Top News

• US Blacklists Chinese Companies Including Chip Giant SMIC

"The United States on Friday announced it has imposed export controls on 77 Chinese companies including the country's biggest chipmaker, SMIC, restricting its access to US technology over its alleged ties to China's military."

Link

TLP¹ : Green

• Pentagon Plan on Cyber Split Draws Strong Hill Criticism

"The Pentagon is proposing to end an arrangement in which a single military officer leads two of the nation’s main cybersecurity organizations, a move that a leading Democrat said Saturday makes him “profoundly concerned” amid a large-scale hacking campaign on U.S. government computer systems."

Link

TLP¹ : Green

• Facebook bug exposed email addresses of Instagram users

"According to the researcher, the private information of Instagram users was just a DM away."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• NATO Checking Systems After US Cyberattack

"NATO said Saturday it was checking its computer systems after a massive cyberattack on US government agencies and others that Washington blamed on Moscow."

Link

TLP¹ : Green

• Industrial Control Systems Ripe Targets for Ransomware Attacks

"Security researchers at IBM Corp. and Dragos Inc. are warning that the industrial control systems that power manufacturing plants and utilities are prime targets for ransomware attackers."

Link

TLP¹ : Green

• Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks

"Researchers at Sophos noticed recently that the operators of multiple ransomware families have been using a backdoor named SystemBC, which provides attackers a connection to compromised devices and which uses the Tor anonymity network to hide command and control (C&C) communications."

Link

TLP¹ : Green

• FBI Warns of DoppelPaymer Attacks on Critical Infrastructure

"The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Dozens of journalists’ iPhones hacked with NSO ‘zero-click’ spyware, says Citizen Lab

"Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation states."

Link

TLP¹ : Green

• UK Energy Startup 'People's Energy' Discloses Data Breach

"UK energy supplier People’s Energy this week started informing customers of a data breach that affected some of their personal information."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

"Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits."

Link

TLP¹ : Green

• Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload

"ContactForm7 version 5.3.1 and below doesn't properly sanitize uploaded filenames to prevent Arbitrary File Upload that can lead to full server takeover in the worst-case scenario."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Mad About Malware: Hot Spots and Trends in 2020

"The business of cybercrime seems to be unhindered by the coronavirus this year. They continue to work hard through the pandemic, using it and other drivers to ply their trade. This year has been a banner year for them in many ways maximizing global events, with malware remaining a tried-and-true weapon of choice. The trends in malware that we’ve seen this year reflect both adversary intent and capability."

Link

TLP¹ : Green

• 2021 Cybersecurity Predictions: The Intergalactic Battle Begins

"There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth."

Link

TLP¹ : Green

• 5 Key Takeaways From the SolarWinds Breach

"New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Slipstreaming : NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services

"NAT Slipstreaming exploits the user’s browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, TCP packet size massaging, TURN authentication misuse, precise packet boundary control, and protocol confusion through browser abuse. As it’s the NAT or firewall that opens the destination port, this bypasses any browser-based port restrictions."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp