Infosec News 20201222
Top News
-
Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report
"The Wall Street Journal identified 24 businesses so far that have downloaded the SolarWinds software infected with malicious code."
TLP1 : Green
-
Response to assassination of nuclear scientist? Iranian hackers strike Israeli air industries
"On Sunday, Iranian hackers announced that they had breached the computers of the Elta company, affiliated with the Israeli military’s air industries."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
The U.S. Government Is Targeting Cryptocurrency to Expand the Reach of Its Financial Surveillance
"One of the most important aspects of cryptocurrencies from a civil liberties perspective is that they can provide privacy protections for their users."
TLP1 : Green
-
Subway UK Marketing System Hacked to Send TrickBot-Laden Phishing Emails
"Recently, Subway UK confirmed that its marketing system was hacked and it was used to send out the notorious Trickbot malware-laden phishing emails to its customers. The story roots back to when BleepingComputer had observed a massive phishing campaign, pretending to be order confirmations from Subcard of Subway UK, that targeted people from the U.K."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
'Dozens of email accounts' were hacked at U.S. Treasury -Senator Wyden
"Dozens of email accounts at the U.S. Treasury Department were compromised by the powerful hackers responsible for a wide-ranging espionage campaign against U.S. government agencies, the office of U.S. Senator Ron Wyden said on Monday."
TLP1 : Green
-
Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users
"The phone numbers, email and postal addresses of over 270,000 owners of the Ledger cryptocurrency hardware wallet have been made freely available for download from a hacking forum."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
NSA Warns of Cloud Attacks on Authentication Mechanisms
"The US National Security Agency (NSA) published a security advisory, warning about two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure."
TLP1 : Green
-
Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)
"On Dec. 4, 2020, the Kubernetes Product Security Committee disclosed a new Kubernetes vulnerability assigned CVE-2020-8554. It is a medium severity issue affecting all Kubernetes versions and is currently unpatched. CVE-2020-8554 is a design flaw that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the vulnerability to carry out man-in-the-middle (MITM) attacks against pods and nodes in the cluster."
TLP1 : Green
-
Talos Vulnerability Discovery Year in Review — 2020
"While major attacks like ransomware and COVID-19-themed campaigns made headlines across the globe this year, many attacks were prevented through simple practices of finding, disclosing and patching vulnerabilities. Cisco Talos' Systems Vulnerability Research Team discovered 231 vulnerabilities this year across a wide range of products."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Incident Response to APTs: Stop Data Loss, Maintain Connectivity, Find the Adversary
"When an organization suffers a compromise by an advanced adversary, incident responders leap into action to detect, contain and eradicate the adversary’s presence in their systems."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
An iOS hacker tries Android
"One of the amazing aspects of working at Project Zero is having the flexibility to direct my own research agenda. My prior work has almost exclusively focused on iOS exploitation, but back in August, I thought it could be interesting to try writing a kernel exploit for Android to see how it compares."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.