Top News

• ServiceNow Data Exposure: A Wake-Up Call for Companies

"Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in "unintended access" to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of sensitive corporate data. ServiceNow has since taken steps to fix this issue. "

Link

TLP¹ : Green

• Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

"Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster."

Link

TLP¹ : Green

• New Hunters International ransomware possible rebrand of Hive

"A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service

"New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany."

Link

TLP¹ : Green

• Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware

"A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE."

Link

TLP¹ : Green

• Malvertising via Dynamic Search Ads delivers malware bonanza

"Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating one. Today, we look at a different scenario where, as strange as that may sound, malvertising was entirely accidental."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Boeing Investigates LockBit Ransomware Breach Claims

" Aerospace giant Boeing says it is “assessing” claims by a notorious ransomware group that it has stolen a “tremendous amount” of sensitive data from the firm, according to reports. "

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto

"The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• What is Cybersecurity? Protecting Our Digital Tomorrow

"In an age where we begin our days with digital notifications and end with streaming shows, the convenience of our digital realm carries risks. Imagine every piece of data we share, from coffee orders to family photos, journeying through a vast web of networks—vulnerable to misuse. This is where cyber security steps in as our digital protector."

Link

TLP¹ : Green

• Generative AI A Boon for Organizations Despite the Risks, Experts Saylvertising via Dynamic Search Ads delivers malware bonanza

"Generative AI is too beneficial to abandon despite the threats it poses to organizations, according to experts speaking at the ISC2 Security Congress 2023."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys

"Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations. We believe these operations have been active for at least two years and are still active today."

Link

TLP¹ : Green

• Teams_Dump - PoC For Dumping And Decrypting Cookies In The Latest Version Of Microsoft Teams

"PoC for dumping and decrypting cookies in the latest version of Microsoft Teams"

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp