Infosec News 20210608
Top News
-
US Recovers Most of Ransom Paid After Colonial Pipeline Hack
"The Justice Department has recovered most of a multimillion-dollar ransom payment made to hackers after a cyberattack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month, officials said Monday."
TLP1 : Green
-
Military Vehicles Maker Navistar Reports Data-Theft Cyberattack
"United States trucks and military vehicles maker Navistar International Corporation has confirmed a cyberattack that resulted in some data being stolen."
TLP1 : Green
-
Ukraine warns of ‘massive’ Russian spear-phishing campaign
"Three Ukrainian cybersecurity agencies have warned last week of a “massive” spear-phishing operation carried out by Russian threat actors against the Ukrainian government and private sector."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Kimsuky APT Group is Evolving; A Matter to be Worried About
"North Korean APT group Kimsuky, also known as Thallium, Black Banshee, and Velvet Chollim, has been found adopting new Tactics, Techniques, and Procedures (TTPs) as it continues to launch espionage attacks."
TLP1 : Green
-
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
"Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service."
TLP1 : Green
-
Follow Up: Hackers Breached Colonial Pipeline Using Compromised VPN Password
"The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
NSW Health confirms data breached due to Accellion vulnerability
"NSW Health is the latest Australian government entity to confirm being impacted by a vulnerability in the Accellion file transfer system."
TLP1 : Green
-
South Korea Under Major Cyberattacks in Pandemic's Era
"South Korea Ransomware attacks have escalated over the past year in South Korea, crippling hospitals and shopping malls."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
New Kubernetes malware backdoors clusters via Windows containers
"New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities."
TLP1 : Green
-
Qualcomm IPQ40xx: Breaking into QSEE using Fault Injection
" We’ve identified multiple critical software vulnerabilities in QSEE, Qualcomm’s Trusted Execution Environment (TEE), on Qualcomm IPQ40xx-based devices. We exploited these vulnerabilities in order to disable the secure range checks performed by QSEE in order to execute arbitrary code at the highest privilege.
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
The evolution of cybersecurity within network architecture
"A decade ago, security officers would have been able to identify the repercussions of an attack almost immediately, as most took place in the top-level layers of a system, typically through a malware attack. Now however, threat actors work over greater lengths of time, with much broader, long-term horizons in mind."
TLP1 : Green
-
The role DNS plays in network security
"New EfficientIP and IDC research sheds light on the frequency of the different types of DNS attack and the associated costs for the last year throughout the COVID-19 pandemic."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
NACo Unveils Cybersecurity Best Practices and Priorities
"NACo’s new publication highlights the importance of cybersecurity and can serve as a resource for counties working toward bolstering cyber defenses."
TLP1 : Green
-
How the FBI and AFP accessed encrypted messages in TrojanShield investigation
"The US Department of Justice has unsealed a warrant detailing how law enforcement agencies accessed and used the encrypted communications of criminals as part of its TrojanShield investigation, a global online sting operation."
TLP1 : Green
-
RedWarden - Flexible CobaltStrike Malleable Redirector
"This work combines many of those great ideas into a one, lightweight utility, mimicking Apache2 in it's roots of being a simple HTTP(S) reverse-proxy. Combining Malleable C2 profiles understanding, knowledge of bad IP addresses pool and a flexibility of easily adding new inspection and misrouting logic - resulted in having a crafty repellent for IR inspections."
TLP1 : Green
-
Krane - Kubernetes RBAC Static Analysis And Visualisation Tool
"Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.