InfoSec News 20240404
Top News
-
Firms Must Work Harder to Guard Children’s Privacy, Says UK ICO
"The UK’s privacy regulator has warned social media and video sharing platforms that they must improve data protection practices to safeguard children using their services."
TLP1 : Green
-
Leicester Council Confirms Confidential Documents Leaked in Ransomware Attack
"The UK local authority said on April 3 that around 25 documents have been leaked, including rent statements, applications to purchase council housing and personal identification documents such as passport information."
TLP1 : Green
-
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies
"Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Two Lithuanian MPs targeted by Chinese hackers for a decade
"In a recently revealed indictment against seven alleged Chinese hackers, the U.S. Department of Justice asserted that their activities spanning over a decade “resulted in the confirmed and potential compromise of work and personal email accounts, cloud storage accounts, and telephone call records belonging to millions of Americans.”"
TLP1 : Green
-
Ukraine hands out awards to vigilante hackers for cyber-attacks against Russia
"A team of vigilante hackers known as One Fist has been recognised by Ukraine's military for their cyber-attacks against Russia. The group that has been involved in stealing data from Russian military firms and hacking cameras to spy on troops has reportedly been sent awards of gratitude for its efforts."
TLP1 : Green
-
U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
"The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Millions of SurveyLama users have data exposed in major breach
"The company confirmed the breach to Troy Hunt, the creator of the Have I Been Pwned? website which aggregates email addresses exposed in data breaches."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure
"Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS)."
TLP1 : Green
-
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
"The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Considerations for Operational Technology Cybersecurity
"Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security architectures."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Chiasmodon - An OSINT Tool Designed To Assist In The Process Of Gathering Information About A Target Domain
"Chiasmodon is an OSINT (Open Source Intelligence) tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials (usernames and passwords), CIDRs (Classless Inter-Domain Routing), ASNs (Autonomous System Numbers), and subdomains. the tool allows users to search by domain, CIDR, ASN, email, username, password, or Google Play application ID."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.