Está aqui

InfoSec News 20210823

Publicado: Seg, 23/08/2021 - 10:13

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

North Korean Hacker Group Uses Browser Exploits to Deliver a Custom Malware

"The security experts of the cybersecurity firm, Volexity have recently reported an attack through which the North Korean Hacker Group using browser exploits to deploy the customer malware on the website."

Link

TLP¹ : Green

Joe Biden on alert as US State Department targeted in cyber attack - 'serious breach'

"THE US has been targeted by a cyber attack in a "possible serious breach", according to sources."

Link

TLP¹ : Green

Cyber Attacks on Global Education Sector witness a jump

"According to a study by Check Point Software, there has been an increase in cyber attacks on the Education Sector operating across the world. And the survey confirmed that the education sector operating in United States, UK, Israel, India and Italy were deeply affected from January to July this year."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

Follow up: Japanese cryptocoin exchange robbed of $100,000,000

"Last week’s story was about Chinese cryptocoin smart contract company Poly Networks, which was robbed of about $600 million’s worth of various cryptocurrencies."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

"The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems."

Link

TLP¹ : Green

Vultur Android Malware Targeting Your Bank Account and Crypto Wallet

"Most Android banking malware uses overlays to fool users into clicking on something they don’t really want to click on. Often, this strategy sends victims to a fake banking login page where the attackers will gather login credentials. These they will quickly use to hack into the target’s bank account."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Android users, hackers are using these 10 cryptocurrency apps to steal your money

"Cryptocurrency in the last few years may not have become mainstream but it has really caught the fancy of many across the world. Among those are also cybercriminals who have been deploying ways to fraud and scam people keen on cryptocurrencies."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

SQLancer - Detecting Logic Bugs In DBMS

"SQLancer (Synthesized Query Lancer) is a tool to automatically test Database Management Systems (DBMS) in order to find logic bugs in their implementation. We refer to logic bugs as those bugs that cause the DBMS to fetch an incorrect result set (e.g., by omitting a record)."

Link

TLP¹ : Green

Most Important Web Server Penetration Testing Checklist

"Web server pentesting performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing: