InfoSec News 20190705
Top News
-
Hacker who disrupted Sony gaming gets a 27-months jail sentence
"Austin Thompson (23) from Utah, the hacker who carried out massive DDoS attacks on Sony, EA, and Steam gets a 27-months prison sentence."
TLP1 : Green
-
Pirate Party MEP Elected Vice-President of EU Parliament
"The Pirate Party political movement owes its early success to sticking up for The Pirate Bay, following a raid in Sweden. Since then, it has come a long way. In recent years Pirates have delivered many excellent politicians and Marcel Kolaja, one of the new MEPs, has just been elected as a Vice-President of the EU Parliament."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Amazon Admits Alexa Voice Recordings Saved Indefinitely
"Amazon’s acknowledgment that it saves Alexa voice recordings – even sometimes after consumers manually delete their interaction history – has thrust voice assistant privacy policies into the spotlight once again."
TLP1 : Green
-
St John Ambulance service hit by ransomware attack
"The UK’s St John Ambulance service says that it was hit by a ransomware attack earlier this week, but if the attackers hoped they might massively disrupt the volunteer first aid service then they’ll be massively disappointed."
TLP1 : Green
-
Russian 'Silence' hacking crew turns up the volume – with $3m-plus cyber-raid on bank's cash machines
"Dutch Bangla falls victim to coordinated ATM scam"
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Thousands Left Vulnerable in Nexus Repository
"A recent issue in Nexus Repository left many companies and government agencies vulnerable, as thousands of private artifacts were left unprotected, according to a July 2 blog post from researchers Daniel Shapira and Ariel Zelivansky, with Twistlock Labs."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)
"Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems."
TLP1 : Green
-
Open Sesame! Zipato’s smart hub hacked to open front doors
"Unfortunately, according to Black Marble researchers Chase Dardaman and Jason Wheeler, the Zipato controller has three critical security flaws which could be used together by hackers to open your home’s doors for you."
TLP1 : Green
-
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
"Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration
"Using 0xsp mongoose you will be able to scan a targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API."
TLP1 : Green
-
Magento 2.3.1: Unauthenticated Stored XSS to RCE
"This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.