Infosec News 20200804
Top News
-
US Government Warns of a New Strain of Chinese 'Taidoor' Virus
"Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks"
TLP1 : Green
-
Google Updates Ad Policies to Counter Influence Campaigns, Extortion
"Starting Sept. 1, Google will crack down on misinformation, a lack of transparency and the ability to amplify or circulate politically influential content"
TLP1 : Green
-
Twitter says hackers gained entry to its systems by calling employees on their phones
"Spear-phishing attack enabled attackers to access 130 accounts on the social media platform"
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Pandemic accelerating security at financial institutions
"Prior to the pandemic, financial institutions spent an average $2,700 on cybersecurity per full-time employee, up from $2,300 the previous year)"
TLP1 : Green
-
7,600 Japanese Facebook accounts stolen in suspected scam
"The account details of some 7,600 Japanese Facebook users appear to have been stolen by scammers and stored on a server based in Russia, a cybersecurity company said Tuesday"
TLP1 : Green
-
FBI Warns on New E-Commerce Fraud
"A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic"
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Travel Management Firm CWT Pays $4.5M to Ransomware Attackers
"Attackers claimed to steal two terabytes of files including financial reports, security files, and employees' personal data"
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Hackers Could Target Organizations via Flaws in Mitsubishi Factory Automation Products
"High-severity vulnerabilities found by researchers in Mitsubishi Electric factory automation products can be exploited to remotely attack organizations"
TLP1 : Green
-
Security Enclave vulnerability seems scary, but won't affect most iPhone users
"Security researchers have recently revealed a vulnerability in the Secure Enclave Processor"
TLP1 : Green
-
Prototype pollution bug in popular Node.js library leaves web apps open to DoS, remote shell attacks
"A flaw in the express-fileupload library allows hackers to stage prototype pollution attacks on Node.js servers, a security researcher has discovered"
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols
"Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
BlackBerry releases new security tool for reverse-engineering PE files
"BlackBerry open-sources PE Tree, a new malware reverse-engineering tool for analyzing Portable Executable (PE) files"
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.