Top News

• Russian Killnet Hackers Claim Data Theft of FBI Agents

"On Telegram, Killnet hackers have leaked a text file showing the login credentials of 10,000 individuals whom they claim are FBI agents."

Link

TLP¹ : Green

• Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

"Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA)."

Link

TLP¹ : Green

• Okta's source code stolen after GitHub repositories hacked

"Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month.
According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware

"The Computer Emergency Response Team of Ukraine (CERT-UA) this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense."

Link

TLP¹ : Green

• GodFather Android malware targets 400 banks, crypto exchanges

"An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges."

Link

TLP¹ : Green

• UK Security Agency Wants Fresh Approach to Combat Phishing

"The UK National Cyber Security Centre (NCSC) has called for a defense-in-depth approach to help mitigate the impact of phishing, combining technical controls with a strong reporting culture.
Writing in the agency’s blog, technical director and principal architect, “Dave C,” argued that many of the well-established tenets of anti-phishing advice simply don’t work."

Link

TLP¹ : Green

• Adult Google Ad Fraud Campaign Garnered Millions of Impressions

"A new fraudulent online ad campaign using Google Ads on adult websites may have made its operators hundreds of thousands of dollars per month, according to Malwarebytes.
The security vendor reported the scheme to Google for violating its acceptable content policy, and it has since been taken down."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• German industrial giant ThyssenKrupp targeted in a new cyberattack

"German multinational industrial engineering and steel production company ThyssenKrupp AG was the target of a cyberattack."

Link

TLP¹ : Green

• SickKids reports 'cybersecurity incident' affecting some phone lines and web pages

"Toronto's Hospital for Sick Children says it's responding to a "cybersecurity incident" affecting some of its phone lines, web pages and clinical systems."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Debian GNU/Linux 11.6 “Bullseye” Released with 78 Security Updates and 69 Bug Fixes

"The Debian Project has announced the general availability of Debian GNU/Linux 11.6 as the sixth ISO release for the project’s latest Debian GNU/Linux 11 “Bullseye” operating system series."

Link

TLP¹ : Green

• Microsoft pushes emergency fix for Windows Server Hyper-V VM issues

"Microsoft has released emergency out-of-band (OOB) Windows Server updates to address a known issue breaking virtual machine (VM) creation on Hyper-V hosts after installing this month's Patch Tuesday updates.
The issue affects only VMs managed with the System Center Virtual Machine Manager (SCVMM) and using Software Defined Networking (SDN)."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• VirusTotal cheat sheet makes it easy to search for specific results

"VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence platform.
File search modifiers can assist with refining the output but the cheat sheet shows how they can be combined in real-world scenarios to find particular data."

Link

TLP¹ : Green

• Important Factors to Consider When Implementing an IAM System

"Identity and Access Management (IAM) solutions provide business applications with centralized authentication as well as credential management. Competent and thoughtful implementation is the key to success in building centralized authentication systems. Let me describe several vital details of this process."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine

"Since our last blog in early February covering the advanced persistent threat (APT) group Trident Ursa (aka Gamaredon, UAC-0010, Primitive Bear, Shuckworm), Ukraine and its cyber domain has faced ever-increasing threats from Russia. Trident Ursa is a group attributed by the Security Service of Ukraine to Russia’s Federal Security Service."

Link

TLP¹ : Green

• HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites 

"An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp