Top News

• FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

"The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015."

Link

TLP¹ : Green

• North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

"State-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN."

Link

TLP¹ : Green

• Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection

"The Russia-linked hacking crew known as Turla has been observed using an updated version of a known second-stage backdoor referred to as Kazuar."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign

"The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent."

Link

TLP¹ : Green

• Researchers Expose Prolific Puma's Underground Link Shortening Service

"A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years."

Link

TLP¹ : Green

• Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

"A threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year."

Link

TLP¹ : Green

• Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

"F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Postmeds Announces Data Breach Impacting Hundreds of Thousands of Consumers Nationwide

"On October 31, 2023, Postmeds, Inc. d/b/a TruePill (“TruePill”) filed a notice of data breach with the Attorney General of Texas after discovering that an unauthorized user gained access to files stored on the company’s network that contained sensitive patient information."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

"As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems."

Link

TLP¹ : Green

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

"Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Hands on Review: LayerX's Enterprise Browser Security Extension

"The browser has become the main work interface in modern enterprises. It's where employees create and interact with data, and how they access organizational and external SaaS and web apps."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• TrafficWatch - TrafficWatch, A Packet Sniffer Tool, Allows You To Monitor And Analyze Network Traffic From PCAP Files

"TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp