Infosec News 20210412
Top News
-
Covid-19 abriu porta a uma “pandemia cibernauta”
"Bruno Castro, especialista em cibersegurança, diz ao JE que solução passa pela formação dos trabalhadores e implementação de planos de avaliação contínuos nas organizações. Especialista garante que só se ignoram os riscos da cibersegurança “por opção”."
TLP1 : Green
-
Iran says key Natanz nuclear facility hit by 'sabotage'
"A nuclear facility in Iran was hit by "sabotage" a day after it unveiled new uranium enrichment equipment, the country's top nuclear official says."
TLP1 : Green
-
Personal data of 1.3 million Clubhouse users leaked online
"An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
India seeks US help as China-backed hacks threaten military
"India’s top military official says the country plans to seek help from the US and other countries to shore up its defence infrastructure that is vulnerable to China-backed cyber-attacks."
TLP1 : Green
-
Darktrace revenue hits $200m as it confirms London float
"Darktrace today said its revenue surged to almost $200m (£146m) thanks to the pandemic as it confirmed plans to float on the London Stock Exchange."
TLP1 : Green
-
Brazilian government launches toolkit to support data protection compliance
"The Brazilian government has launched a system to mitigate security risks stemming from non compliance with the General Data Protection Regulations within federal government bodies."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Facebook está “furado”? Mais dados de utilizadores vazados na Internet
"Apesar de ser a rede social com mais “poder” no mundo, o Facebook tem vários problemas de segurança para resolver. Como informamos recentemente, um leak com mais de 533 milhões de dados de utilizadores apareceu na Internet, sendo que mais de 2 milhões de registos pertencem a utilizadores portugueses."
TLP1 : Green
-
Upstox Data Breach Exposed Contact Data, KYC Details of Customers; Funds, Securities Remain Safe
"Trading app Upstox has alerted customers of a security breach that exposed contact data and KYC details of customers. The retail broking firm assured users that their funds and securities remain safe despite the breach."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Android malware found on Huawei’s official app store
"A security firm said this week it found malware on Huawei’s official Android app store, the AppGallery."
TLP1 : Green
-
Multiple vulnerabilities in ASUS GPU Tweak II
"The vulnerability allows a local user to perform a denial of service (DoS) attack. The vulnerability exists due to a boundary error in AsIO2_64.sys and AsIO2_32.sys. A local user can send a specially crafted request, trigger stack-based buffer overflow and cause a denial of condition on the target system."
TLP1 : Green
-
Android apps on APKPure store caught spreading malware
"APKPure, a popular third-party and unofficial alternative hub to download Android and iOS applications, was recently infiltrated with malware that is used to download Trojans to other Android devices."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Cisco invests in Securiti to help customers address multicloud and edge security
"Securiti announced participation from Cisco Investments in its latest round of funding. The company plans to work with Cisco and help their customers solve the challenge of multicloud and edge security, privacy and compliance."
TLP1 : Green
-
Mozilla flooded with requests after Apple privacy changes hit Facebook
"Mozilla volunteers have recently been flooded with online merchants and marketers' requests for their domains to be added to what's called a Public Suffix List (PSL)."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Attackers deliver legal threats, IcedID malware via contact forms
"Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware."
TLP1 : Green
-
Zerodium triples WordPress remote code execution exploit payout
"Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.