Infosec News 20210625
Top News
-
Auditoria da Câmara de Lisboa revela que dados de manifestantes foram partilhados 122 vezes
"Fernando Medina já tinha admitido que a autarquia partilhou dados em 52 casos, mas o resultado da auditoria, ao qual a SIC teve acesso, acrescenta-lhe mais 70. A diferença é que nestes não é possível saber que tipo de dados foram partilhados."
TLP1 : Green
-
Google Expands Open Source Vulnerabilities Database
"Google today announced the expansion of the Open Source Vulnerabilities (OSV) database to include information on bugs identified in Go, Rust, Python, and DWF open source projects."
TLP1 : Green
-
Windows 11 unveiled: Everything you need to know
"After a whole bunch of online leaks and hints floating on the Internet for months, Microsoft finally announced Windows 11 at a virtual event."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Pakistan-linked hackers targeted Indian power company with ReverseRat
"A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research."
TLP1 : Green
-
Malicious spam campaigns delivering banking Trojans
"IcedID is a banking Trojan capable of web injects, VM detection and other malicious actions. It consists of two parts – the downloader and the main body that performs all the malicious activity. The main body is hidden in a PNG image, which is downloaded and decrypted by the downloader."
TLP1 : Green
-
ChaChi: a new GoLang Trojan used in attacks against US schools
"A new Trojan written in the Go programming language has pivoted from attacks against government agencies to US schools."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Zyxel Warns Customers of Attacks on Security Appliances
"Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Weidmueller Patches Dozen Vulnerabilities in Industrial WLAN Devices
"Germany-based industrial solutions provider Weidmueller on Wednesday informed customers that it has patched a dozen vulnerabilities affecting some of its industrial WLAN devices."
TLP1 : Green
-
Eclypsium: BIOSConnect Flaws Haunt Millions of Dell Computers
"Security researchers at Eclypsium have figured out a way to exploit a set of high-severity vulnerabilities that expose millions of Dell computers to stealthy hacker attacks."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
EU Announces New Joint Cyber Unit to Protect Against Critical Attacks
"The cyber threat to critical infrastructure has grown dramatically over the last few years – to such an extent that western governments are finally accepting that they need to get more involved. In the EU, this has taken the form of a new Joint Cyber Unit (JCU), situated next to ENISA’s offices in Brussels."
TLP1 : Green
-
Cybersecurity Companies Join Forces Against Controversial DMCA Section
"The Electronic Frontier Foundation (EFF) along with nearly two dozen cybersecurity companies have signed a statement regarding the use of a controversial section of the Digital Millennium Copyright Act (DMCA) against security researchers."
TLP1 : Green
Cybersecurity Companies Join Forces Against Controversial DMCA Section
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool
"Sn1per is an automated scanner that can automate the process of collecting data for the exploration and penetration testing."
TLP1 : Green
-
Banning Surveillance-Based Advertising
"The Norwegian Consumer Council just published a fantastic new report: “Time to Ban Surveillance-Based Advertising.” From the Introduction:
The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements; opaque business models; manipulation and discrimination at scale; fraud and other criminal activity; serious security risks."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.