Infosec News 20201006

  • Publicado: Ter, 06/10/2020 - 10:11

Top News

  • 'Virtual Cyber Carnival' Kicks off Cybersecurity Awareness Month

"A new initiative will run throughout the month of October, invites the general public to play cybersecurity games (and win fabulous prizes)."

Link

TLP1 : Green

  • Biometric Data Collection Demands Scrutiny of Privacy Law

"An IT lawyer digs into the implications of collecting biometric data, why it can't be anonymized, and what nations are doing about it."

Link

TLP1 : Green

  • UK loses 16,000 COVID-19 cases due to Excel spreadsheet snafu

"Some 16,000 Coronavirus cases reportedly went missing after the Excel spreadsheet they were being recorded in reached its maximum limit, and did not allow the automated process to add any more names."

Link

TLP1 : Green

  • 'Father of Identity Theft' Sentenced to 207 Months

"James Jackson was convicted of mail fraud, aggravated identity theft, access device fraud, and theft of mail last year."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Hackers Steal Swiss University Salaries

"As yet unidentifed hackers have managed to steal employee salary payments at several Swiss universities, officials said Sunday."

Link

TLP1 : Green

  • Visa Warns of Attack Involving Mix of POS Malware

"A North American merchant’s point-of-sale (POS) terminals were infected with a mix of POS malware earlier this year, Visa reports."

Link

TLP1 : Green

  • DoD, DHS Warn of Attacks Involving SLOTHFULMEDIA Malware

"The U.S. Department of Defense’s Cyber National Mission Force (CNMF) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) last week published a malware analysis report for what they described as a new malware variant named SLOTHFULMEDIA."

Link

TLP1 : Green

  • UN Maritime Agency Hit by 'Sophisticated Cyberattack'

"The United Nations’ International Maritime Organization (IMO) last week said some of its systems were disrupted as a result of a cyberattack."

Link

TLP1 : Green

  • Ransomware Vaccine Intercepts Requests to Erase Shadow Copies

"A newly released “vaccine” can prevent certain ransomware families from erasing shadow copies to prevent data recovery."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • Students and employees notified of Gulf Coast State College data breach

"Some Gulf Coast State College students and employees received a letter from school officials, dated Sept. 28, about a data breach that took place back between March 31, 2020 and June 3, 2020."

Link

TLP1 : Green

  • Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed

"Indian edtech platform Edureka is reported to have suffered a server breach which compromised data of more than 2 Mn users. The data breach, investigated and reported by SafetyDetectives, is said to have compromised users’ names, addresses and contact details."

Link

TLP1 : Green

  • 3 Ways Data Breaches Accelerate the Fraud Supply Chain

"The battle's just beginning as bad actors glean more personal information from victims and use that data to launch larger attacks. "

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Ttint Botnet Targets Zero-Day Vulnerabilities in Tenda Routers

"A new Mirai-based botnet is targeting zero-day vulnerabilities in Tenda routers, according to researchers at 360 Netlab, a unit of Chinese cybersecurity company Qihoo 360."

Link

TLP1 : Green

  • Flaws in Popular Antivirus Softwares Let Attackers to Escalate Privileges

"Security researchers from CyberARK discovered security bugs with anti-malware software that allows attackers to escalate privileges on an infected machine."

Link

TLP1 : Green

  • Meet 'Egregor,' a New Ransomware Family to Watch

"Egregor's operators promise to decrypt victims' files and provide security recommendations in exchange for ransom payment."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • How to backup and restore Active Directory: Step-by-step guide

"Active Directory (AD) is one of the most popular directory services used by millions of people worldwide. This is why a foolproof Active Directory backup and restoration disaster recovery strategy is vital for business continuity."

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • 5 steps to secure your connected devices

"As we steadily adopt smart devices into our lives, we shouldn’t forget about keeping them secured and our data protected"

Link

TLP1 : Green

  • Panabee: 1: Vulnhub Walkthrough

"This is a Boot to root kind of challenge. We need to get root privileges on the machine and read the root flag to complete the challenge. Overall it was an intermediate machine to crack."

Link

TLP1 : Green

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News