Top News

• Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

"Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server."

Link

TLP¹ : Green

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

"Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH)."

Link

TLP¹ : Green

• Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

"Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace

"Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022."

Link

TLP¹ : Green

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT

"Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT."

Link

TLP¹ : Green

• Youth arrested for circulating morphed pictures of teachers through Instagram

"A person who circulated morphed pictures of school teachers on Instagram has been arrested. A Kottappadi native, Binoy (26) was arrested in relation t..."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Pizza Hut Australia hack: data breach exposes customer information and order details

"Company says it believes about 193,000 customers are affected by the breach, which it spotted in early September"

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

"Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure."

Link

TLP¹ : Green

• GitLab Releases Urgent Security Patches for Critical Vulnerability

"GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• 4 steps for purple team success

"Purple teams are about continuously strengthening and adapting cyber defenses. Here are a few steps to achieve a successful purple-team exercise."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Callisto - An Intelligent Binary Vulnerability Analysis Tool

"Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the psuedo code output looking for potential security vulnerabilities in that pseudo c code."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp