InfoSec News 20201029
Top News
-
Iran-linked Phosphorous APT hacked emails of security conference attendees
"Iran-linked APT group Phosphorus successfully hacked into the email accounts of multiple high-profile individuals and security conference attendees."
TLP1 : Green
-
Enso Security raises $6M for its application security posture management platform
"Enso Security, a Tel Aviv-based startup that is building a new application security posture management platform, today announced that it has raised a $6 million seed funding round led by YL Ventures, with participation from Jump Capital."
TLP1 : Green
-
Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns
"Malicious redirection websites are using typosquatting and impersonation to attack unwary visitors."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Fake COVID-19 survey hides ransomware in Canadian university attack
"In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of British Columbia (UBC) with a fake COVID-19 survey."
TLP1 : Green
-
U.S. Shares Information on North Korean Threat Actor 'Kimsuky'
"An alert released by the United States this week provides information on Kimsuky, a threat actor focused on gathering intelligence on behalf of the North Korean government."
TLP1 : Green
-
Microsoft Defender ATP Users Get False Positive Alerts for Mimikatz, Cobalt Strike
"Microsoft rushed to take action on Wednesday after Defender Advanced Threat Protection (ATP) users reported getting Cobalt Strike and Mimikatz alerts that turned out to be false positives."
TLP1 : Green
-
Trula Hacker Group Uses Custom Malware & Legacy Tools to Attack Government Organizations
"Trula, a sophisticated hacking group also known as Krypton, VenomousBear, Waterbug, Uroburos, or Snakegroup targets government entities, military, energy, and nuclear research organizations.
The group knows for conducting various spear-phishing techniques and watering-hole attacks to infect targeted victims. The group knows to be active since at least 2014."
TLP1 : Green
-
The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products
"The agency developed new rules for such practices after the Snowden leaks in order to reduce the chances of exposure and compromise, three former intelligence officials told Reuters. But aides to Senator Ron Wyden, a leading Democrat on the Senate Intelligence Committee, say the NSA has stonewalled on providing even the gist of the new guidelines."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo
"In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware."
TLP1 : Green
-
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals
"On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Multiple vulnerabilities in Samba
"The vulnerability allows a remote user to perform a denial of service (DoS) attack."
TLP1 : Green
-
Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems
"While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable."
TLP1 : Green
-
Hackers Can Open Doors by Exploiting Vulnerabilities in Hörmann Device
"(...)Customers who want to control garage doors, entrance gates and other smart systems from a smartphone are provided the BiSecur gateway device, a wireless access control system that includes a Hörmann key fob and comes with Wi-Fi and Ethernet interfaces.Hörmann gateway vulnerabilities
Researchers at Austria-based cybersecurity company SEC Consult have discovered a total of 15 vulnerabilities in the gateway device, including issues related to encryption, poorly protected communications, and the associated mobile application."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Vulnerability scanning vs. Penetration testing: comparing the two security offerings
"It’s no secret: the number of security vulnerabilities organizations must contend with is overwhelming. According to a 2019 Risk Based Security report, there were 22,316 newly-discovered vulnerabilities last year."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Memory Forensics: Using Volatility Framework
"Cyber Criminals and attackers have become so creative in their crime type that they have started finding methods to hide data in the volatile memory of the systems. Today, in this article we are going to have a greater understanding of live memory acquisition and its forensic analysis. Live Memory acquisition is a method that is used to collect data when the system is found in an active state at a scene of the crime."
TLP1 : Green
-
iSH - Linux Shell For iOS
"A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation."
TLP1 : Green
-
Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters
"A curated list of Android Security materials and resources For Pentesters and Bug Hunters."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.