InfoSec News 20240214
Top News
-
Forget hacking — the Flipper Zero can now play games on your TV thanks to Raspberry Pi
"While the Flipper Zero has gotten a bad rap over how it’s been misused in Bluetooth spamming attacks, it’s actually an open-source multi-tool designed with security pentesters and geeks in mind. From copying and reproducing key fobs and garage door opener signals to changing TV channels, there was already plenty you could do with the Flipper Zero and a bit of time."
TLP1 : Green
-
Gone Phishing – Email Scams at Marshall University
"Phishing scams are one of the most common forms of cybercrime, and they can act as an easy entry point for scammers to begin digging their way into a student or faculty member’s personal accounts and any organizations that the victim is a part of."
TLP1 : Green
-
Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages
"Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses
"The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024."
TLP1 : Green
-
Microsoft says hackers from China, Russia, North Korea and Iran using its OpenAI tools: ‘don’t want them to have access’
"State-backed hackers from Russia, China, and Iran have been using tools from Microsoft-backed OpenAI to hone their skills and trick their targets, according to a report published on Wednesday."
TLP1 : Green
-
South Korea says presumed North Korean hackers breached personal emails of presidential staffer
"South Korean President Yoon Suk Yeol’s office says that presumed North Korean hackers breached the personal emails of one of his staff members ahead of Yoon's trip to Europe in November"
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Falha expõe dados de utilizadores do ExpressVPN
"O ExpressVPN desativou o split tunneling no Windows após descobrir que os pedidos de DNS não eram corretamente direcionados"
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability
"A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders."
TLP1 : Green
-
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
"Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024
"The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Secbutler - The Perfect Butler For Pentesters, Bug-Bounty Hunters And Security Researchers
"Secbutler is a utility tool made for pentesters, bug-bounty hunters and security researchers that contains all the most used and tedious stuff commonly used while performing cybersecurity activities (like installing sec-related tools, retrieving commands for revshells, serving common payloads, obtaining a working proxy, managing wordlists and so forth)."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.