Top News

• Russian actors bypass 2FA

"The US Cybersecurity and Infrastructure Security Agency (CISA) has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability."

Link

TLP¹ : Green

• Ukraine’s CERT warns of a phishing campaign delivering malware via fake AV updates

"Ukraine's Computer Emergency Response Team (CERT-UA) has warned that threat actors are attempting to infect Ukrainian government organizations with Cobalt Strike beacon and other malware through fake antivirus updates."

Link

TLP¹ : Green

• Phony Instagram ‘Support Staff’ Emails Hit Insurance Company

"The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Cowbell Cyber Raises $100M As Cyberattacks Rise

"Cowbell was just one of several cyber insurance firms to raise money last year—and with hacks and ransomware attacks seemingly a daily occurrence now, it seems likely the sector will see the same interest this year."

Link

TLP¹ : Green

• Anonymous cripples Russian Fed Security Service (FSB) & other top sites

"Anonymous hacktivists collective are claiming to have targeted top Russian government websites in a series of DDoS attacks. As a result, the official website of the Federal Security Service (aka FSB, the principal security agency of Russia), Stock Exchange, Analytical Center for the Government of the Russian Federation, and Ministry of Sport of the Russian Federation have been forced to go offline."

Link

TLP¹ : Green

• MuddyWater Uses SloughRAT To Target Turkey and Arabian Peninsula

"MuddyWater, the Iranian state-sponsored threat actor, has been linked to a new wave of attacks aimed at Turkey and the Arabian Peninsula. The aim of this campaign is to deploy RATs on compromised systems."

Link

TLP¹ : Green

• Malicious web application requests skyrocketing, bad actors stealthier than ever before

"Radware released report findings which underscore 2021 as the year of the web application attack. Between 2020 and 2021, the number of malicious web application requests climbed 88%, more than double the year-over-year growth rate in distributed denial-of-service (DDoS) attacks, which were up 37% over 2020."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Follow-up: NVIDIA staff shouldn’t have chosen passwords like these…

"Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data from graphics card maker NVIDIA. (...) what the most common passwords might be that were used by the breached NVIDIA employees?"

Link

TLP¹ : Green

• Hacker breaches key Russian ministry in blink of an eye

"In mere seconds, a hacker remotely accessed a computer belonging to a regional Ministry of Health in Russia, taking advantage of sloppy cybersecurity practices to expose its entire network."

Link

TLP¹ : Green

• Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

"Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018"

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

"Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code."

Link

TLP¹ : Green

• OpenSSL cert parsing bug causes infinite denial of service loop

"OpenSSL has released a security update to address a vulnerability in the library that, if exploited, activates an infinite loop function and leads to denial of service conditions."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Kubernetes Hardening Guide

"The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community. "

Link

TLP¹ : Green

• Top tools and best practices for WordPress security

"Poorly secured WordPress websites are a favorite hacker target. Use these tools and advice to keep them out."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Patching - An Interactive Binary Patching Plugin For IDA Pro

"Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow designed for rapid iteration."

Link

TLP¹ : Green

• WMEye - A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement

"WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when triggered writes an MSBuild based Payload using a special WMI Class called LogFileEventConsumer and finally executes the payload remotely."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp