InfoSec News 20251020

  • Publicado: Seg, 20/10/2025 - 14:55

Top News

  • AWS outage crashes Amazon, PrimeVideo, Fortnite, Perplexity and more

"AWS outage has taken down millions of websites, including Amazon.com, Prime Video, Perplexity AI, Canva and more."

Link

TLP1 : Green

  • TikTok videos continue to push infostealers in ClickFix attacks

"Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware."

Link

TLP1 : Green

  • Google ads for fake Homebrew, LogMeIn sites push infostealers

"A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • China finds “irrefutable evidence” of US NSA cyberattacks on time Authority

"China claims the US NSA hacked its National Time Service Center by exploiting staff phone flaws since March 2022, stealing sensitive data."

Link

TLP1 : Green

  • Experian fined $3.2 million for mass-collecting personal data

"Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR)"

Link

TLP1 : Green

  • Europol dismantles SIM box operation renting numbers for cybercrime

"European law enforcement in an operation codenamed 'SIMCARTEL' has dismantled an illegal SIM-box service that enabled more than 3,200 fraud cases and caused at least 4.5 million euros in losses."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • F5 breach exposes 262,000 BIG-IP systems worldwide

"Over 262K F5 BIG-IP devices exposed after threat actors stole source code and data on undisclosed flaws in a recent F5 breach."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • ConnectWise Patches Critical Flaw in Automate RMM Tool

"Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations."

Link

TLP1 : Green

  • Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks

"On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • VMware Certification: Your Next Career Power Move

"Every IT pro remembers the first time they built something that just worked. A perfectly tuned lab, clean deployment, the moment everything clicked. VMware certification gives you that feeling again and again."

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • Operation MotorBeacon : Threat Actor targets Russian Automotive Sector using .NET Implant

"SEQRITE Labs Research Team has recently uncovered a campaign which involves targeting Russian Automobile-Commerce industry which involves commercial as well as automobile oriented transactions , we saw the use of unknown .NET malware which we have dubbed as CAPI Backdoor."

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News