Top News

• Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

"Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign."

Link

TLP¹ : Green

• Mixin network loses $200M in attack of its cloud provider

"Decentralized protocol Mixin Kernel reported a loss of approximately $200 million in digital assets due to a security breach at an unnamed cloud services provider. The breach occurred on Sept. 23 and was confirmed in a Sept. 25 post on social media platform X (formerly Twitter)."

Link

TLP¹ : Green

• TikTok Scandal Unveiled: Temu Referral Scams Exploit Fake Celebrity Leaks for Rewards

"In the vast landscape of TikTok, a troubling trend has emerged as scammers exploit the allure of fake celebrity photo leaks to push referral rewards for the online shopping giant, Temu."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

"An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time."

Link

TLP¹ : Green

• North Korean Lazarus Group amasses over $40M in Bitcoin, data reveals

"North Korean hacking collective Lazarus Group holds a whopping $47 million in cryptocurrency, most of which is in Bitcoin 
BTC $26,130"

Link

TLP¹ : Green

• 'ChatGPT bandido': como submundo da internet cria IA própria para roubar

"De gente criando códigos maliciosos sem saber programar a imitação da voz de autoridades, o cibercrime vive uma nova era, graças à inteligência artificial generativa, aquela capaz de criar conteúdo…"

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• TD Ameritrade, Charles Schwab facing lawsuits over data breach in March

"Omaha-based TD Ameritrade Inc. and Charles Schwab, which acquired the company in 2019, have been sued in federal court in Omaha over a data breach of customer information earlier this year."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

"The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Zero Trust Authentication: 7 key principles of the new security concept

"Jasson Casey, CTO at Beyond Identity, outlines Zero Trust Authentication – a brand-new concept that seeks to revolutionise how we think about the relationship between authentication and security."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• HTMLSmuggler - HTML Smuggling Generator And Obfuscator For Your Red Team Operations

"The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems, by disguising malicious payloads within seemingly harmless HTML and JavaScript code."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp