Está aqui

InfoSec News 20190916

Publicado: Seg, 16/09/2019 - 11:05

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

Australian intelligence reportedly concluded that China was responsible for a major hack on Australia’s parliament in the lead up to its most recent elections

The hack on Australia’s parliament, which also impacted three of Australia’s major political parties including Liberal, Labor, and National, was revealed earlier this year. Sources said it was unclear when the attack began or how long it went on for.

Link

TLP¹ : Green

US sanctions North Korea for Lazarus, Bluenoroff and Andariel launched Global Cyber Attacks

North Korea and its leader Kim Jong-UN was left embarrassed last Friday when US authorities issued sanctions against 3 North Korean State-funded hacking groups named Lazarus, Bluenoroff and Andariel for launching Global Cyber Attacks to fund Pyongyang’s illicit weapon and missile programs.

Link

TLP¹ : Green

Cyber attacks on pharma firms on the rise

From 44 per cent of machines infected in 2017 and a 1 per cent increase in 2018, this year’s number of detected attempts shows that nearly every 5-in-10 devices inside a pharmaceutical facility are now being targeted globally

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

The Capital One Data Breach and Vendor Cybersecurity Risks

Capital One suffered a serious data breach as a result of the actions of one individual who downloaded nearly 30 GB of 100 million Capital One Financial Corporation credit applications from an Amazon cloud data server.

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

New Amazon phishing scam stealing credit card data

A new Amazon phishing scam email is circulating, that tricks users into handing over their personal as well as financial information including credit card information to online crooks.

Link

TLP¹ : Green

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

CISO do’s and don’ts: Lessons learned

Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being buffeted by an increasingly complex and always shifting threat landscape.

Link

TLP¹ : Green

Making Intelligence Actionable: Cybersecurity Preparedness in the Credit Union Industry

As the threat landscape continues to evolve, organizations need to be increasingly proactive in their approach to cybersecurity.

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

Shodan-Eye - Tool That Collects All The Information About All Devices Directly Connected To The Internet Using The Specified Keywords That You Enter

This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview.

Link

TLP¹ : Green

Hybrid and cybersecurity threats and the European Union’s financial system

The authors document the rise in hybrid threats and cyber attacks in the European Union. Exploring preparations to increase the resilience of the financial system they find that at the individual institutional level, significant measures have been taken, but the EU finance ministers should advance a broader political discussion on the integration of the EU security architecture applicable to the financial system.

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

Red:Not for disclosure, restricted to participants only.
Amber: Limited disclosure, restricted to participants organizations.
Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp

Infosec News

Análise / Investigações

Campanha Social Engineering

Analise ao Emotet

Campanha Smishing CTT

Campanha de Phishing BBVA

Campanha de phishing/ malware Millennium BCP

Newsletters

Para subscrever ou anular a subscrição da nossa newsletter InfoSec, seleccione a opção e preencha os campos abaixo.

CSIRT.MAI

InfoSec News 20190916

Top News

Perito revela que site de autenticação do Estado está a partilhar dados com o Facebook

A bug in Instagram exposed user accounts and phone numbers

DDoS attack forces Wikipedia offline

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

Australian intelligence reportedly concluded that China was responsible for a major hack on Australia’s parliament in the lead up to its most recent elections

US sanctions North Korea for Lazarus, Bluenoroff and Andariel launched Global Cyber Attacks

Cyber attacks on pharma firms on the rise

Breaches: Data Breaches and Hacks

The Capital One Data Breach and Vendor Cybersecurity Risks

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

New Amazon phishing scam stealing credit card data

WordPress XSS Bug Allows Drive-By Code Execution

Incident Response: Infrastructure, Training, SIEM and Incident Handling

CISO do’s and don’ts: Lessons learned

Making Intelligence Actionable: Cybersecurity Preparedness in the Credit Union Industry

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

Shodan-Eye - Tool That Collects All The Information About All Devices Directly Connected To The Internet Using The Specified Keywords That You Enter

Hybrid and cybersecurity threats and the European Union’s financial system