Infosec News 20201012
Top News
-
Cisco addresses three high-severity issues in Webex, IP Cameras and ISE
"Cisco has addressed three high-severity flaws and eleven medium-severity vulnerabilities in its Webex video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine.
The most severe of these vulnerabilities is a Remote Code Execution and Denial of Service issue in Cisco’s Video Surveillance 8000 Series IP Cameras."
TLP1 : Green
-
Cybercrime awareness: How to prevent government websites related frauds
"Digitization of services comes with its own risks. Fraudsters often create fake versions of popular websites to lure citizens and steal money from them."
TLP1 : Green
-
Five Eyes Alliance, India, Japan Demand ‘Backdoors’ to Access Encrypted Apps
"Law enforcement globally has complained of the difficulty encrypted communications poses to criminal investigations."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Tyler Technologies finally paid the ransom to receive the decryption key
"Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack."
TLP1 : Green
-
Hackers targeted the US Census Bureau network, DHS report warns
"The US DHS’s Homeland Threat Assessment (HTA) report revealed that threat actors have targeted the US Census network during the last year."
TLP1 : Green
-
Top Belgium Telecoms Firm Drops Huawei
"Belgium's dominant telecom operator Proximus said Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei with products from Finnish supplier Nokia and Sweden's Ericsson."
TLP1 : Green
-
Underestimating the FONIX – Ransomware as a Service could be an error
"FONIX is a new Ransomware as a Service available in the threat landscape that was analyzed by SentinelLabs researchers."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Children and parent info exposed in Georgia DHS data breach
"The personal and health data of children and adults involved in Child Protective Services cases was exposed."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
CVE-2020-14184 Detail
"Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files."
TLP1 : Green
-
openSUSE: 2020:1658-1: moderate: permissions
"This update for permissions fixes the following issues:
- whitelist WMP (bsc#1161335, bsc#1176625)"
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Why MSPs Are Hacker Targets, and What To Do About It
"Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance."
TLP1 : Green
-
Detecting Microsoft 365 and Azure Active Directory Backdoors
"Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD)."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
The Anatomy of a Bug Door
"Dissecting Two D-Link Router Authentication Bypasses"
TLP1 : Green
-
Facebook announces bug bounty 'loyalty' programme for hackers
"In its bid to incentivise cyber security researchers with additional rewards and benefits, Facebook has launched an industry-first loyalty programme called Hacker Plus."
TLP1 : Green
-
How to Block and Remove Fake ‘Apple’ Virus Alerts
"Pity the poor IT admin with a fleet of people working from home who are using their own devices. And that goes double for the IT admin who is familiar with the workplace Windows machines but must now handle problems from users working on Macs from their home. Making the problem even worse: Many Mac users wrongly believe their systems are immune from malware."
TLP1 : Green
-
Defense Evasion with obfuscated Empire
"In this article, we will learn the technique of Defence Evasion using the PowerShell Empire. PowerShell Empire is one of my favourite Post Exploitation tools and it is an applaudable one at that."
TLP1 : Green
-
Fast Incident Response and Data Collection
"In this article, we will gather information utilizing the quick incident response tools which are recorded beneath. All these tools are a few of the greatest tools available freely online. Through these, you can enhance your Cyber Forensics skills."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.