Top News

• Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks

"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances."

Link

TLP¹ : Green

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

"Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection."

Link

TLP¹ : Green

• STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

"An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems.

Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. The scale of the attacks is currently not known, and it's not clear if any of these attack attempts turned out to be successful."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Hacktivism: We must urgently raise our game in cybersecurity

"A major hack into government systems on Thursday last week exposed the country’s vulnerability to cyber-attacks. Kenyans could not access public services through eCitizen."

Link

TLP¹ : Green

• Cryptojacking Attacks Skyrocketed by 400% in H1 2023: SonicWall Report

"Cybercriminals are increasingly moving away from ransomware attacks and opting for a more covert strategy of utilizing stolen computing power to mine digital currency. To increase their likelihood of success, these malicious entities constantly vary their tools, tactics, and procedures, remaining adaptive and evasive in their approach."

Link

TLP¹ : Green

• Israel busts Iranian attempt to phish state workers via LinkedIn

"Israel exposed an Iranian phishing campaign aimed at gathering information about Israeli policies and citizens, the Israel Security Agency (Shin Bet) announced on Sunday.

The Iranian campaign primarily targeted Israeli civil servants and researchers at various research institutes and had been going on for several months, the Shin Bet said."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online

"Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained 680k records. Upon further investigation, it was identified that these records were related to educational institutions. Documents inside the database suggested that it belonged to the Southern Association of Independent Schools, Inc (SAIS)."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Vyper vulnerability exposes DeFi ecosystem to stress tests

"Decentralized finance (DeFi) protocols are undergoing a stress test following a critical vulnerability was found on versions of Vyper programming language, resulting in the theft of millions of dollars worth of cryptocurrencies on July 30."

Link

TLP¹ : Green

• New smartphone vulnerability could let hackers track your location

"The research group, led by Evangelos Bitsikas, a US-based-Northeastern University PhD student, exposed the flaw by applying a sophisticated machine-learning programme to data gleaned from the relatively primitive SMS system that has driven texting in mobile phones since the early 1990s, reports Northeastern Global News."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• How Cybersecurity Assists Sustainable Development Efforts

"The link between cybersecurity and sustainability may not be clear at first glance, yet strong security is required to live greener lifestyles. Consumers may not automatically associate cybersecurity with sustainability. Tight internet security, on the other hand, is required for many of the goods and initiatives that people use to live greener lifestyles and do environmental research."

Link

TLP¹ : Green

• Securing Patient Data: Cybersecurity Challenges and Solutions in Global Healthcare Information Systems

"Securing patient data is a critical concern in the global healthcare information systems. As healthcare providers increasingly rely on digital platforms to store and manage patient information, the risk of cyber threats has significantly escalated. The healthcare sector is a prime target for cybercriminals due to the sensitive nature of the data involved, making cybersecurity a top priority for healthcare providers worldwide."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• LFI-FINDER - Tool Focuses On Detecting Local File Inclusion (LFI) Vulnerabilities

"LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities. Local File Inclusion is a common security vulnerability that allows an attacker..."

Link

TLP¹ : Green

• Artemis - APK Infrastructure Investigator

"A tools for Find APK Infrastructure."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp