Top News

• CYE Raises $100 Million to Help Minimize Attack Surfaces

"CYE, a Tel Aviv, Israel-based company on a mission to help companies identify “real-life” cyber risks by leveraging humans and machines, announced today that it has raised $100 million in growth funding through a financing round led by private equity firm EQT."

Link

TLP¹ : Green

• Software Dependencies Exposed Microsoft, Apple to High-Impact Attacks

"Security researcher Alex Birsan discovered a way to breach tens of organizations through software dependencies, and he earned tens of thousands of dollars in bug bounties from Microsoft, Apple and some of the other affected companies."

Link

TLP¹ : Green

• Tougher EU Privacy Rules Loom for Messenger, Zoom

"Messaging apps such as Messenger or WhatsApp and video calls on Zoom face stricter privacy rules in Europe, after a draft law passed a key EU hurdle on Wednesday."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Web hosting provider shuts down after cyberattack

"Two other UK web hosting providers also suffered similar hacks over the weekend, although it's unconfirmed if the attacks are related."

Link

TLP¹ : Green

• North Korean attacks on crypto exchanges reportedly netted $316m in two years

"North Korean attacks on crypto exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan’s Nikkei."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• COMB: Over 3.2 Billion Unique Email and Password Combinations Leaked on Underground Forum

"The largest combo of stolen credentials to date, containing more than 3.2 billion user login combinations, was posted on a cybercrime forum last week."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Critical Vulnerability Patched in SAP Commerce Product

"SAP has released seven new security notes on February 2021 Security Patch Day, including a Hot News note that addresses a critical flaw in SAP Commerce. It also updated six previously released notes."

Link

TLP¹ : Green

• Intel Patches Tens of Vulnerabilities in Software, Hardware Products

"Intel on Tuesday announced the release of updates that patch tens of vulnerabilities across many of the company’s software and hardware products."

Link

TLP¹ : Green

• Magento security: Multiple critical flaws give e-commerce sites ample reason to update

"E-commerce sites that rely on the widely used Magento platform ought to update their installations following the release of a batch of security updates, some of which are critical."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack

"The City of Oldsmar should be commended on their transparent briefing and level of detail. The case is evolving and details are ongoing but this blog is intended to share what’s known currently with some defensive recommendations. "

Link

TLP¹ : Green

• Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready?

"The disastrous Russian hack of federal government networks last year relied on a powerful new trick: Digital spies penetrated so deeply that they were able to impersonate any user they wanted. It was the computer network equivalent of sneaking into the State Department and printing perfectly forged U.S. passports."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Detecting Manual Syscalls from User Mode

"By now direct system calls are ubiquitous in offensive tooling. Manual system calls remain effective for evading userland based EDRs. From within userland, there has been little answer to this powerful technique. Such syscalls can be effectively mitigated from kernel mode, but for many reasons, most EDRs will continue to operate exclusively from usermode. This post will present a novel method for detecting manual syscalls from usermode. "

Link

TLP¹ : Green

• Domestic Kitten – An Inside Look at the Iranian Surveillance Operations

"Despite the reveal of “Domestic Kitten” by Check Point in 2018, APT-C-50 has not stopped conducting extensive surveillance operations against Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidents, opposition forces, ISIS advocates, the Kurdish minority in Iran, and more.
In this paper, Check Point Research reveals the extent of the operations, the multiple campaigns executed by APT-C-50, their delivery methods, and an analysis of the targeted individuals. In addition, we provide a technical analysis of the FurBall malware used since the beginning of the operation, its origin, and observed covers used to conceal the malware’s true nature."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp