Top News

• Windows 365 exposes Microsoft Azure credentials in plaintext 

"A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz."

Link

TLP¹ : Green

• Hackers can ‘Poison’ Open-source Code on the Internet 

"A Cornell University Tech team with researchers discovered a new kind of backdoor attack that can modify natural-language modelling systems to generate false outputs and bypass any known protection."

Link

TLP¹ : Green

• T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be selling the personal data of its customers.

"New problems for T-Mobile, the company is investigating a possible data breach after that a threat actor has published a post on a hacking forum claiming to be in possession of the personal data of its customers."

Link

TLP¹ : Green

• Half of US Hospitals Shut Down Networks Due to Ransomware

"Nearly half (48%) of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Pysa Ransomware Attacks K-12 Schools

"Ransomware attacks against the education sector almost doubled from 2019 to 2020. With the onset of the COVID-19 pandemic, the numbers keep getting higher. The cybersecurity posture of this sector is still not sufficiently robust and hence, is low-hanging fruit for threat actors."

Link

TLP¹ : Green

• US FINRA warns US brokerage firms and brokers of ongoing phishing attacks

"The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing phishing campaign. Threat actors are impersonating FINRA officials and are using the threat of penalties to trick victims recipients into providing sensitive information."

Link

TLP¹ : Green

• Ukrainian Police Shutter Allegedly Illegal Crypto Exchanges

"Ukrainian police this week shuttered a series of allegedly illegal cryptocurrency exchanges throughout the country that were processing about $1.1 million in virtual currency transactions each month."

Link

TLP¹ : Green

Data Breaches and Hacks

• Ryan Specialty Group reports employee email data breach

"Ryan Specialty Group (RSG) has posted a notice indicating that it has suffered a data security breach, which may have compromised some individuals’ personal information."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• 65 vendors affected by severe vulnerabilities in Realtek chips

"A vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, installed operating systems and other network devices."

Link

TLP¹ : Green

• Steam security: Valve promptly resolves ‘unlimited funds’ gaming wallet cheat

"A security researcher has earned a $7,500 bug bounty after discovering an exploit that could have permitted gamers to boost their in-game Steam wallet balances by artificially increasing the value of deposits."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Indra — Hackers Behind Recent Attacks on Iran

"In this piece, we present an analysis of a successful politically motivated attack on Iranian infrastructure that is suspected to be carried by a non-state sponsored actor. This specific attack happened to be directed at Iran, but it could as easily have happened in New York or Berlin. We’ll look at some of the technical details and expose the actor behind the attack — thereby linking it to several other politically motivated attacks from earlier years."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Raider - Web Authentication Testing Framework

"This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behaviour. Raider aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems."

Link

TLP¹ : Green

• Tko-Subs - A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records

"This tool allows:
To check whether a subdomain can be taken over because it has:
- a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.
- a dangling CNAME pointing to a non-existent domain name.
 - one or more wrong/typoed NS records pointing to a nameserver that can be taken over by an attacker to gain control of the subdomain's DNS records."

Link

TLP¹ : Green

• Ficker – An Info-Stealer Malware Being Distributed by Russians

"Threat actors are using the Malware-as-a-Service (MaaS) model to attack Windows users, according to researchers. The new info-stealer malware “Ficker” was discovered and is being disseminated via a Russian underground forum by threat actors. FickerStealer is a family of data-stealing malware that first appeared in the year 2020. It can steal sensitive data such as passwords, online browser passwords, cryptocurrency wallets, FTP client information, Windows Credential Manager information, and session information from various chat and email clients."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp