Top News

• RaidForums hacking forum seized by police, owner arrested

"The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries.
RaidForum’s administrator and two of his accomplices have been arrested, and the infrastructure of the illegal marketplace is now under the control of law enforcement."

Link

TLP¹ : Green

• Apple Chief Cook Takes App Store Battle to Washington

"Apple head Tim Cook attacked moves to regulate his company's App Store in a rare speech in Washington on Tuesday, arguing that new rules could threaten iPhone users' privacy.
Cook put forth the Silicon Valley giant's perspective as momentum gathered for legislation that could weaken Apple's app market dominance, which critics have said amounts to a monopoly."

Link

TLP¹ : Green

• Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

"Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.
Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today's update, with ten classified as Critical as they allow remote code execution."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Crypto Dev Gets Five Years for Helping North Korea Evade Sanctions

"A noted Ethereum developer has been sentenced to more than five years behind bars after pleading guilty to helping North Korea evade sanctions.
Virgil Griffith, 39, initially pleaded not guilty back in January 2020, following his arrest at Los Angeles International Airport in November 2019. However, he changed that plea last year.
He conspired to provide technical advice to the hermit kingdom on how to circumvent sanctions by using cryptocurrency and blockchain technology, according to the Department of Justice (DoJ)."

Link

TLP¹ : Green

• Europol Announces Operation to Hit Russian Sanctions-Evaders

"European police have announced a major new operation designed to crack down on Russian oligarchs and businesses looking to circumvent sanctions.
Operation Oscar will run for at least a year as an umbrella initiative that will feature many separate investigations, Europol explained.
The policing organization’s European Financial and Economic Crime Centre will work to exchange information and intelligence with partners and provide operational support in financial crime investigations."

Link

TLP¹ : Green

• We Are All Hacktivists Now

"In Russia and China they support their hacker communities no matter how criminal they might be, because they understand the importance of nurturing talent within their cybersecurity communities, and they have become skilled at leveraging that talent."

Link

TLP¹ : Green

• Ethical Hacker Steals $600,000 Worth of Crypto

"A certified ethical hacker has been charged with multiple offenses after stealing a significant sum of cryptocurrency worth nearly $600,000, Police in Pinellas Park, Florida, arrested 27-year old Aaron Daniel Motta after he reportedly stole an elderly client’s Trezor hardware wallet and its password while providing security help. Clearwater Police said that Motta transferred the sum into various wallets he possessed.
The victim has not yet been named, and various details have yet to be released.
Police arrested the “certified ethical hacker” and charged him with grand theft and other computer offenses."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Consumers Increasingly Numb to Data Breach Risks

"Consumer trust in the organizations they do business with is at rock bottom, leading many to “give up” on security, according to new research from Imperva.
The data security vendor polled over 6700 consumers across the US, Singapore, UK and Australia to compile its latest report, No Silver Linings.
It found that just 37% trust financial services firms to keep their data safe, dropping to a third (33%) for healthcare, 29% for government organizations and just 5% for retail organizations. Over a third (35%) said they don’t trust any industries to protect their data.
The problem is exacerbated by the sheer volume of data that consumers share today. Half of those polled said they couldn’t keep track of the security posture of each organization they interact with, which is desensitizing many to cyber-risk."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• ICS Patch Tuesday: Siemens, Schneider Fix Several Critical Vulnerabilities

"Siemens and Schneider Electric have addressed more than two dozen vulnerabilities in their April 2022 Patch Tuesday security advisories, including flaws that have a “critical” severity rating.
Schneider Electric has only released two advisories and each covers only one vulnerability, but the weaknesses appear to be serious."

Link

TLP¹ : Green

• Critical LFI Vulnerability Reported in Hashnode Blogging Platform

" Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information.
"The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download local files from Hashnode's server," Akamai researchers said in a report shared with The Hacker News."

Link

TLP¹ : Green

• SAP Releases Patches for Spring4Shell Vulnerability

" German software maker SAP announced on Tuesday that more than 30 new and updated security notes were released on its April 2022 Security Patch Day, including notes that deal with the Spring4Shell vulnerability.
Tracked as CVE-2022-22965, the vulnerability dubbed Spring4Shell impacts Spring, the most popular Java application development framework in the world, and could lead to the execution of code remotely. Security researchers have already observed attempts to exploit the flaw in the wild."

Link

TLP¹ : Green

• Adobe Patches Gaping Security Holes in Acrobat, Reader, Photoshop

"Adobe's security update engine revved into overdrive this month with the release of patches for at least 78 documented software vulnerabilities, some serious enough to expose corporate customers to remote code execution attacks.
The San Jose, California software maker's Patch Tuesday drop this month covers holes in Adobe Acrobat and Reader, Adobe Photoshop, Adobe After Effects and Adobe Commerce.
The Adobe Acrobat and Reader update, rated critical, covers a total of 62 vulnerabilities that the company acknowledges could be exploited to cause major damage.  The update is available for both Windows and macOS users."

