InfoSec News 20200115
Top News
-
CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities
"The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections."
TLP1 : Green
-
Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
"After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products"
TLP1 : Green
-
27% of Windows users are still running Windows 7. They need to stop now
"At 11am PST (7pm UK), Microsoft will release its last ever Patch Tuesday updates for Windows 7. After today, Microsoft says it won’t release any more security patches for the ageing operating system."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
The VB2020 call for papers - how it works
"We recently opened the call for papers for VB2020, which is to take place 30 September to 2 October in Dublin, Ireland. The deadline for the call for papers is Sunday 15 March."
TLP1 : Green
-
Strange Bedfellows: EFF Sides with PTO in Trademark Battle Over ‘Booking.com’
"EFF often criticizes the Patent and Trademark Office (PTO) for granting bad patents, but a case in the Supreme Court has us on the same side."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Iranian Threat Actors: Preliminary Analysis
"Nowadays Iran’s Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Exploit Title: Online Book Store 1.0 - 'bookisbn' SQL Injection
"Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-pr..."
TLP1 : Green
-
CVE-2020-0601: NSA Reported Spoofing Vulnerability in Windows CryptoAPI
"Microsoft kicks off the first Patch Tuesday of 2020 with the disclosure of CVE-2020-0601, a highly critical flaw in the cryptographic library for Windows."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Microsoft’s new tool detects & reports pedophiles from online chats
"The perks of the internet are quite obvious and known to all but as they say “with every blessing comes a curse,” similarly, the digital boom has brought along various concerns, online child exploitation being one. "
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
IotShark - Monitoring And Analyzing IoT Traffic
"IoTShark is a IOT monitoring service that allows users to monitor their IOT devices for trends in data sent/received. Ordinarily, setting up a man in the middle attack with proper configurations can take up quite a bit of time, and may seem dauntingly impossible for those with little to no experience in computer security or even computer science."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.