Top News

• Follow Up: White House spokeswoman speculates threat actors behind the JBS ransomware attack have a Russian origin.

"The American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack.The cyberattack impacted multiple production plants of the company worldwide, including facilities located in the United States, Australia, and Canada."

Link

TLP¹ : Green

• Russian hacker Pavel Sitnikov arrested for distributing malware via Telegram

"Pavel Sitnikov (@Flatl1ne), a prominent figure of the hacking underground, was arrested earlier this month by Russian authorities on charges of distributing malware via his Freedom F0x Telegram channel."

Link

TLP¹ : Green

• New Epsilon Red Ransomware appears in the threat landscape

"Researchers from Sophos spotted a new piece of ransomware, named Epsilon Red, that infected at least one organization in the hospitality sector in the United States. The name Epsilon Red comes from an adversary of some of the X-Men in the Marvel extended universe, it is a “super soldier” alleged to be of Russian origin, sporting four mechanical tentacles and a bad attitude."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• US Seizes 2 Domain Names Used in Cyberespionage Campaign

"The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups."

Link

TLP¹ : Green

• The Swedish Public Health Agency has shut down the country’s infectious diseases database, SmiNet, last week after multiple hacking attempts.

"The Swedish Public Health Agency was forced to shut down its infectious diseases database, named SmiNet, in response to a series of hacking attempts. The Swedish Agency cannot report complete data from Wednesday at 4 pm until the investigation on the intrusion attempts will be completed."

Link

TLP¹ : Green

• Prometheus and Grief – two new emerging ransomware gangs targeting enterprises. Mexican Government data is published for sale.

"Prometheus is a new emerging ransomware group extorting enterprises in various verticals across the globe. Just recently, the group has published a stolen data allegedly belonging to the Mexican Government which still remains available for sale today."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Canada Post, the primary postal operator in Canada, has experienced a data breach.

"According to a press release from Canada Post, the data breach resulted from a malware attack that targeted the postal service’s key supplier. The supplier in question, Commport Communications, notified Canada Post about the breach as soon as they understood the magnitude of the situation."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• EPUB vulnerabilities: Electronic reading systems riddled with browser-like flaws

"Many electronic reading (e-reading) systems that support the open EPUB format have significant security vulnerabilities, new research shows."

Link

TLP¹ : Green

• SOGo and PacketFence Impacted by SAML Implementation Vulnerabilities

"During the impact review of Inverse, we determined that the SOGo and PacketFence packages use the vulnerable Lasso library and were impacted. SOGo and PacketFence are both open source packages which offer paid support contracts."

Link

TLP¹ : Green

• Security Vulnerability in Apple’s Silicon “M1” Chip

"The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Everything You Should Know About Exploits In Ethical Hacking

"Exploits are pieces of software or snippets of code that take advantage of a security flaw or vulnerability to obtain unsanctioned access. Ethical hackers need to understand the concept of exploits in ethical hacking to strengthen their company’s security. They can quickly identify exploitable vulnerabilities before malicious hackers and mitigate them."

Link

TLP¹ : Green

• No Time to Waste: Three Ways to Quickly Reduce Risk in Critical Infrastructure Environments

"Earlier this month, the U.S. experienced it first major shutdown of critical infrastructure due to a cyberattack in the nation’s history. When adversaries targeted Colonial Pipeline with a disruptive ransomware attack, critical infrastructure security immediately became a mainstream concern, because the attack is unprecedented in terms of its impact."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• IMAPLoginTester

"Script That Reads A Text File With Lots Of E-Mails And Passwords, And Tries To Check If Those Credentials Are Valid By Trying To Login On IMAP Servers."

Link

TLP¹ : Green

• AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning

"AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. The framework determines the most appropriate attack path for a given network, and can be used to execute a simulated attack on that network via penetration testing tools, such as Metasploit."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp