InfoSec News 20210201
Top News
-
Exploiting a bug in Azure Functions to escape Docker
"Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them."
TLP1 : Green
-
Hackers could live-stream your home through your LifeShield security camera
"Once vulnerabilities had been exploited, unauthorised users could easily watch a live feed from compromised devices"
TLP1 : Green
-
British Mensa falls victim to cyber attack
"Board not looking too clever as two directors resign over lax security"
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Experts explain how to bypass recent improvement of China’s Great Firewall
"Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented"
TLP1 : Green
-
UK Research and Innovation (UKRI) discloses ransomware attack
"A ransomware infected the systems at the UK Research and Innovation (UKRI), at leat two services were impacted."
TLP1 : Green
-
Victims of FonixCrypter ransomware could decrypt their files for freeo
"FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
UScellular data breach: attackers ported customer phone numbers
"US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported."
TLP1 : Green
-
SpamCop anti-spam service suffers an outage after its domain expired
"Cisco's SpamCop anti-spam service suffered an outage Sunday after a its domain mistakenly was allowed to expire."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Machine learning offers fresh approach to tackling SQL injection vulnerabilities
"A new machine learning technique could make it easier for penetration testers to find SQL injection exploits in web applications."
TLP1 : Green
-
Vulnerabilities in open source streaming platforms YouPHPTube and AVideo could lead to RCE
"Multiple vulnerabilities in open source video platforms YouPHPTube and AVideo could be leveraged to achieve remote code execution (RCE) on a user’s device"
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
What is DNS Filtering and How to Use It for Safe Browsing
"In the simplest terms, Domain Name System (DNS) filtering is a method by which users of home, school, and work computers and smart devices can be prevented from accessing specific websites in an effort to keep them safer online"
TLP1 : Green
-
40% of boards will have dedicated cybersecurity committees by 2025 — Gartner
"There will be a surge in dedicated cybersecurity committees in organisations across the world in the next few years, according to new data released today from Gartner."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
MOSE - Post Exploitation Tool For Configuration Management Servers
"MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies to leverage them to compromise environments."
TLP1 : Green
-
OpenCVE - CVE Alerting Platform
"OpenCVE, formerly known as Saucs, is a platform used to locally import the list of CVEs and perform searches on it (by vendors, products, CVSS, CWE...)."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.