Top News

• China tells banks to stop supporting cryptocurrency

"China has expanded its clampdown on cryptocurrencies, telling banks and payments platforms to stop supporting digital currency transactions."

Link

TLP¹ : Green

• After Elon Musk, Dogecoin Has Another Backer In Ethereum Cofounder Charles Hoskinson

"Charles Hoskinson, the co-founder of Ethereum, has said that Dogecoin is a reasonable target for someone to fix it up and make it an interesting cryptocurrency. This comes after billionaire Elon Musk has been hyping the cryptocurrency, including calling himself the "ultimate" holder who won't be selling off his tokens."

Link

TLP¹ : Green

• Hyundai takes 80 per cent stake in terrifying Black Mirror robo-hound firm Boston Dynamics

"Hyundai has acquired a controlling interest in US robotics company Boston Dynamics from Softbank for US$880M."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Attacks Against Container Infrastructures Increasing, Including Supply Chain Attacks

"Research finds that adversaries could detect a new misconfigured container within an average of five hours "

Link

TLP¹ : Green

• Ransomware Gangs Get Paid Off as Officials Struggle for Fix

"If your business falls victim to ransomware and you want simple advice on whether to pay the criminals, don’t expect much help from the U.S. government. The answer is apt to be: It depends."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• The Ragnar Locker ransomware gang has published on its leak sites more than 700GB of data stolen from Taiwanese memory and storage chip maker ADATA.

"The Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware gang that also published more than 700GB of stolen data."

Link

TLP¹ : Green

• NATO's Cloud Platform has been Hacked

"NATO uses the SOA & IdM platform and classified it as secret while it was used to handle several essential functions within the Polaris program."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

"U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure.."

Link

TLP¹ : Green

• Google Android 11.0 Bluetooth avrc_pars_ct.cc

"A vulnerability was found in Google Android 11.0 (Smartphone Operating System). It has been classified as problematic. Affected is the function avrc_pars_browse_rsp of the file avrc_pars_ct.cc of the component Bluetooth Handler."

Link

TLP¹ : Green

• Researcher Claims Apple Downplayed Severity of iCloud Account Takeover Vulnerability

"A security researcher claims he discovered a critical vulnerability in Apple’s password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• 5 Critical Steps to Recover From a Ransomware Attack

"Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities."

Link

TLP¹ : Green

• Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones.

"A group of researchers from Adana Science and Technology University (Turkey) and the National University of Science and Technology (Islamabad, Pakistan) has developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Squalr - Squalr Memory Editor - Game Hacking Tool Written In C#

"Squalr is performant Memory Editing software that allows users to create and share cheats in their windows desktop games. This includes memory scanning, pointers, x86/x64 assembly injection, and so on."

Link

TLP¹ : Green

• State‑sponsored or financially motivated: Is there any difference anymore?

"What does the increasingly fuzzy line between traditional cybercrime and attacks attributed to state-backed groups mean for the future of the threat landscape? "

Link

TLP¹ : Green

• The Future of Machine Learning and Cybersecurity

"The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” "

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp