Top News

• 90% of S3 Buckets at Risk, Report Finds

"We all know that AWS S3 buckets are highly reliable and are used with huge confidence. However, they face great security risks that have been pointed out in a study by Ermetic. Titled “AWS S3 Ransomware Exposure in the Wild”, the study discovered that most of the security risk to S3 buckets is posed by compromised identities. "

Link

TLP¹ : Green

• U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

"The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons."

Link

TLP¹ : Green

• Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

"Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals

"Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015."

Link

TLP¹ : Green

• Russian Cyber-criminals Switch to Cloud

"Cybersecurity firm Kaspersky today released research on Russian-speaking cyber-criminal activity and how it has changed over the past six years."

Link

TLP¹ : Green

• Increased activity surrounding stolen data on the dark web

"Dark web activity the value of stolen data and cybercriminal behaviors, have dramatically evolved in recent years, according to a Bitglass research."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Centre for Computing History apologises to customers for 'embarrassing' breach

"The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• WinRAR’s vulnerable trialware: when free software isn’t free

"In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application. This can be used to achieve Remote Code Execution (RCE) on a victim’s computer. It has been assigned the CVE ID – CVE-2021-35052."

Link

TLP¹ : Green

• Historic scientific notation bug foils WAF defenses

"Security researchers have discovered that a historic vulnerability affecting both MySQL and MariaDB databases caused serious flaws for security technologies from AWS."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises

"Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication.

"Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation.

Its operators have added new exploits and payloads, according to the experts, the new variant leverages WebSockets to implement more secure C2 bidirectional communication."

Link

TLP¹ : Green

• Protecting critical infrastructure from a cyber pandemic

"Cyber-attacks on infrastructure services are on the rise, most recently the Colonial Pipeline hack in the US and the public health service attack in Ireland.
Hackers are exploiting the use of Internet of Things (IoT) which creates millions of new vulnerability points in critical infrastructure."

Link

TLP¹ : Green

• Limelighter - A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones

"A tool which creates a spoof code signing certificates and sign binaries and DLL files to help evade EDR products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as acme.com."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.