Top News

• FBI disrupts hacking network 'linked to Russian intelligence services'

"They say the hackers - believed to be from the secretive hacking arm of Russia's Main Intelligence Directorate (better known as the GRU) - gained access to more than 1,000 personal and small business internet routers in the US and around the world."

Link

TLP¹ : Green

• Cutting kids off from the dark web – the solution can only ever be social

"Ciaran Martin, the National Cyber Security Centre's first CEO and current Oxford University professor, weighed into the discussion on Thursday, saying that there is no single technology-based solution and that there should be a greater focus on the dark web in the country's schools."

Link

TLP¹ : Green

• Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

"A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS)."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• U.S. State Government Network Breached via Former Employee's Account

"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee."

Link

TLP¹ : Green

• U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

"The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities."

Link

TLP¹ : Green

• Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor

"The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Integris data breach involved 2.4 million people, 90% of them Oklahomans, government says

"As a potential class action lawsuit kicks off in federal court, Integris Health has told federal regulators that nearly 2.4 million individuals were affected by a data breach last year involving Social Security numbers and other personal information."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Eight Vulnerabilities Disclosed in the AI Development Supply Chain

"Details of eight vulnerabilities found in the open source supply chain used to develop in-house AI and ML models have been disclosed by AI cybersecurity startup Protect AI. All have CVE numbers, one has critical severity, and seven have high severity."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Incident Response Planning Using Artificial Intelligence

"With the rapid progress of the Artificial Intelligence, there is a significant chance of failure. There is no technological development without failure, just that the outcome of the failure should not be disastrous. AI failures can cluster based on security, privacy violations, or lack of transparency and accountability. The companies must be prepared to respond to massive failures which may involve legal aid."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes

"When running nullsection on any ELF, it could be .ko rootkit, after that if you use Ghidra/IDA to parse ELF functions, nothing will appear no function to parse in the decompiler for example, even if you run readelf -S / path /to/ elf the following message will appear "There are no sections in this file.""

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp