Top News

• Zero-day are exploited on a massive scale in increasingly shorter timeframes

"According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide.
The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability and remarked on the importance of the patch management process.
“As cyber threat actors—both nation state and criminal—become more adept at leveraging these vulnerabilities, we have observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability. This makes it essential that organizations patch exploits immediately.” reads the report."

Link

TLP¹ : Green

• British govt is scanning all Internet devices hosted in UK

"The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.
The goal is to assess UK's vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture.
"These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact," the agency said.
"The NCSC uses the data we have collected to create an overview of the UK's exposure to vulnerabilities following their disclosure, and track their remediation over time.""

Link

TLP¹ : Green

• FBI: Hacktivist DDoS attacks had minor impact on critical orgs

"The Federal Bureau of Investigation (FBI) said on Friday that distributed denial-of-service (DDoS) attacks coordinated by hacktivist groups have a minor impact on the services they target.
As the law enforcement agency explained in a private industry notification issued today, this happens because they target public-facing infrastructure like websites instead of the actual services, leading to limited disruption.
"Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success," the agency said."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Japan Joins Key NATO Cyber Agency

"Japan has become the latest US ally to join NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE), in a move likely to anger Moscow.
Former Prime Minister, Shinzo Abe, confirmed on a visit to Estonia four years ago that the East Asia giant would join the center.
However, it wasn’t until Friday that the country formally confirmed its place. Defense Minister Seiichi Hamada revealed the news at a press conference, according to the Jiji news agency.
Although a Ministry of Defence (MoD) official has apparently been stationed at the CCDCOE since 2019, the latest announcement should signal the start of a more formal arrangement."

Link

TLP¹ : Green

• Another ex-eBay employee sentenced for aggressive cyberstalking campaign

"A former intelligence analyst at eBay was sentenced for her role in an aggressive cyberstalking campaign that involved harassing Twitter users, GPS tracking, and delivering unsettling items to victims' homes, such as a bloody pig Halloween mask, a funeral wreath, and a book on surviving the loss of a spouse.
A 28-year-old former eBay contractor Veronica Zea was sentenced to two years probation and a $5,000 fine. Two years ago, she pleaded guilty to running a cyberstalking campaign to tamper with witnesses.
On September 29, James Baugh and David Harville, two former eBay executives, were sentenced based on the same charges. Baugh, former security director, was jailed for 57 months and ordered to pay a $40,000 fine. Harville, director of global resiliency, was sentenced to two years in prison and ordered to pay a $20,000 fine."

Link

TLP¹ : Green

• Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft

"According to Microsoft’s 2022 Digital Defense Report, nation-state hacker attacks on critical infrastructure have soared, largely due to Russian cyber operations targeting Ukraine and its allies.
Between June 2020 and June 2021, 20% of all nation-state attacks observed by Microsoft were aimed at critical infrastructure. That percentage increased to 40% in the period between July 2021 and June 2022.
Many of the state-sponsored attacks targeting critical infrastructure in the past year have been attributed by the tech giant to Russia. Unsurprisingly, Russia has increasingly targeted Ukrainian critical infrastructure with cyberattacks meant to cause damage and disruption — this was done to complement its physical military action."

Link

TLP¹ : Green

• ACE seizes 42 soccer and live TV piracy web domains with millions of visitors

"The Alliance for Creativity and Entertainment (ACE) has shut down 42 websites for the pirated streaming of televised soccer games and live TV, seizing their domains and taking down the illegal streaming services.
The now-defunct websites accumulated over 308 million visits in the past six months. Due to the upcoming 2022 FIFA World Cup in Qatar, set to begin on November 20, 2022, interest was growing steadily.
Two notable pirate platforms, "futbollibre.net" and "televisionlibre.net," had 42.9 million and 7.9 million monthly visitors, respectively."

Link

TLP¹ : Green

• Surveillance 'Existential' Danger of Tech: Signal Boss

"The mysticism that has allowed tech firms to make billions of dollars from surveillance is finally clearing, the boss of encrypted messaging app Signal told AFP.
Meredith Whittaker, who spent years working for Google before helping to organise a staff walkout in 2018 over working conditions, said tech was "valorised" and "fetishised" when she first began in the industry in 2006.
"The idea that technology represented the apex of innovation and progress was fairly pervasive in government circles and popular culture," she said in an interview on the sidelines of the Web Summit tech conference in Lisbon this week.
But legislators and users were now reckoning with the "well-documented harms of allowing a handful of large corporations have the power to surveil almost every aspect of human life"."

Link

TLP¹ : Green

• Z-Library eBook site domains seized by U.S. Dept of Justice

"Internet domains for the popular Z-Library online eBook repository were seized early this morning by the U.S. Department of Justice, preventing easy access to the service.
Z-Library is ranked in the top 10k most visited websites on the Internet, offering over 11 million books and 84 million articles for free via its website.
Yesterday, the websites hosted at z-lib.org, b-ok.org, and 3lib.net began displaying a message stating that the service was seized by the US DOJ and the Postal Inspection Service, as shown below.
However, the U.S. Postal Inspector's office told BleepingComputer they were credited in the seizure notice by mistake.
Friday afternoon, the seizure notice on 3lib.net was updated to indicate the domains were seized by the FBI and the United States Attorney's Office for the Eastern District of New York."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• LockBit 3.0 gang claims to have stolen data from Kearney & Company

"The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company.
Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency.
Kearney & Company was added to the list of victims of the Lockbit 3.0 group on November 05, the gang is threatening to publish stolen data by November 26, 2022, if the company will not pay the ransom. At this time, the ransomware gang has published a sample of the stolen data that includes financial documents, contracts, audit reports, billing documents and more."

Link

TLP¹ : Green

• Medibank Confirms Data Breach Impacts 9.7 Million Customers

"Australian health insurer Medibank today confirmed that the data of 9.7 million customers was compromised in a recent cyberattack.
The incident was identified on October 12, before threat actors could deploy file-encrypting ransomware, but not before they stole data from the company’s systems.
Medibank, which immediately initiated incident response and launched an investigation into the attack, could not determine whether customer data was compromised until contacted by the threat actor behind the data breach.
Two weeks ago, the company estimated that roughly 4 million customers might have been impacted by the cyberattack, but it has now increased that estimate to 9.7 million."

Link

TLP¹ : Green

• Experts Find Urlscan Security Scanner Inadvertently Leaks Sensitive URLs and Data

"Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs.
"Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022.
The Berlin-based cybersecurity firm said it started an investigation in the aftermath of a notification sent by GitHub in February 2022 to an unknown number of users about sharing their usernames and private repository names (i.e., GitHub Pages URLs) to urlscan.io for metadata analysis as part of an automated process."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Apple Rolls Out Xcode Update Patching Git Vulnerabilities

"Apple this week announced a security update for the Xcode macOS development environment, to resolve three Git vulnerabilities, including one leading to arbitrary code execution.
The first of the issues, CVE-2022-29187, is a variant of CVE-2022-24765, a bug impacting users on multi-user machines, where “a malicious actor could create a .git directory in a shared location above a victim’s current working directory.”
An attacker could exploit the flaw to create configuration files in the malicious .git directory and, by using specific variables, could achieve arbitrary command execution on the shared machine."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• How to Break into Infosec With Zero Expertise

"Lack of experience has always been a let down for people with a passion for a particular profession. But guess what, it doesn’t always have to be that way! Suppose you have a passion for cybersecurity but no experience whatsoever. In that case, you are in the right place, as this article will teach you seven easy ways to get into the cybersecurity industry with zero experience."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Microsoft sued for open-source piracy through GitHub Copilot

"Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of programmers.
GitHub Copilot, released in June 2022, is an AI-based programming aid that uses OpenAI Codex to generate real-time source code and function recommendations in Visual Studio.
The tool was trained with machine learning using billions of lines of code from public repositories and can transform natural language into code snippets across dozens of programming languages."

Link

TLP¹ : Green

• Robin Banks phishing service returns to steal banking accounts

"The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks.
Robin Banks faced operational disruption in July 2022, when researchers at IronNet exposed the platform as a highly threatening phishing service targeting Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Santander, Lloyds Bank, and the Commonwealth Bank.
Cloudflare immediately blacklisted the platform’s frontend and backend, abruptly stopping ongoing phishing campaigns from cybercriminals paying a subscription for using the PhaaS platform.
A new report from IronNet warns of the return of Robin Banks and highlights the measures its operators have taken to better hide and protect the platform from researchers.
Among the new features are bypassing multi-factor authentication (MFA) and a redirector that helps avoid detection."

Link

TLP¹ : Green

• Researchers Detail New Malware Campaign Targeting Indian Government Employees

"The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach.
"This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said in a Thursday analysis.
The cybersecurity company said the advanced persistent threat group has also conducted low-volume credential harvesting attacks in which rogue websites masquerading as official Indian government portals were set up to lure unwitting users into entering their passwords."

Link

TLP¹ : Green

• Boffins rekindle one-time program cryptographic concept

"ANALYSIS Advances in technology over the last decade have enabled academics to make progress in creating so-called one-time programs.
One-time programs (OTPs) – originally presented at the Crypto ‘08 conference – describe a type of cryptographically obfuscated computer program that can be run only once, a special property that makes them useful for several applications and use cases.
OTPs were first proposed by researchers Goldwasser, Kalai, and Rothblum."

Link

TLP¹ : Green

• How OSINT Is Used In SIM Swap Scams

"SIM swap fraud is an increasingly widespread means for hackers to steal access to your phone number and then your identity. This kind of fraud is so successful because it is designed specifically to target the widespread default security measures that are supposed to protect you. In this article, we will explain how a hacker can SIM swap almost any phone number and how you can keep safe."

Link

TLP¹ : Green

• Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks

"Microsoft’s Dynamics 365 Customer Voice product allows organizations to gain customer feedback, it is used to conduct customer satisfaction surveys.
Researchers from cybersecurity firm Avanan, uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims.
The experts reported hundreds of these attacks in the last few weeks. The emails comes from the survey feature in Dynamics 365, the senders’ address includes “Forms Pro,” which is the old name of the survey feature."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp