InfoSec News 20190509
Top News
-
C-level executives increasingly and proactively targeted by social breaches
"C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks, alerts the Verizon 2019 Data Breach Investigations Report."
TLP1 : Green
-
LulZSec and Anonymous Ita hackers published sensitive data from 30,000 Roman lawyers
"A group of hackers has stolen and published online sensitive data of 30,000 Roman lawyers, including the Mayor of Rome."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Scammers impersonate Australian Cyber Security Centre
"The Australian Cyber Security Centre has warned that scammers are seeking to impersonate ACSC staff over the phone, telling a prospective victim that they need help to “act against cyber criminals.” "
TLP1 : Green
-
San Francisco: Stop Secret Spy Tech, and Face Surveillance
"Government use of many surveillance technologies, and especially face surveillance, can invade privacy and chill free speech. It also disproportionately harms already marginalized communities: it increases the likelihood that they will be entangled with police, ICE, and other agencies with a history of abuse, bias, and unlawful violence."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites
"Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Security flaws in 100+ Jenkins plugins put enterprise networks at risk
"NCC Group researcher finds security flaws impacting more than 100 Jenkins plugins."
TLP1 : Green
-
Unpatched Address Bar Spoofing Flaw in UC Browser Exposes 600M Users to Phishing Attacks
"An URL bar address spoofing vulnerability with the latest versions of UC Browser and UC Browser Mini exposes millions of users to Phishing Attacks."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Post-mortem and remediations for Apr 11 security incident
"On April 11th we dealt with a major security incident impacting the infrastructure which runs the Matrix.org homeserver - specifically: removing an attacker who had gained superuser access to much of our production network."
TLP1 : Green
-
Top 5 Configuration Mistakes That Create Field Days for Hackers
"Having appropriate security configurations requires your applications, servers and databases to be hardened in accordance with best practices."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Finding Registry Malware Persistence with RECmd
"If you have been keeping your forensic toolkit up to date, you have undoubtedly used Registry Explorer, a game-changing tool for performing Windows registry analysis. "
TLP1 : Green
-
CQTools - The New Ultimate Windows Hacking Toolkit
"CQURE Team has prepared tools used during penetration testing and packed those in a toolkit named CQTools."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.