Top News

• Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data

"Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show."

Link

TLP¹ : Green

• Threat Actors Taking Advantage of FTX Bankruptcy

"It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX,  McAfee has discovered several phishing sites targeting FTX users."

Link

TLP¹ : Green

• Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers

"Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries

"State-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted."

Link

TLP¹ : Green

• Researchers Sound Alarm on Dangerous BatLoader Malware Dropper

"A dangerous new malware loader with features for determining whether it's on a business system or a personal computer has begun rapidly infecting systems worldwide over the past few months."

Link

TLP¹ : Green

• DAGON LOCKER Ransomware Being Distributed

"It was discovered that the DAGON LOCKER ransomware (hereinafter referred to as “DAGON”) is being distributed in Korea. It was first found through AhnLab ASD infrastructure’s suspicious ransomware behavior block history."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Deutsche Bank Denied Despite Data Sold on Telegram

"The hacking gang that breached Medibank's systems may also be the hackers who are providing access info to Deutsche Bank's systems on the darknet. As a result, there has been a significant attack on Deutsche Bank."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk

"Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk."

Link

TLP¹ : Green

• PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

"A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• 7 Reasons to Choose an MDR Provider

"According to a recent survey, 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That's a 53% increase from last year."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Deception at scale: How attackers abuse governmental infrastructure

"Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How attackers abuse governmental infrastructure” report."

Link

TLP¹ : Green

• Linux History File Timestamps

"While working at TrustedSec, I was issued a new company-furnished laptop to work from. While the Mac OS environment was useful, I found it useful to also setup an Ubuntu virtual machine. One reason is so I can have access to a Linux host that is very similar to the garden variety of Linux systems that I get to review during threat hunting and investigations."

Link

TLP¹ : Green

• Stealing passwords from infosec Mastodon - without bypassing CSP

"Everybody on our Twitter feed seemed to be jumping ship to the infosec.exchange Mastodon server, so I decided to see what the fuss was all about. After figuring out why exactly you had to have loads of @ symbols in your username, I began to have a look at how secure it was."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp