InfoSec News 20240223
Top News
-
Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage
"Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer."
TLP1 : Green
-
Florida media figure Tim Burke indicted as part of Fox News computer hacking
"Journalist Tim Burke charged with hacking into Fox News distributor's computers to harvest videos of Tucker Carlson asks for donations to fund his defense"
TLP1 : Green
-
China State-Backed Hacking Groups Reportedly Targeted India And Other Countries; Here’s What We Don’t Know
"Hacking groups backed by the Chinese government launched cyberattacks against various foreign governments, companies, and infrastructure, as revealed by leaked documents from one of these groups, The Washington Post reported on February 21."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
China Facing a WikiLeaks-Style Crisis From Hacking Firm’s Data
"Cybersecurity experts in the United States and nations across in Asia and around the world have been studying a trove of documents from iSoon, a state-linked hacking group based in Shanghai."
TLP1 : Green
-
County Durham school lost 40GB of data in cyber attack from bogus email
"A school in County Durham lost 40 gigabytes of data in a cyber attack, the Police and Crime Commissioner (PCC) has revealed."
TLP1 : Green
-
AEEI’s Premier Fishing clarifies that cybercrime incident was fraud
"AFRICAN Equity Empowerment Investments (AEEI), the diversified majority black-owned investment group, with plans to delist on the JSE, clarified yesterday that an incident of what it had thought was cybercrime was fraud after a South African Police Service’s investigation."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data
"The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability
"Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
How to Use Tines's SOC Automation Capability Matrix
"Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains
"RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files."
TLP1 : Green
-
Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI
"Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.