InfoSec News 20230921
Top News
-
Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
"The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023."
TLP1 : Green
-
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack
"The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software."
TLP1 : Green
-
Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT
"A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
"China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries."
TLP1 : Green
-
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
"A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware."
TLP1 : Green
-
Atacantes roubam conta de Trump Jr. no Twitter e anunciam (falsamente) morte de Donald Trump
"Atacantes roubam conta de Trump Jr. no Twitter e anunciam (falsamente) morte de Donald Trump
Filho do ex-Presidente dos Estados Unidos esteve sem acesso à conta durante meia hora. Atacantes fizeram também referência a Joe Biden."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
HK Cyberport Data Breach Prompts Discussions of New Cybersecurity Law
"An estimated 400 gigabytes of data was compromised, including the personal information of Cyberport staff and several startups."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
"Omron has patched PLC and engineering software vulnerabilities discovered by Dragos during the analysis of ICS malware."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
How to protect yourself from cybercrimes
"Cybercrimes, especially against seniors, continues to be a major problem in the United States. According to the FBI’s 2022 Elder Fraud Report, cybercrimes cost Americans over 60 more than $3 billion last year, an 84% increase from 2021."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Sekiryu - Comprehensive Toolkit For Ghidra Headless
"This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra in Headless mode. "
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.