Está aqui

InfoSec News 20200924

Publicado: Qui, 24/09/2020 - 11:12

Top News

Facebook Says Fake Accounts From China Aimed at US Politics

"The takedown came as part of the social networks fight against "coordinated inauthentic behavior" and marked the first time Facebook had seen such a campaign based in China targeting US politics, according to head of security policy Nathaniel Gleicher.

Link

TLP¹ : Green

Gamer Credentials Now a Booming, Juicy Target for Hackers

"Credential abuse drives illicit market for in-game rare skins, special weapons and unique tools."

Link

TLP¹ : Green

Rogue employees at Shopify accessed customer info without authorization

"E-commerce platform provider Shopify revealed that two members of its support staff accessed customer information without authorization."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

Cyberattacks are fast becoming a physical threat

"The point here is, cybersecurity is no longer a buzzword or an ethereal threat; it’s a continuously evolving beast, and one that is having greater implications on human lives."

Link

TLP¹ : Green

A New Hacking Group Hitting Russian Companies With Ransomware

"As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia."

Link

TLP¹ : Green

Thailand takes first legal action against Facebook, Twitter over content

"BANGKOK: Thailand began legal action on Thursday (Sep 24) against Facebook and Twitter for ignoring requests to take down content, in its first such move against major internet firms."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

"Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Zerologon Patches Roll Out Beyond Microsoft

"A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability."

Link

TLP¹ : Green

Microsoft Says Important Windows 10 Fix for Linux Users is Coming

"Microsoft has announced that it’s working on fixing a Windows Subsystem for Linux (WSL), and the rollout should start with the upcoming 20H2 servicing release."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Google adds threat detection to Chronicle cybersecurity platform

"Google is officially expanding its Chronicle cybersecurity platform into the threat detection realm, with the promise to bring “Google-scale threat analysis” to enterprises."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

"If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller."

Link

TLP¹ : Green

The different kinds of authentication protocols

"There are almost as many authentication protocols out there as there are application protocols, making it a confusing landscape. Probably most confusing of all is that attention rarely is drawn to the fact that there are many different kinds of authentication protocol, which seek to fill completely different roles."

Link

TLP¹ : Green