Top News

• Microsoft October 2020 Patch Tuesday fixes 87 flaws, including 21 RCEs

"Microsoft October 2020 Patch Tuesday security updates address 87 vulnerabilities, including 21 remote code execution (RCE) issues."

Link

TLP¹ : Green

• G7 Raises Concerns About Rising Cyberattacks Amid Pandemic

"Finance ministers from the G7 industrialized countries expressed "concern" on Tuesday over the rise in "malicious cyber-attacks" in the midst of the Covid-19 pandemic, including some involving cryptocurrencies."

Link

TLP¹ : Green

• Online Voting Is Coming, but How Secure Will It Be?

"It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all."

Link

TLP¹ : Green

• Online Infrastructure Security Firm Cyberpion Emerges From Stealth

"Online infrastructure security solutions provider Cyberpion on Tuesday emerged from stealth mode after raising $8.25 million in seed funding."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent

"Microsoft successfully argued in court against the use of Windows SDKs inside malware code, a precedent it would be able to use again and again in future botnet crackdowns."

Link

TLP¹ : Green

• Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

"With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments."

Link

TLP¹ : Green

• Norway blames Russia for cyber attack on Parliament

"Norway ‘s government blames Russia for the cyber attack that targeted the email system of the country’s parliament in August."

Link

TLP¹ : Green

• Governments Use Pandemic to Crack Down on Online Dissent: Watchdog

"Governments around the world are using the pandemic as a justification to expand surveillance and crack down on dissent online, resulting in a 10th consecutive annual decline in internet freedom, a human rights watchdog report said Wednesday."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Leading Law firm Seyfarth Shaw discloses ransomware attack

"Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack."

Link

TLP¹ : Green

• Miami-based tech company suffers massive 1TB customer and business data leak

"The Miami-based “value-added solutions and technology products” company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more. "

Link

TLP¹ : Green

• 'Serious cyberattack' hits London council

"Hackney Council in north London says it has been the target of a serious cyberattack, which is affecting many of its services and IT systems."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances

"Virtual appliances, even if they are provided by major software or cybersecurity vendors, can pose a serious risk to organizations, according to a report published on Tuesday by cloud visibility firm Orca Security."

Link

TLP¹ : Green

• Acronis Patches Privilege Escalation Flaws in Backup, Security Solutions

"Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges."

Link

TLP¹ : Green

• Adobe Patches Critical Code Execution Vulnerability in Flash Player

"Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. This is the only flaw fixed by the software giant this Patch Tuesday."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections

"Today's email attackers are using advanced techniques to supercharge their campaigns. With sophisticated social engineering tactics, automated domain generation, and advanced strains of polymorphic malware, cybercriminals are able to evade traditional detection mechanisms."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

•  DamnVulnerableCryptoApp - An App With Really Insecure Crypto

"If you try to learn a little bit more about crypto, either because you want to know how the attacks work or just because you want to do safe code, you end up diving really fast into the math behind the algorithms, and for a lot of people this is a NO."

Link

TLP¹ : Green

•  Microsoft 365 Sensitivity Labels: Everthing you Need to Know

"Sensitivity labels have been gaining increased traction lately within Microsoft 365. For those who might not be familiar with sensitivity labels, they are a mechanism that determines how certain content is to be treated. For example, a sensitivity label might be used to encrypt a document or to apply a watermark."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp