Top News

• CISA issues guidance to help federal agencies better encrypt DNS traffic

"The CISA has issued new guidance to help federal civilian agencies better encrypt their Domain Name System (DNS) traffic as part of a broader effort to improve the security posture of their internal networks and meet a zero trust deadline this fall."

Link

TLP¹ : Green

• Norway recommends replacing SSL VPN to prevent breaches

"The Norwegian NCSC recommends organizations replace SSL VPN/WebVPN solutions with more secure alternatives, like IPsec with IKEv2, by 2025 to prevent breaches from repeated vulnerabilities."

Link

TLP¹ : Green

• SEC to require financial firms to have data breach incident plans

"The SEC now requires certain financial institutions to have written policies for detecting, addressing, and notifying customers of data breaches involving their personal information."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024

"Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes for RAT operation, and using HTTPS for C&C communication."

Link

TLP¹ : Green

• New backdoors on a European government's network appear to be Russian

"Researchers with the Slovak cybersecurity firm ESET published a technical analysis on Wednesday of the two backdoors by a suspected Russian threat group, which they named LunarWeb and LunarMail."

Link

TLP¹ : Green

• Kimsuky hackers deploy new Linux backdoor in attacks on South Korea

"Gomir shares many similarities with GoBear and features direct command and control (C2) communication, persistence mechanisms, and support for executing a wide range of commands."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• American Radio Relay League cyberattack takes Logbook of the World offline

"The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• SugarGh0st RAT Variant Used in Targeted AI Industry Attacks

"The May 2024 campaign, dubbed UNK_SweetSpecter, employs the SugarGh0st RAT, a remote access trojan tailored from the Gh0stRAT. This variant, historically linked to Chinese-speaking threat actors, has now been repurposed to target AI-related entities."

Link

TLP¹ : Green

• New Android Banking Trojan Mimics Google Play Update App

"A new Android banking Trojan called "Antidot" is targeting users across multiple regions by mimicking a Google Play update app and incorporating various malicious features like overlay attacks, keylogging, and remote control capabilities."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Train for CISSP certifications in risk management for under $32

"Right now, you can get the complete CISSP Security and Risk Management Bundle for $31.97 (reg.$39.99)."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• OWASP dep-scan: Open-source security and risk audit tool

"OWASP dep-scan is an open-source security and risk assessment tool that analyzes project dependencies to identify vulnerabilities, licensing issues, and potential risks like dependency confusion attacks."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp