Top News

• Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities

"FireEye Labs recently observed an attack against the government sector in Central Asia. The attack involved the new HAWKBALL backdoor being delivered via well-known Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802."

Link

TLP¹ : Green

• Human rights activists condemn mass denial of service as Sudan’s nationwide internet shutdown enters second week

"Sudan is suffering a country-wide internet shutdown that’s lasted more than a week so far, following a military coup.
On October 25, the military arrested the civilian prime minister, Abdalla Hamdok, and dissolved the democratic government set up after the fall of former president Omar al-Bashir. Hundreds of thousands of people turned out to protest. Troops are reported to have opened fire, killing at least 11 and injuring hundreds more.
Meanwhile, around 4pm local time that day, internet traffic dropped to almost zero and has stayed that way since, apart from a return of mobile service for about an hour, 35 hours after the initial disruption."

Link

TLP¹ : Green

• US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware

"The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru, to a list of entities engaging in "malicious cyber activities."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• US Blacklists NSO Group

"The Israeli cyberweapons arms manufacturer — and human rights violator, and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist."

Link

TLP¹ : Green

• Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks

"Ukraine’s security service, the SBU, on Thursday revealed the identities of five individuals allegedly involved in cyberattacks attributed to a Russia-linked threat group named Gamaredon.
According to the SBU, the five individuals are employees of Russia’s Federal Security Service (FSB). The names of the five and their role within the FSB have been made public, as well as recordings of phone conversations in which two of them appear to discuss cyberattacks."

Link

TLP¹ : Green

• U.K. man implicated in Twitter hacking charged in NY with cryptocurrency theft

"A U.K. man previously charged in the United States with involvement in the hacking of politicians’ and celebrities’ Twitter accounts was charged on Wednesday over a separate scheme resulting in the theft of $784,000 of cryptocurrency."

Link

TLP¹ : Green

• BlackMatter ransomware moves victims to LockBit after shutdown

"With the BlackMatter ransomware operation shutting down, existing affiliates are moving their victims to the competing LockBit ransomware site for continued extortion."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• The U.K. Labour Party discloses a data breach

"The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data."

Link

TLP¹ : Green

• A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked

"A major overseas ransomware group shut down last month after a pair of operations by U.S. Cyber Command and a foreign government targeting the criminals’ servers left its leaders too frightened of identification and arrest to stay in business, according to several U.S. officials familiar with the matter."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module

"Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system,""

Link

TLP¹ : Green

• Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software

"Critical bugs have been unearthed in Hitachi Vantara’s Pentaho Business Analytics software, a report has warned. A penetration test report, finalized on April 4 and cleared for public release on October 10, revealed a number of security issues in version 9.1.00 of the software on the Windows 64-bit operating system.
Pentaho Business Analytics (BA) is an analytics platform for Big Data management. The enterprise solution is designed to discover, analyze, and visualize data across channels including databases, social media, cloud repositories, and NoSQL systems. BA can be deployed either on-premesis or in the cloud."

Link

TLP¹ : Green

• RCE vulnerability found in Sitecore enterprise CMS software

"A remote code execution vulnerability has been found in enterprise CMS product Sitecore XP that could leave all unpatched instances open to abuse."

Link

TLP¹ : Green

• CISA shares a catalog of 306 actively exploited vulnerabilities

"The US CISA shared a list of vulnerabilities known to be exploited in the wild and orders US federal agencies to address them within deadlines."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Microsoft Announces New Endpoint Security Solution for SMBs

"Microsoft on Tuesday announced the upcoming availability of Microsoft Defender for Business, an enterprise-grade endpoint security solution catered for small and medium-sized businesses (SMBs)."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Free Discord Nitro phishing targets Steam gamers

"​A new Steam phishing promoted via Discord messages promises a free Nitro subscription if a user links their Steam account, which the hackers then use to steal game items or promote other scams."

Link

TLP¹ : Green

• XcodeGhost S: A New Breed Hits the US

"Just over a month ago, iOS users were warned of the threat to their devices by the XcodeGhost malware. Apple quickly reacted, taking down infected apps from the App Store and releasing new security features to stop malicious activities."

Link

TLP¹ : Green

• LDAPmonitor - Monitor Creation, Deletion And Changes To LDAP Objects Live During Your Pentest Or System Administration!

"With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp