Top News

• Cryptocurrency Scam Involving $22 Million Uncovered in UK, Victims Spread Across the World

"Cryptocurrencies worth $22.2 million (roughly Rs. 165 crores) have been seized by the UK police after a global fraud scheme was unearthed. They have found USB sticks containing large quantities of Ethereum, the second-largest cryptocurrency in the world after Bitcoin."

Link

TLP¹ : Green

• Follow Up: T-Mobile: 49 Million Customers Hit by Data Breach

"T-Mobile has admitted that threat actors have stolen personal information on 48.6 million current, former and prospective customers."

Link

TLP¹ : Green

• US Hospitals Divert Care After Cyber-attack

"A cyber-attack forced hospitals in West Virginia and Ohio to divert patients to other care providers and work from paper records."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Belarus Brands Group Who Claimed to Hack Interior Ministry 'Extremist'

"A court in Belarus declared Wednesday a group of hackers who claim to have carried out a massive hack on the interior ministry in an attack on President Alexander Lukashenko's regime to be an "extremist" organisation."

Link

TLP¹ : Green

• Hackers raided a Japanese crypto exchange and seized up to $74 million in assets, report says

"Hackers have raided the Japanese crypto exchange Liquid, the company tweeted early on Thursday. The stolen assets could be worth as much as $74 million, The Block reported."

Link

TLP¹ : Green

• Report: Census Hit by Cyberattack, US Count Unaffected

"U.S. Census Bureau computer servers uninvolved with the 2020 census were exploited last year during a cybersecurity attack, but hackers’ attempts to keep access to the system were unsuccessful, according to a watchdog report released Wednesday."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw

"Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed."

Link

TLP¹ : Green

• NK-linked InkySquid APT leverages IE exploits in recent attacks

"North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South Korean online newspaper."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• HolesWarm malware exploits more than 20 vulnerabilities to breach Windows and Linux servers

"Security researchers at Tencent are warning about a new cryptomining botnet, which they are referring to as the “King of Vulnerability Exploitation.” Dubbed HolesWarm, the botnet has been steadily growing since the beginning of June and has been observed using over 20 known vulnerabilities in order to compromise vulnerable Windows and Linux servers."

Link

TLP¹ : Green

• Google Project Zero reveals another Windows elevation of privilege vulnerability

"Google's Project Zero team is famous (or infamous, depending upon which side of the fence you are) for discovering vulnerabilities in the software developed by the company itself as well as those built by other firms. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure."

Link

TLP¹ : Green

• Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers

"In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Phishing attacks increase in H1 2021, sharp jump in crypto attacks

"Overall, the first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, PhishLabs reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May."

Link

TLP¹ : Green

• Device complexity leaving schools at heightened risk of ransomware attacks

"Absolute Software announced a research revealing the significant management and security challenges faced by K-12 education IT teams with the rise in digital learning and widespread adoption of 1:1 device programs. The report underscores how increased device mobility and complexity are leaving schools increasingly vulnerable to security risks and potential attacks."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Jsleak - A Go Code To Detect Leaks In JS Files Via Regex Patterns

"Jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you can use it to identify anything as long as you have a regex pattern for it."

Link

TLP¹ : Green

• AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool For Visualizing Python Package Registry Security Audit Data

"AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the Python Package Index (PyPI) via Aura, a static analysis designed for large scale security auditing of Python packages. The current tool is a proof-of-concept, and includes some live Aura data, as well as some mockup data for demo purposes."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp