Top News

• Android Devices Hunted by LodaRAT Windows Malware

"The LodaRAT – known for targeting Windows devices – has been discovered also targeting Android devices in a new espionage campaign."

Link

TLP¹ : Green

• Patch Tuesday: Microsoft Warns of Under-Attack Windows Kernel Flaw

"Microsoft's scheduled monthly batch of security patches landed with a loud thud Tuesday with fixes for at least 56 security vulnerabilities in a range of operating system and software products."

Link

TLP¹ : Green

• U.S. Agencies Publish Ransomware Factsheet

"The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Old Iranian Spying Operation Resumes After Long Break

"Following a two-year downtime, an Iran-linked cyberespionage operation has recommenced with new second-stage malware and with an updated variant of the Infy malware, according to joint research conducted by cybersecurity firms SafeBreach and Check Point."

Link

TLP¹ : Green

• UN Experts: North Korea Using Cyber Attacks to Update Nukes

"North Korea has modernized its nuclear weapons and ballistic missiles by flaunting United Nations sanctions, using cyberattacks to help finance its programs and continuing to seek material and technology overseas for its arsenal, U.N. experts said."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Antivirus Firm Emsisoft Discloses Data Breach

"Antivirus solutions provider Emsisoft revealed last week that a third-party had accessed a publicly exposed database containing technical logs."

Link

TLP¹ : Green

• Ransomware targets Ness Digital Engineering, sparking concern in Israel

"Ness Digital Engineering and the Israeli company Ness Technologies are not connected, and there is no cyberattack on Ness Technologies."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Adobe Patches Reader Vulnerability Exploited in the Wild

"Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild."

Link

TLP¹ : Green

• Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs

"An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Mine your own business: Extract valuable database information with AI

"Mining useful information from a database can be difficult, especially when your database is large and structured in a complex fashion. Yet information is like lifeblood for businesses, and those who can extract it can use it to gain market share and dominate competitors."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack

"In December 2020, DBAPPSecurity Threat Intelligence Center found a new component of BITTER APT. Further analysis into this component led us to uncover a zero-day vulnerability in win32kfull.sys"

Link

TLP¹ : Green

• Cypher

"Crypto Cipher Encode Decode Hash Tool"

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp