InfoSec News 20201022
Top News
-
Iran, Russia interfering in 2020 election: US intelligence agencies
"US Director of National Intelligence John Ratcliffe said on Wednesday (Oct 21) that Russia and Iran have both tried to interfere with the 2020 presidential election."
TLP1 : Green
-
Sweden bans use of Huawei, ZTE equipment in new 5G networks
"The Swedish government on Tuesday announced that telecommunications equipment from Chinese companies Huawei and ZTE would not be allowed to be used in the building of new fifth generation, or 5G, networks due to national security concerns."
TLP1 : Green
-
Muddy Water hackers target Middle East governments, telecoms
"A cyber espionage group known as Muddy Water (Seedworm) thought to be working on behalf of the Iranian government is continuing to target entities in the Middle East."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Indian organizations report over 25% rise in cyber threats while working from home: Cisco
"73% of Indian organizations have experienced a 25% or more jump in either cyber threats or alerts since the start of COVID-19, says a Cisco report"
TLP1 : Green
-
Members of Congress Join the Fight for Protest Surveillance Transparency
"Three members of Congress have joined the fight for the right to protest by sending a letter to the Privacy and Civil Liberties Oversight Board (PCLOB) to investigate federal surveillance against protesters."
TLP1 : Green
-
EFF to Supreme Court: American Companies Complicit in Human Rights Abuses Abroad Should Be Held Accountable
"For years EFF has been calling for U.S. companies that act as “repression’s little helpers” to be held accountable, and now we’re telling the U.S. Supreme Court."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
US retailer Made in Oregon confirms website data breach
"A data breach at an Oregon-based retailer has potentially resulted in the sensitive information of customers, including their payment card details, being compromised."
TLP1 : Green
-
Twitter-Owned SDK Leaking Location Data of Millions of Users
"Researchers found several apps using an outdated version of an SDK made by Twitter-owned MoPub."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Oracle's October 2020 CPU Contains 402 New Security Patches
"Oracle on Tuesday released its Critical Patch Update (CPU) for October 2020, which includes 402 new security patches released across the company’s product portfolio."
TLP1 : Green
-
Google Releases Security Updates for Chrome
"Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system"
TLP1 : Green
-
VMware Patches Critical Code Execution Vulnerability in ESXi
"VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
FIRST Announces Cyber-Response Ethical Guidelines
"The 12 points seek to provide security professionals with advice on ethical behavior during incident response."
TLP1 : Green
-
IoT Security Foundation Launches Vulnerability Reporting Platform
"The Internet of Things Security Foundation (IoTSF), an effort aimed at improving the security of IoT, has launched an online platform designed to make the reporting of vulnerabilities in IoT devices easier."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Cloud firewall explained: what is firewall as a service?
"As organizations continue moving away from hosting services and applications with onsite servers, the use of virtual machines and cloud-based security solutions like Firewall-as-a-service (FWaaS) is trending upward."
TLP1 : Green
-
MalwareSourceCode
"Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages."
TLP1 : Green
-
Forensic Investigation: Pagefile.sys
"In this article, we will learn how to perform a forensic investigation on a Page File. There is a lot of information that can be extracted from valuable artifacts through a memory dump. Yet, there is more: you can perform memory forensics even without a memory dump that is by virtual memory analysis."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.