Está aqui

Infosec News 20201008

Publicado: Qui, 08/10/2020 - 10:25

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

Open Source Threat Intelligence Searches for Sustainable Communities

"As long as a community is strong, so will be the intelligence it shares on open source feeds. But if that community breaks down..."

Link

TLP¹ : Green

New 'HEH' Botnet Targets Exposed Telnet Services

"Latest threat is one in a growing list of malware developed in the Go programming language"

Link

TLP¹ : Green

37% of remote employees have no security restrictions on corporate devices

"ManageEngine unveiled findings from a report that analyzes behaviors related to personal and professional online usage patterns"

Link

TLP¹ : Green

Swiss-Swedish Diplomatic Row Over Crypto AG

" It was a CIA-owned Cold War operation for decades. Today it is called Crypto International, still based in Switzerland but owned by a Swedish company."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers

"Two months after securing a $33 million funding round from investors, food delivery startup Chowbus is grappling with a breach that observers say exposed personal data on hundreds of thousands of customers"

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Insecure DLL loading in Cisco Webex Teams Client for Windows

"The vulnerability allows a local user to compromise vulnerable system.The vulnerability exists due to incorrect handling of directory paths at run time in the loading mechanism of specific DLLs. A local user can place a specially crafted .dll file and execute arbitrary code with the privileges of another user’s account."

Link

TLP¹ : Green

Vulnerability Spotlight: DoS vulnerability in ATIKMDAG.SYS AMD graphics driver

"Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards"

Link

Denial of service in Wireshark

"This security advisory describes one medium risk vulnerability."

Link

TLP¹ : Green

Researcher Finds Vulnerabilities in Products of 10 Cybersecurity Vendors

"CyberArk researcher Eran Shimony reported this week that he identified flaws in products from Kaspersky (advisory), McAfee, Symantec, Fortinet, Checkpoint, Trend Micro, Avira, Microsoft, Avast and F-Secure. He reported his findings to impacted vendors and they have all released patches."

Link

TLP¹ : Green

Researchers Turn Comcast TV Remote Into Spying Device

"Researchers from segmentation solutions provider Guardicore have identified a series of vulnerabilities that could have been exploited by a hacker to turn a TV remote into a spying device."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Building an Information Security Program Post-Breach

"An important question to answer at this point is, how did Rekt Casino get here?"

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

CSRFER - Tool To Generate CSRF Payloads Based On Vulnerable Requests

"CSRFER is a tool to generate csrf payloads, based on vulnerable requests."

Link

TLP¹ : Green

The New War Room: Cybersecurity in the Modern Era

"The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing: