Top News

• Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration

"A recently investigated malicious attack was abusing a locally loaded Chrome extension to exfiltrate data and establish communication with the command and control (C&C) server."

Link

TLP¹ : Green

• Victims of Ziggy ransomware can recover their files for free

"The Ziggy ransomware gang has shut down its operations and released the decryption keys fearing the ongoing investigation of law enforcement."

Link

TLP¹ : Green

• New phishing attack uses Morse code to hide malicious URLs

"A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• How the United States Lost to Hackers

"America’s biggest vulnerability in cyberwarfare is hubris."

Link

TLP¹ : Green

• Packaging giant WestRock is still working to resume after recent Ransomware Attack

"Packaging giant WestRock revealed this week that the recent ransomware attack impacted the company’s IT and operational technology (OT) systems."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Hackers post detailed patient medical records from two hospitals to the dark web

"The files, which number in at least the tens of thousands, includes patients’ personal identifying information."

Link

TLP¹ : Green

• Webdev tutorials site SitePoint discloses data breach

"SitePoint admits data breach after one million user creds were sold on a hacking forum last December."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)

"In December 2020, Unit 42 researchers observed attempts to exploit CVE-2020-25213, which is a file upload vulnerability in the WordPress File Manager plugin. Successful exploitation of this vulnerability allows an attacker to upload an arbitrary file with arbitrary names and extensions, leading to Remote Code Execution (RCE) on the targeted web server."

Link

TLP¹ : Green

• Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1

"In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Cybersecurity 2021: Asking the Right Question

"'The Hitchhiker’s Guide to the Galaxy', by Douglas Adams, could actually be a guide to cybersecurity if read in a different context."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• After Lightning Comes Thunder

"Cyber warfare has long become a common practice in the arsenal of governments, armies, and intelligence agencies around the world. What once used to be a black art, reserved to the elite of the elite and conducted by few, has now become a land of opportunities for almost any government around the world. Iran is no exception to this trend, with new discoveries made every year repeatedly attributed to the Islamic republic."

Link

TLP¹ : Green

• Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers

"Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp