Infosec News 20210621

  • Publicado: Seg, 21/06/2021 - 08:49

Top News


  • South Korea's Nuclear Research agency hacked using VPN flaw

"South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability."

Link

TLP1 : Green

  • iPhone bug breaks WiFi when you join hotspot with unusual name

"​A new iPhone bug has come to light that breaks your iPhone's wireless functionality by merely connecting to a specific WiFi hotspot."

Link

TLP1 : Green

  • Fertility clinic discloses data breach exposing patient info

"A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism


  • Fake DarkSide Ransomware Gang Targets Energy, Food Sectors

"A fake group claiming to be the DarkSide ransomware gang is targeting organizations in the food and energy sectors by sending hoax emails to extort ransoms from victims, a report by security firm Trend Micro says."

Link

TLP1 : Green

  • Cruise operator Carnival discloses a security breach

"Carnival Corp. said that the data breach it has suffered in March might have impacted its customers and employees."

Link

TLP1 : Green

  • Poland: The leader of the PiS party blames Russia for the recent attack

"Jaroslaw Kaczynski, the leader of the Poland Law and Justice party, blames Russia for the recent cyberattack targeting top Polish politicians."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks


  • US supermarket chain Wegmans discloses data breach

"The supermarket chain Wegmans US Wegmans discloses a data breach, customers information was exposed on the Internet due to a misconfiguration issue."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits


  • Vulnerabilities in Open Design Alliance SDK Impact Siemens, Other Vendors

"ODA is a nonprofit organization that creates SDKs for engineering applications, including computer aided design (CAD), geographic information systems (GIS), building and construction, product lifecycle management (PLM), and internet of things (IoT). Its website says the organization has 1,200 member companies worldwide, and its products are used by several major companies, including Siemens, Microsoft, Bentley, and Epic Games."

Link

TLP1 : Green

  • What’s Making Your Company a Ransomware Sitting Duck

"What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?"

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling


  • Computer Security Resources

"Computer Security is concerned with the risks related to computer use and ensures the availability, integrity, and confidentiality of information managed by the computer system, permitting authorized users to carry out legitimate and useful tasks within a secure computing environment."

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography


  • NIST, Google chart course towards more secure software supply chains

"Google and the US National Institute of Standards and Technology (NIST) have unveiled separate proposals to consolidate industry best practices for tackling the burgeoning threat of software supply chain attacks."

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 


[1]https://www.first.org/tlp