Infosec News 20210305
Top News
-
VMware Patches Remote Code Execution Vulnerability in View Planner
"VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution."
TLP1 : Green
-
Facebook removes Thai military-linked information influencing accounts
"Facebook Inc has taken down 185 accounts and groups engaged in an information-influencing operation in Thailand run by the military, the company said on Wednesday, the first time it has removed Thai accounts with ties to the government."
TLP1 : Green
-
Supermicro, Pulse Secure release fixes for 'TrickBoot' attacks
"Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Home-Office Photos: A Ripe Cyberattack Vector
"Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk."
TLP1 : Green
-
Wall Street targeted by new Capital Call investment email scammers
"Business Email Compromise (BEC) scammers, who have made rich returns in recent years tricking organisations into transferring funds into their accounts, have found a new tactic which attempts to swindle Wall Street firms out of significantly larger amounts of money."
TLP1 : Green
-
Cybercriminals innovate to find vulnerabilities that can be monetized
"The global pandemic had a dramatic influence on the cybersecurity landscape in 2020. Cymulate, released its report on the 2020 security landscape and its impact on security teams."
TLP1 : Green
-
German Officials Want Emails, IMs Tied to Real-World ID
"Like in many other countries, mobile phone firms in Germany are required to verify a customer’s identity before selling them a SIM card. Under a proposal leaked late Tuesday, Germany’s Interior Ministry wants the same rule to apply to “number independent” telecommunications services such as WhatsApp, Signal or Facebook messenger."
TLP1 : Green
-
Cybercriminals Finding Ways to Bypass '3D Secure' Fraud Prevention System
"Designed as an additional protection layer for these transactions, 3DS has seen several releases, with the most recent of them, namely version 2.0, also designed to accommodate smartphones, allowing for authentication using a fingerprint or facial recognition."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
5 million Adecco.com users’ data leaked
"We recently discovered that a user on a popular hacking forum was purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second largest human resources and temp staffing provider in the world. Adecco is also a Fortune 500 Global company."
TLP1 : Green
-
Maza Russian cybercriminal forum suffers data breach
"The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information."
TLP1 : Green
-
Follow-up: Someone Is Hacking Cybercrime Forums and Leaking User Data
"At least four such forums have been breached to date, namely Verified in January, Crdclub in February, and Exploit and Maza in March. All are predominantly Russian-language forums and saw their breaches publicly disclosed elsewhere."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
BEC scammer infects own device, giving researchers a front-row seat to operations
"In some media portrayals, criminal and state-backed hackers are invariably depicted as cunning and sophisticated, gliding inexorably toward their latest data heist."
TLP1 : Green
-
Windows DNS SIGRed bug gets first public RCE PoC exploit
"A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability."
TLP1 : Green
-
Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability
"The flaw, tracked as CVE-2021-1285 and rated high severity, can be exploited by an unauthenticated, adjacent attacker — the attacker is on the same layer 2 domain as the victim — to cause a device to enter a DoS condition by sending it specially crafted Ethernet frames."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
"FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
CertEagle - Asset monitoring utility using real time CT log feeds
"In Bugbounties “If you are not first , then you are last” there is no such thing as silver or a bronze medal , Recon plays a very crucial part and if you can detect/Identify a newly added asset earlier than others then the chances of you Finding/Reporting a security flaw on that asset and getting rewarded for the same are higher than others."
TLP1 : Green
-
PyBeacon - A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python
"It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings"
TLP1 : Green
-
APT-Hunter – Threat Hunting Tool via Windows Event Log
"APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.