Infosec News 20201007

  • Publicado: Qua, 07/10/2020 - 10:21

Top News

  • Cisco Ordered to Pay $1.9 Billion in Cybersecurity Patent Infringement Case

"A US district judge has ordered Cisco to pay $1.9 billion to Centripetal Networks, Inc., for infringing on four patents related to cybersecurity."

Link

TLP1 : Green

  • Microsoft Paid Out Over $374,000 for Azure Sphere Vulnerabilities

"Microsoft on Tuesday shared the results of its three-month-long Azure Sphere Security Research Challenge and the company says it has paid out more than $374,000 to participants."

Link

TLP1 : Green

  • Rethinking Email Security in the Face of Fearware

"E-mail messages preying on fear have ramped up since the COVID-19 outbreak, raising questions about security's reliance on historical data about past attacks to predict the future"

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Microsoft Says Iranian Hackers Exploiting Zerologon Vulnerability

"The Iran-linked threat actor known as MuddyWater is actively targeting the Zerologon vulnerability in Windows Server, Microsoft warns."

Link

TLP1 : Green

  • Insurance firm Ardonagh Group disabled 200 admin accounts as ransomware infection took hold

"Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection."

Link

TLP1 : Green

  • The anatomy of a $15 million cyber heist on a US company

"Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Google Brings Password Protection to iOS, Android in Chrome 86

"Chrome 86 will alert users when stored passwords are compromised, and block or warn of insecure downloads, among other security updates."

Link

TLP1 : Green

  • New Research Finds Bugs in Every Anti-Malware Product Tested

"Products from every vendor had issues that allowed attackers to elevate privileges on a system -- if they already were on it."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • How Netflix Makes Security Decisions: A Peek Inside the Process

"A senior information security risk engineer explains how Netflix's risk management program helps businesses leaders make key decisions."

Link

TLP1 : Green

  • 10 Years Since Stuxnet: Is Your Operational Technology Safe?

"The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks. "

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • Firefox for Pentester: Privacy and Protection Configurations

"In this article we will become competent to protect ourselves online through the configuration options that Firefox provides us."

Link

TLP1 : Green

  • Hackers Abuse Windows Error Reporting (WER) Service in Fileless Malware Attack

"Security researchers uncovered a new attack dubbed Kraken that uses injected its payload into the Windows Error Reporting service to evade detection."

Link

TLP1 : Green

  • 6 Best Practices for Using Open Source Software Safely

"As DevOps becomes the default development discipline for more organizations, the pressure to reach out and grab reusable modules and libraries is almost guaranteed to make open source code a greater percentage of enterprise software."

Link

TLP1 : Green

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News