Top News

• U.S. Gov Warning on Water Supply Hack: Get Rid of Windows 7

"On the heels of last week’s lye-poisoning attack against a small water plant in Florida, the U.S. government’s cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency."

Link

TLP¹ : Green

• Data Privacy Management Firm WireWheel Raises $20 Million

"Arlington, Va.-based data privacy management company WireWheel on Wednesday announced that it raised $20 million in a Series B funding round."

Link

TLP¹ : Green

• Autonomous Vehicle Security Firm AUTOCRYPT Raises $15 Million

"Autonomous vehicle security solutions provider AUTOCRYPT this week announced that it raised another $13 million in its Series A funding round, which brings the total secured in this round to roughly $15 million."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Computer Malware Fraudster Gets 2 Years in Prison

"Manish Kumar, 32, directed telephone calls to call centers in India as part of a scheme to mislead individuals into believing that their computers were infected by malware. The callers were then persuaded to buy technical support services that were never provided, according to a statement Friday from the U.S. attorney’s office in Rhode Island."

Link

TLP¹ : Green

• 'Money Mule' Operator Gets Seven-Year Prison Sentence

"This week the United States sentenced a Ukrainian man to prison for his involvement in a scheme to steal money from the bank accounts of U.S. victims and launder the funds to bank accounts overseas."

Link

TLP¹ : Green

• Chinese Supply-Chain Attack on Computer Systems

"Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret."

Link

TLP¹ : Green

• Vast Majority of Phishing and Malware Campaigns Are Small-Scale and Short-Lived

"Researchers from Google and Stanford University have analyzed the patterns of more than 1.2 billion email-based phishing and malware attacks targeting Gmail users, and found that most attack campaigns are short-lived and sent to fewer than 1,000 targets."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Vulnerability in Chess.com allowed access to 50 Million user records

"An IT security researcher identified a critical set of vulnerabilities in chess.com’s API, an immensely popular online chess playing site and app. The vulnerability could have been exploited to access any account on the site. It could also be used to gain full access to the site through its admin panel."

Link

TLP¹ : Green

• Web cam app Adorcom leaks 124M rows of customers' data

"A security researcher has discovered an exposed database of webcam app Adorcam users containing nearly 124 million rows of data for the several thousand users."

Link

TLP¹ : Green

• Rampant password reuse puts companies and customers at risk

"25.9 million business account credentials and over 543 million breach assets tied to employees in the Fortune 1000 are readily available on the criminal underground, SpyCloud reveals."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Vulnerabilities in TCP/IP Stacks Allow for TCP Connection Hijacking, Spoofing

"Improperly generated ISNs (Initial Sequence Numbers) in nine TCP/IP stacks could be abused to hijack connections to vulnerable devices, according to new research from Forescout."

Link

TLP¹ : Green

• PayPal Mitigates XSS Vulnerability

"PayPal has patched a cross-site scripting - or XSS - vulnerability in its currency conversion endpoint that, if exploited, could enable malicious JavaScript injection."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Privacy-as-a-service: Why it’s the future of privacy management

"Privacy-as-a-service is also referred to as data-privacy-as-a-service (DPaaS) to avoid confusion with the more established acronym for platform-as-a-service. Privacy-as-a-service is not without critics. Some privacy and civil rights advocates worry that premium DPaaS could soon become another playground that highlights the stark contrast between the haves and have-nots. Privacy is a human right as acknowledged by the United Nations even though the right to privacy is of varying strength in a different jurisdiction."

Link

TLP¹ : Green

• Report Highlights Cyber Risks to US Election Systems

"Election systems in the U.S. are vulnerable to cyber intrusions similar to the one that hit federal agencies and numerous businesses last year and remain a potential target for foreign hacking, according to a report released Wednesday."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Project iKy v2.7.0

"Project iKy is a tool that collects information from an email and shows results in a nice visual interface."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp