Top News

• Phishing attack exposes medical information for 12,000 patients at Revere Health

"A healthcare employee was the subject of a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George, according to a press release sent out by healthcare company Revere Health on Friday."

Link

TLP¹ : Green

• Experts spotted a modified version of WhatsApp for Android, which offers extra features, but that installs the Triada Trojan on the devices.

"WhatsApp users sometimes look for mods that offer extra features such as animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages. These modified versions of the popular instant messaging app usually contain ads."

Link

TLP¹ : Green

• Hackers target Microsoft email server vulnerabilities

"According to reports, hackers are targeting Microsoft email servers after a series of vulnerabilities were detailed at a computer security conference for BlackHat earlier this month.
Among the servers still vulnerable to attack are several on the British government's gov.uk domain as well as the police.uk domain used by forces in England, Wales and Northern Ireland."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Cyber-thieves Scam New Hampshire Town Out of $2.3m

"Peterborough is a 7,000-person town with a budget for the fiscal year of just over $15.8m. Cyber-thieves conned the town out of $2.3m through two business email compromise (BEC) scams. "

Link

TLP¹ : Green

• New SideWalk Backdoor Targets U.S.-based Computer Retail Business

"A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia."

Link

TLP¹ : Green

• Cyberattack Trends: Critical Infrastructure Edition

"Lately, critical infrastructure has been a hot target for cybercriminals. As per research by Mandiant, exposed Operational Technology (OT) systems saw a significant increase in attacks in the last 18 months. It is extremely easy for attackers to get into unprotected networks that are unauthenticated and can be discovered via connected-device search engines. Let us go through some attack trends on critical infrastructure."

Link

TLP¹ : Green

• Biden, Tech Leaders Eye 'Concrete Steps' to Boost Cybersecurity

"A White House cybersecurity gathering including Big Tech executives was set Wednesday to unveil steps aimed at improving cybersecurity following high-profile attacks which raised questions about the vulnerability of so-called critical infrastructure."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Nokia-Owned SAC Wireless Discloses Data Breach

"In a notification letter filed with the Maine Attorney General's Officer, the  company said personal information of roughly 6500 individuals was compromised during a ransomware attack that was identified in mid-June."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• New iOS zero-click exploit used in attacks against Bahraini activists

"Security researchers at Citizen Lab uncovered a previously undisclosed zero-click iMessage exploit used to deploy NSO Group’s Pegasus spyware on devices belonging to several Bahraini activists. "

Link

TLP¹ : Green

• SteelSeries bug gives Windows 10 admin rights by plugging in a device

"The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Datacom and Splunk strengthen ties in ANZ

"Australasian technology company Datacom is strengthening its strategic alliance with Splunk, provider of the Data-to-Everything platform."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Resurgence in FluBot Malware Attacks

"Watch out! FluBot Android malware attacks are running rampant across multiple countries as threat actors evolve their strategies. The malware, which is very prominent in several European countries, was recently spotted in an attack targeting users in the U.S. Another report also sheds light on the malware attack against Android users in the U.K."

Link

TLP¹ : Green

• Misconfigured Microsoft Power Apps Portals Exposed Millions of Records

"Microsoft Power Apps portals allow organizations to create different types of websites – including social engagement application platforms, ecommerce portals, and services and support sites – that can be shared externally or internally.
Access to the portals should be provided in a secure manner, either anonymously or through commercial authentication providers, including Facebook, Google, LinkedIn, or Microsoft.
Misconfigurations, however, may lead to unauthorized access to data, and UpGuard says it has identified a total of 47 such instances"

Link

TLP¹ : Green

• MSSQL for Pentester: Discovery

"Microsoft SQL Server (MS-SQL) is a relational database manager created by Microsoft. Such management systems are used to engage databases with the user. Multiple databases are used in a large enterprise or organisation which leads to a problem of SQL Sprawl. There are various methods to identify these servers from both pentesting view and or to simply discover MS-SQL servers. In this article, we will explore such various methods in order to discover MS-SQL servers in the network, both locally and remotely."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.