Top News

• Senate Approves Bill Banning TikTok From US Government Devices

"The US Senate passed a bill on Wednesday banning federal employees from using the TikTok app on devices provided by the government.  The No TikTok on Government Devices Act was approved after no senators objected to the measure authored by Missouri republican senator Josh Hawley."

Link

TLP¹ : Green

• EU takes another step towards US data-sharing agreement

"The EU has issued a draft decision agreeing that measures taken by the United States ensure sufficient protection for personal data to be transferred from the region to US companies."

Link

TLP¹ : Green

• Chinese MirrorFace APT group targets Japanese political entities

"A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• GoTrim Brute Forcer Botnet Scans Internet for WordPress Sites

"A new Golang-based brute forcer named GoTrim is scanning the internet for self-hosted WordPress websites and attempting to gain control of WordPress site admin accounts. The botnet started the campaign in September and it is still going on."

Link

TLP¹ : Green

• Hackers Use Microsoft-Signed Malicious Windows Drivers in Post-Exploitation Activity

"Threat actors are utilizing malicious kernel-mode hardware drivers certified by Microsoft's Windows Hardware Developer Program to bypass security checks. These drivers are being used in post-exploitation activity on systems where the attacker had already gained administrative privileges."

Link

TLP¹ : Green

• 48 DDoS-hiring Services Busted by FBI in Major Sweep

"The seizure is a part of a coordinated operation dubbed Operation PowerOFF conducted in collaboration with the UK, Europol, and the Netherlands."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• California hospital breach exposed patients’ Social Security numbers, medical info

"According to the notice, beginning on October 29 an “unauthorized party” accessed the computer network of San Gorgonio Memorial Hospital, a 79-bed nonprofit facility in the small town of Banning. The hacker had access until November 10, when the breach was detected and “select” network systems isolated and shut off. The hospital hired an undisclosed third-party forensic firm."

Link

TLP¹ : Green

• Credit Card Processing Company Exposed 9 Million Transaction Records Online

"Security researcher Jeremiah Fowler together with the Website Planet research team discovered an open and non-password protected database that contained 9,098,506 records and Personally Identifiable Information (PII). This data contained credit card processing information that included merchant names, payee names, partial credit card numbers, expiration date, email address, security or access tokens, and more."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Mozilla Fixes Firefox Vulnerabilities That Could Have Lead to System Takeover

"According to Cybernews, all three of Mozilla’s products are impacted by one of the high-impact vulnerabilities, identified as CVE-2022-46878. According to Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team, Firefox 107 and Firefox ESR 102.5 both have memory safety issues. These flaws included those that appeared to have memory corruption, and with enough work, some of these could have been made to execute arbitrary code."

Link

TLP¹ : Green

• VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition.

"VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition.  A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen Security Lab."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Will 2023 be another year of chaos and instability?

"A defining characteristic of 2022 has been the way that online campaigns driven by real-world events have amassed unexpected energy, fueling hacktivism and inviting in global chaos. At times, the internet has become a battleground of competing spheres in which nation-state linked actors and devoted pro-nationalist vigilantes and hacktivists fight for supremacy and media attention."

Link

TLP¹ : Green

• Product showcase: Searchable encryption in Elasticsearch and OpenSearch with IronCore Labs

"When it comes to sensitive data, search services are the ultimate treasure trove for hackers. Why slowly sift through information when a search service has indexed it all for you? "

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Accelerating Vulnerability Identification and Remediation

"Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle. "

Link

TLP¹ : Green

• ADFSRelay - Proof Of Concept Utilities Developed To Research NTLM Relaying Attacks Targeting ADFS

"This repository includes two utilities NTLMParse and ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp