Top News

• Chinese Cyberspies Target Uyghurs Communities via BadBazaar and Moonshine

"Surveillance campaigns against Uyghurs and other Turkic ethnic minorities have been operational for years. Recently, Lookout researchers have discovered two ongoing surveillance campaigns targeting Uyghurs in the People’s Republic of China and abroad."

Link

TLP¹ : Green

• Google to Pay $392m in Landmark Privacy Case

"Google will pay $391.5m to settle a lawsuit filed by dozens of US attorneys general over its location tracking practices. The suit was filed after an Associated Press article back in 2018 revealed that Google “records your movements even when you explicitly tell it not to.”"

Link

TLP¹ : Green

• Ukraine Police dismantled a transnational fraud group that made €200 million per year

"Ukraine’s Cyber ​​Police and Europol arrested 5 Ukrainian citizens who are members of a large-scale transnational fraud group."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Typhon Reborn With New Capabilities

" In early August 2022, Cyble Research Labs (a cybercrime monitoring service) uncovered a new crypto miner/stealer for hire that the malware author named Typhon Stealer. Shortly thereafter, they released an updated version called Typhon Reborn. Both versions have the ability to steal crypto wallets, monitor keystrokes in sensitive applications and evade antivirus products."

Link

TLP¹ : Green

• Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data

"The cybercrime group LockBit last week published a 9.5 Gb archive file apparently containing information belonging to Thales. The malicious hackers previously announced that they would make files public unless Thales paid a ransom."

Link

TLP¹ : Green

• GitHub Now Supports Private Vulnerability Reporting For Public Repositories

"Code hosting company GitHub has unveiled a new direct channel for security researchers to report vulnerabilities in public repositories. The feature needs to be manually enabled by repository maintainers and, once active, enables security researchers to report any vulnerabilities identified in their code."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Texas Hospital Says Ransomware Breach Affected 500,000

"A ransomware attack at a Texas hospital that knocked out phone and email systems for weeks is now even worse following OakBend Medical Center's admission that hackers downloaded data from the medical records of up to 500,000 individuals."

Link

TLP¹ : Green

• Whoosh confirms data breach after hackers sell 7.2M user records

"The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Critical vulnerability in Spotify’s Backstage discovered, patched

"Having more than 19,000 stars on Github, Backstage is one of the most popular open-source platforms for building developer portals and is in widespread use by Spotify, American Airlines, Netflix, Splunk, Fidelity Investments, Epic Games, Palo Alto Networks and many others."

Link

TLP¹ : Green

• Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign

"A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick.""

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• SSVC: Prioritization of vulnerability remediation according to CISA

"Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achieve. "

Link

TLP¹ : Green

• Creating a holistic ransomware strategy

"Recent scientific research into the psychological effects of a ransomware crisis on both organizations and individuals revealed the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn into disarray long after the crisis itself has passed."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Dismember - Scan Memory For Secrets And More

"Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among other things."

Link

TLP¹ : Green

• Indexing millions of HTTP requests using Durable Objects

"Our customers rely on their Cloudflare logs to troubleshoot problems and debug issues. One of the biggest challenges with logs is the cost of managing them, so earlier this year, we launched the ability to store and retrieve Cloudflare logs using R2."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp