Infosec News 20210629
Top News
-
Microsoft successfully hit by dependency hijacking again
"Microsoft has once again been successfully hit by a dependency hijacking attack.
Previously, as first reported by BleepingComputer, a researcher had ethically hacked over 35 major tech firms, including Microsoft, by exploiting a weakness called "dependency confusion.""
TLP1 : Green
-
Covid-19: cyber attack on Ponta Delgada hospital delays release of test results
" The Secretary of Health of the Government of the Azores, Clélio Meneses, acknowledged this Monday that there were delays in the disclosure of negative tests to covid-19 in the region due to the cyberattack on the Hospital Divino Espírito Santo (HDES), in Ponta Delgada."
TLP1 : Green
-
Cybersecurity News Roundup: Major Infrastructure Cyberattack, ‘Catastrophic’ Ransomware Incident, Big Insurer Hacked
"Cyberattack Shuts Down a Critical Fuel Pipeline. A ransomware attack on Colonial Pipeline forced the company to shut down a vital fuel pipeline for five days."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Fake apps targeting vaccine registration programmes in India
"Cybersecurity company McAfee has said that following a year of lockdowns and a surge in time spent online and on devices,..."
TLP1 : Green
-
Four states propose laws to ban ransomware payments
"Following the epic ransomware attacks on Colonial Pipeline and top meat producer JBS, some government officials have called on Congress and the administration to ban organizations from making ransom payments to threat actors. "
TLP1 : Green
-
Four states propose laws to ban ransomware payments
"Following the epic ransomware attacks on Colonial Pipeline and top meat producer JBS, some government officials have called on Congress and the administration to ban organizations from making ransom payments to threat actors. "
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Attackers Breach Microsoft Customer Service Accounts
"American IT companies and government have been targeted by the Nobelium state-sponsored group."
TLP1 : Green
-
Details of over 200,000 students leaked in cyberattack
"A pro-Palestinian Malaysian hacker group known as "DragonForce" claimed that it hacked into AcadeME last week."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
"A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion."
TLP1 : Green
-
Improper input validation in Python Flask module in BIG-IQ Centralized Management and F5OS
" CWE-20 - Improper Input Validation The vulnerability allows a remote attacker to perform a denial of service (DoS) attack."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
How Cyber Threat Intelligence Protects You From Hackers
"Why is Cyber Threat Intelligence Important? In its essence, cyber threat intelligence is evidence-based knowledge about an existing or emerging menace or hazard to assets."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet
"PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN."
TLP1 : Green
-
Heappy - A Happy Heap Editor To Support Your Exploitation Process
"Heappy is an editor based on gdb/gef that helps you to handle the heap during your exploitation development."
TLP1 : Green
-
DMARC: The First Line of Defense Against Ransomware
"There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it's making headlines.With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.