Infosec News 20210531
Top News
-
SolarWinds Hackers Impersonate U.S. Government Agency in New Attacks
"The Russia-linked threat group believed to be behind the SolarWinds attack has been observed launching a new campaign this week. The attacks have targeted the United States and other countries, and involve a legitimate mass mailing service and impersonation of a government agency."
TLP1 : Green
-
Security Analytics Firm Uptycs Raises $50 Million
"Cloud-native security analytics provider Uptycs has closed a $50 million Series C funding round, bringing the total raised by the company to date up to $93 million."
TLP1 : Green
-
LinkedIn Phishing Scam: Hackers target users with fake job offers
"LinkedIn is a popular social networking platform that is focused on professional networking and the business community. On this platform, users are focused almost entirely on making connections and finding jobs. LinkedIn is emerging as one of the most popular social networking sites used by attackers for phishing attacks."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
US Says Agencies Largely Fended Off Latest Russian Hack
"The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month’s planned presidential summit."
TLP1 : Green
-
Chinese Hackers Started Covering Tracks Days Before Public Exposure of Operations
"One of the Chinese threat actors targeting Pulse Secure VPN appliances via a recently disclosed vulnerability has been attempting to cover its tracks by removing its webshells from victim networks, FireEye reports."
TLP1 : Green
-
Nuclear Flash Cards: US Secrets Exposed on Learning Apps
"US troops charged with guarding nuclear weapons in Europe used popular education websites to create flash cards, exposing their exact locations and top-secret security protocols, according to the investigative site Bellingcat Friday."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency
"A newly disclosed effort by Russian intelligence to hijack the email system of a United States government agency prompted leading Democrats on Friday to urge stronger action against Moscow for accelerating cyberattacks ahead of President Biden’s summit next month with President Vladimir V. Putin."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
FBI Shares IOCs for APT Attacks Exploiting Fortinet Vulnerabilities
"The FBI on Thursday published indicators of compromise (IOCs) associated with the continuous exploitation of Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks."
TLP1 : Green
-
Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs
"Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers (PLCs) made by Siemens."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Se instalou o AnyDesk pode estar em perigo e ter um trojan no seu computador
"Como ferramenta de apoio à distância, o AnyDesk é uma solução muito prática e que ajuda os utilizadores em momento complicados. Sem grandes requisitos, é simples e prática de usar a qualquer momento."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
A slightly different way to generate strong, memorable passwords
"It’s a good idea to avoid remembering passwords – the more passwords you need to remember, the more tempting it is to re-use them. Ideally you should use a password manager like Bitwarden to store almost all of your passwords."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.