InfoSec News 20200929
Top News
-
Tyler Technologies Reveals Ransomware Affected Some Internal Systems
"Tyler Technologies, Inc., revealed it suffered a ransomware attack that disrupted access to some of its internal systems."
TLP1 : Green
-
Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials
"Researchers warn of emails pretending to help business employees upgrade to Windows 10 – and then stealing their Outlook emails and passwords."
TLP1 : Green
-
Mac, Linux Users Now Targeted by FinSpy Variants
"FinSpy has returned in new campaigns targeting dissident organizations in Egypt – and researchers uncovered new samples of the spyware targeting macOS and Linux users."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Hacking Voting Systems to Be a Federal Crime in US
"Criminals caught hacking into a federal voting system in the United States are to be charged with a federal criminal offense."
TLP1 : Green
-
Hackers Steal $150 Million from Asian Cryptocurrency Exchange
"KuCoin, a Singapore-based cryptocurrency exchange, has disclosed a security incident that resulted in the unauthorized transfer of roughly $150 million in digital assets."
TLP1 : Green
-
Researchers Uncover Cyber Espionage Operation Aimed At Indian Army
"Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
OCR Imposes $6.85M Penalty Over Data Breach
"A health insurance company in Washington state has been slapped with the second-largest ever HIPAA violation penalty."
TLP1 : Green
-
Fashion retailer BrandBQ exposes 1 TB of customers, contractors data
"The researchers attributed the database to BrandBQ. With over 500,000 downloads alone on Android coupled with its iOS installations, the number of users impacted is immense, estimated to be up to 6.7 million people."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Twitter Warns Developers of API Bug That Exposed App Keys, Tokens
"Twitter developers are being warned of a security bug that may have exposed their applications’ credential information – including sensitive application keys and access tokens."
TLP1 : Green
-
Phishers use Facebook grants for COVID-19 victims as bait
"Potential victims see an article disguised to appear to be from CNBC. It says that Facebook is giving grants to users hit by COVID-19 and includes a link to apply for a grant."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Preventing Shadow IT from Blindsiding your Zero Trust Plan
" Even an approved line-of-business application that gets deployed without the security team’s awareness can prove to be a risk if it escapes patching and default hardening procedures because it was deployed without the usual controls in place"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine
"NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services."
TLP1 : Green
-
Cooolis-ms - A Server That Supports The Metasploit Framework RPC
"Cooolis-ms is a server that supports Metasploit Framework RPC. It is used to work for Shellcode and PE loader, bypassing the static detection of anti-virus software to a certain extent, and allows the Cooolis-ms server to perform with the Metasploit server separate."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.