for years. In fact, plans for their removal from major browsers and online services have been announced several years ago."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.