Infosec News 20210709
Top News
-
Microsoft says that the emergency patch recently released correctly fix the PrintNightmare flaw
"Microsoft confirmed that the emergency security updates (KB5005010) correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527)."
TLP1 : Green
-
Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files
"While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly."
TLP1 : Green
-
Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems
"Multiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal (aka Vue PACS), some of which could be exploited by an adversary to take control of an affected system."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits
"A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members."
TLP1 : Green
-
Police Arrest Two More For Uploading 10 Minute Movie Edits to YouTube
"Last month, police in Japan arrested three people for uploading so-called "fast movies" to YouTube."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Morgan Stanley reports data breach after vendor Accellion hack
"Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor."
TLP1 : Green
-
Dell Wyse Management Suite subject to database exposure, session hijacking
"Dell has patched vulnerabilities in the Wyse Management Suite (WMS) that could open up databases to abuse and put administrative sessions at risk."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
CISA Releases Analysis of FY20 Risk and Vulnerability Assessments
"CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors."
TLP1 : Green
-
Cisco Releases Security Updates for Multiple Products
"Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Hancitor Making Use of Cookies to Prevent URL Scraping
"Over the years, the cybersecurity industry has seen many threats get taken down, such as the Emotet takedown in January 2021. It doesn’t usually take long for another threat to attempt to fill the gap left by the takedown. Hancitor is one such threat."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Ipa-Medit - Memory Search And Patch Tool For Resigned Ipa Without Jailbreak
"Ipa-medit is a memory search and patch tool for resigned ipa without jailbreak. It was created for mobile game security testing."
TLP1 : Green
-
Cariddi - Take A List Of Domains, Crawl Urls And Scan For Endpoints, Secrets, Api Keys, File Extensions, Tokens And More...
"Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.