Link

TLP¹ : Green

• Internal AWS credentials swiped by researcher via SQL payload

"A security researcher said they seized credentials for an internal AWS service by exploiting a local file read vulnerability on a Relational Database Service (RDS) EC2 instance.
Credit for the discovery goes to Gafnit Amiga, director of security research at Israeli cloud security firm Lightspin, who told The Daily Swig that the research was noteworthy “because the final payload is all SQL commands”.
The impact was obscured by the fact AWS declined to divulge the purpose or implementation of the vulnerable internal service, but it did tell Amiga that any abuse would not have imperilled customer data.
While recognizing the appeal of AWS services, the finding showed that “wrapping third-party services such as PostgreSQL and trying to provide users with advanced features is sometimes a double-edged sword”, said Amiga.
AWS has comprehensively addressed the vulnerability and said it had found no evidence of hostile exploitation, according to the researcher."

Link

TLP¹ : Green

• Critical HP Teradici PCoIP flaws impact 15 million endpoints

"HP is warning of new critical security vulnerabilities in the Teradici PCoIP client and agent for Windows, Linux, and macOS that impact 15 million endpoints. The computer and software vendor has found that Teradici is affected by the recently disclosed OpenSSL certificate parsing bug that causes an infinite denial of service loop and multiple integer overflow vulnerabilities in Expat.
Teradici PCoIP (PC over IP) is a proprietary remote desktop protocol licensed to many virtualization product vendors, acquired by HP in 2021, and used on its own products since then.
According to the official website, Teradici PCoIP products are deployed in 15,000,000 endpoints, supporting government agencies, military units, game development firms, broadcast corporations, news organizations, etc."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Cross-Regional Disaster Recovery with Elasticsearch

"Unsurprisingly, here at Rewind, we've got a lot of data to protect (over 2 petabytes worth). One of the databases we use is called Elasticsearch (ES or Opensearch, as it is currently known in AWS). To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is essential when customers are looking for a particular file or item that they need to restore using Rewind. Every second of downtime counts, so our search results need to be fast, accurate, and reliable.
Another consideration was disaster recovery. As part of our System and Organization Controls Level 2 (SOC2) certification process, we needed to ensure we had a working disaster recovery plan to restore service in the unlikely event that the entire AWS region was down."

Link

TLP¹ : Green

• How Do I Conduct a Resilience Review?

"The concept of resilience has never been more important than it is today as the world grapples with unprecedented geopolitical challenges. Governments are urging companies to raise their defenses as the threat of cyber warfare looms. Against this backdrop, security leaders must take action, and running a resilience review of their organization is one of the best places to start."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• OpenSSH 9.0 bakes in post-quantum cryptography to future proof against attacks

"Developers of the OpenSSH secure networking utility are ‘future proofing’ the technology by adopting post-quantum cryptography.
The latest OpenSSH 9.0 release defaults to the NTRU Prime algorithm – a scheme designed to resist brute-force attacks that might be enabled by future quantum computers – while supporting the previous default (X25519 ECDH key exchange) as a backstop. In either case, the algorithms are used to negotiate session keys that protect data in transit.
OpenSSH is a widely used open source technology used for applications including enabling the remote login of severs and secure file transfer."

Link

TLP¹ : Green

• Worried About Your Mobile Security? Here's How to Secure Your Device And Enhance Performance

"While the world is still adapting to the new normal and mobile devices replace PCs as the primary digital device, cybercriminals have upped the ante to target individuals worldwide.
Mobile security has become a significant concern! No matter how great the app is, if security is breached, it spells great trouble. Phishing, Smishing, Ransomware Attacks, Supply Chain Attacks, Mobile Malware – Spyware, Trojan, hidden processes, and misinformation campaigns dominate mobile security trends."

Link

TLP¹ : Green

• The CIA Triad

"While the CIA Triad may sound like some sort of menacing criminal gang, it is in fact an essential tool of cybersecurity.
Lack of security requirements is still a major problem in many software projects today, in this article we will discuss the main security requirements and the relationship they have to secure design concepts and principles.
The first question: how to get the security requirements and who to involve?"

Link

TLP¹ : Green

• A Detailed Guide on AMSI Bypass

"Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to interact with any anti-virus installed on the system and prevent dynamic, script-based malwares from executing. We’ll learn more about AMSI, implementation in code and some of the well-known bypasses in this article."

Link

TLP¹ : Green

• African banking sector targeted by malware-based phishing campaign

"A cybercrime campaign targeting the African banking sector is leveraging phishing emails and HTML smuggling techniques to deploy malware. A series of attacks has been reported across West Africa, with attackers posing as prospective employers to lure victims into downloading malicious files.
Researchers from HP Wolf Security, who have been tracking the campaign, noted that they first spotted the attacks in “early 2022”, when an employee of an unnamed West African bank received an email purporting to be from a recruiter at another African bank with information about job opportunities."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp