Teenage girls tempt Israeli soliders to install spyware for Hamas
(Monday February 17, 2020)
It’s not the first time Israeli soldiers have been targeted with
Hamas honeytraps to infect their smartphones with spyware.
Twitter accounts of The Olympics and FC Barcelona hijacked by OurMine hacking group
(Monday February 17, 2020)
Is this legit?
(Monday February 17, 2020)
Post with 1 votes and 15 views. Shared by FeoisthereRager. Is this legit?
Google pulls 500 malicious Chrome extensions after researcher tip-off
(Monday February 17, 2020)
Google has abruptly pulled over 500 Chrome extensions from its Web
Store that researchers discovered were stealing browsing data and
executing click fraud and malvertising.
Google forced to reveal anonymous reviewer’s details
(Monday February 17, 2020)
A court has forced Google to reveal the details of an anonymous poster
who published an unpalatable review of a dentist.
Senator calls for dedicated US data protection agency
(Monday February 17, 2020)
The US needs a data protection agency of its own, and Kirsten
Gillibrand wants to be the one that makes it happen.
Police bust alleged operator of Bitcoin mixing service Helix
(Monday February 17, 2020)
Israeli soldiers tricked into installing malware by Hamas agents posing as women
(Monday February 17, 2020)
Monday review – the hot 24 stories of the week
(Monday February 17, 2020)
Get yourself up to date with everything weve written in the last seven
days - its weekly roundup time.
5 things you should know about cybersecurity insurance
(Monday February 17, 2020)
You leave kerosene-soaked rags all around your house. You chain smoke.
One day, while relaxing in front of an episode of CSI:Cyber, your hand
slips and a lit cigarette sets your sofa on fire. Your house burns
down. The insurance company pays out your fire insurance.(Insider
Story)
The CSO's playbook for forging board relationships
(Monday February 17, 2020)
Second Likud Party app voter data leak
(Monday February 17, 2020)
144K Canadians’ personal information breached by federal entities
(Monday February 17, 2020)
A handful of Canadian government departments and agencies have
reportedly compromised the personal information of 144,000 individuals
across 7,992 breaches experienced over the past two years. As reported
by the Canadian Broadcasting Corporation (CBC), the Canadian
government revealed the information in an answer to an order paper
question filed by Conservative MP Dean Allison late […]
The post 144K Canadians’ personal information breached by federal
entities
[https://www.itsecurityguru.org/2020/02/17/144k-canadians-personal-information-breached-by-federal-entities/]
appeared first on IT...
Olympics and FC Barcelona Twitter accounts hacked
(Monday February 17, 2020)
VPN servers hit by Iranian hackers
(Monday February 17, 2020)
Coronavirus misinformation smishing increases in South Korea
(Monday February 17, 2020)
Themegrill vulnerability allowed unauthenticated database wipe and auth bypass. Update asap as 200k+ sites affected!
(Monday February 17, 2020)
Huawei Controversy Highlights 5G Security Implications
(Monday February 17, 2020)
Security experts say that 5G supply chain concerns should be taken seriously – whether it’s in the context of Huawei or not.
Hack-Proof Your Home: Preventing Home Security System Invasions
(Monday February 17, 2020)
Hamas used pretty women to attempt cyber attack: Israel
(Monday February 17, 2020)
The military said it thwarted the malware which affected phones of some soldiers Israel's military said on Sunday it had thwarted an attempted malware attack by Hamas that sought to gain access to sol.
Trying to explain password choices to non-security people.
(Monday February 17, 2020)
CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem
(Monday February 17, 2020)
Pelosi, Pompeo turn up the heat on China's Huawei at security conference
(Monday February 17, 2020)
Cyber Threat Intelligence - Grad Research Capstone
(Monday February 17, 2020)
Javascript is required to load this page.
A friend recently got hit with Dever ransomware. The attacker appears to have been active for 14 minutes, dropping tools such as Mimikatz and Lazagne and then launching Dever ransomware which included SMB scanning, persistence mechanisms and lateral movement. See the timeline, summary and IOCs below
(Sunday February 16, 2020)
VTSCAN - scan a malicious file from terminal using VirusTotal API
(Sunday February 16, 2020)
How AI is being used to detect and fight ransomware attacks, and how criminals could use AI to plot more efficient ransomware attacks
(Sunday February 16, 2020)
Oversight - bbuseruploads.s3?
(Sunday February 16, 2020)
DOWNLOAD
Mac malware often spies on users by recording audio and video
sessions...sometimes in an undetected
manner.
OverSight monitors a mac's mic and webcam, alerting the user when the
internal mic is activated, or whenever a process accesses the webcam.
compatibility: OS X 10.10+
current version: 1.2.0 (CHANGE LOG [/changelogs/OverSight.txt])
zip's sha-1: adae7e8a2d4f78489205d6b0c3017c3ebf733f6f
One of the most insidious actions of malware, is abusing the audio and
video...
How to DOS (Denial of Service) Attack Your Own Wifi with Kali Linux
(Sunday February 16, 2020)
Signal Is Finally Bringing Its Secure Messaging to the Masses
(Saturday February 15, 2020)
The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.
Ultrasonic bracelet jams the microphones around you
(Saturday February 15, 2020)
Smart speakers and other microphone-equipped devices aren't supposed to listen all the time, but there might be a solution if you aren't willing to take any cha...
When you ask if Google Messenger has end-to-end Encryption. Don't think they actually care.
(Saturday February 15, 2020)
HackTheBox: Json - Writeup by rizemon
(Saturday February 15, 2020)
UK Police Deny Responsibility for Poster Urging Parents to Report Kids for Using Kali Linux, Discord, Virtual Machines, & Tor Browser | ZDNet
(Saturday February 15, 2020)
Content Security Policy (CSP) Bypasses
(Saturday February 15, 2020)
Bypass the content security policy (CSP) via JSONP endpoints, CSP injection, wildcards *, and other misconfigurations.
Google Removed Over 500 Chrome Extensions Due to Malware Concerns
(Saturday February 15, 2020)
Google Removed Over 500 Chrome Extensions Due to Malware Concerns
CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing
(Saturday February 15, 2020)
Martin and Dorothie Hellman on Love, Crypto & Saving the World
(Saturday February 15, 2020)
Martin Hellman, co-creator of the Diffie-Hellman key exchange, and his
wife of 53 years, Dorothie, talk about the current state of
cryptography and what making peace at home taught them about making
peace on Earth.
Hypervisor Necromancy; Reanimating Kernel Protectors
(Saturday February 15, 2020)
Phrack staff website.
Phishing Campaign Targets Mobile Banking Users
(Friday February 14, 2020)
Consumers in dozens of countries were targeted, Lookout says.
500 Malicious Chrome Extensions Impact Millions of Users
(Friday February 14, 2020)
The malicious Chrome extensions were secretly collecting users'
browser data and redirecting them to malware-laced websites.
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
(Friday February 14, 2020)
A Light at the End of Liberty Reserve’s Demise?
(Friday February 14, 2020)
Apple iPhone Users Targeted with Bogus Dating App for Valentine’s Day
(Friday February 14, 2020)
Ovum to Expand Cybersecurity Research Under New Omdia Group
(Friday February 14, 2020)
Informa Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit
research.
DHS Warns of Cyber Heartbreak
(Friday February 14, 2020)
Fraudulent dating and relationship apps and websites raise the risks
for those seeking online romance on Valentine's Day.
Bluetooth bugs – researchers find 10 “Sweyntooth” security holes
(Friday February 14, 2020)
SMS Phishing Campaign Targets Mobile Bank App Users in North America
(Friday February 14, 2020)
Customers of RBC, HSBC, TD, Meridian, BNC and Chase are targeted in
latest attack.
News Wrap: Valentine’s Day Scams and Emotet’s Wi-Fi Hack
(Friday February 14, 2020)
Debian Security Advisory 4623-1
(Friday February 14, 2020)
Slackware Security Advisory - mozilla-thunderbird Updates
(Friday February 14, 2020)
Slackware Security Advisory - New mozilla-thunderbird packages are
available for Slackware 14.2 and -current to fix security issues.
Ubuntu Security Notice USN-4278-1
(Friday February 14, 2020)
EnumJavaLibs Java Classpath Enumerator
(Friday February 14, 2020)
EnumJavaLibs is a tool that can be used to discover which libraries
are loaded (i.e. available on the classpath) by a remote Java
application when it supports deserialization.
CA Unified Infrastructure Management Command Execution
(Friday February 14, 2020)
CA Technologies, A Broadcom Company, is alerting customers to three
vulnerabilities in CA Unified Infrastructure Management (Nimsoft /
UIM). Multiple vulnerabilities exist that can allow an unauthenticated
remote attacker to execute arbitrary code or commands, read from or
write to systems, or conduct denial of service attacks. CA published
solutions to address these vulnerabilities and recommends that all
affected customers implement these solutions. The first vulnerability,
CVE-2020-8010, occurs due to improper ACL handling. A remote attacker
can execute commands, read from, or write to the...
SprintWork 2.3.1 Local Privilege Escalation
(Friday February 14, 2020)
SprintWork version 2.3.1 suffers from a local privilege escalation
vulnerability.
Debian Security Advisory 4622-1
(Friday February 14, 2020)
The 5 Love Languages of Cybersecurity
(Friday February 14, 2020)
When it comes to building buy-in from the business, all cybersecurity
needs is love -- especially when it comes to communication.
The R.A.T In The Shell
(Friday February 14, 2020)
Email Fraudsters Trick Puerto Rico’s Government into Wiring $2.6 Million to Bogus Accounts
(Friday February 14, 2020)
[Email Fraudsters Trick Puerto Rico’s Government into Wiring $2.6
Million to Bogus Accounts]Thieves managed to trick the Puerto Rico
government into making $2.6 million worth of payments to the wrong
recipient in an elaborate phishing scheme. Tricking local government
officials into making payments to bogus accounts is not as uncommon as
you might think. It’s usually done through a targeted phishing
campaign. The right precautions should make […]Slackware Security Advisory - mozilla-firefox Updates
(Friday February 14, 2020)
Slackware Security Advisory - New mozilla-firefox packages are
available for Slackware 14.2 and -current to fix security issues.
EPSON EasyMP Network Projection 2.81 Unquoted Service Path
(Friday February 14, 2020)
EPSON EasyMP Network Projection version 2.81 suffers from an unquoted
service path vulnerability.
Red Hat Security Advisory 2020-0509-01
(Friday February 14, 2020)
Red Hat Security Advisory 2020-0509-01 - The sudo packages contain the
sudo utility which allows system administrators to provide certain
users with the permission to execute privileged commands, which are
used for system management purposes, without having to log in as root.
Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2020-0498-01
(Friday February 14, 2020)
Red Hat Security Advisory 2020-0498-01 - The org.ovirt.engine-root is
a core component of oVirt. Issues addressed include cross site
scripting and null pointer vulnerabilities.
HomeGuard Pro 9.3.1 Insecure Folder Permissions
(Friday February 14, 2020)
HomeGuard Pro version 9.3.1 suffers from an insecure folder permission
vulnerability.
phpMyChat Plus 1.98 SQL Injection
(Friday February 14, 2020)
SWAPGS Attack Proof Of Concept
(Friday February 14, 2020)
dsniff Download – Tools for Network Auditing & Password Sniffing
(Friday February 14, 2020)
Dsniff download is a collection of tools for network auditing &
penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf,
and WebSpy passively monitor a network for interesting data
(passwords, e-mail, files, etc.).
ARPspoof, DNSspoof, and macof facilitate the interception of network
traffic normally unavailable to an attacker (e.g, due to layer-2
switching). sshmitm and webmitm implement active monkey-in-the-middle
attacks against redirected SSH and HTTPS sessions by exploiting weak
bindings in ad-hoc PKI.
F-SECURE Generic Malformed Container Bypass
(Friday February 14, 2020)
The F-SECURE parsing engine supports the RAR Archive. The parsing
engine can be bypassed by specifically manipulating a RAR archive.
Various products are affected.
Google Blocked 790,000 Apps from the Play Store in 2019
(Friday February 14, 2020)
Google is fighting an uphill battle when it comes to dangerous apps
that try to work their way into the Android ecosystem, and the company
prevented 790,000 dangerous apps from being published on the Play
Store in 2019 alone. The app ecosystem remains the primary means for
malware to attack mobile devices, and bad actors […]Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say
(Friday February 14, 2020)
Shodan Hacking Guide
(Friday February 14, 2020)
Cookie-nabbing app could have served users side helping of XSS
(Friday February 14, 2020)
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS)
(Friday February 14, 2020)
Suspect who refused to decrypt hard drives released after four years
(Friday February 14, 2020)
The US Court of Appeals ruled that he couldn't continue to be held for
refusing to give up his passcodes.
Facebook ices in-app dating in EU after questions from regulator
(Friday February 14, 2020)
Self-driving car dataset missing labels for pedestrians, cyclists
(Friday February 14, 2020)
Udacity Dataset 2, used to train thousands of engineers, contained
thousands of unlabeled vehicles and hundreds of unlabeled pedestrians.
U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies
(Friday February 14, 2020)
OpenSSH release (8.2) with FIDO/U2F support
(Friday February 14, 2020)
The CSO guide to top security conferences, 2020
(Friday February 14, 2020)
There is nothing like attending a face-to-face event for career
networking and knowledge gathering, and we don’t have to tell you
how helpful it can be to get a hands-on demo of a new tool or to have
your questions answered by experts.
Fortunately, plenty of great conferences are coming up in the months
ahead.
If keeping abreast of security trends and evolving threats is critical
to your job — and we know it is — then attending some top-notch
security conferences is on your must-do list for 2020.
From major events to those that are more narrowly focused, this list
from the editors...
New Phishing Scam Lures iPhone Owners with Romantic Chat, Gambling, ‘Free’ VPN
(Friday February 14, 2020)
Bitdefender this week has detected a new phishing campaign targeting
iPhone owners with a range of scams aiming to defraud unsuspecting
victims. First things first. If you receive the email pictured below,
steer clear! Don’t open if it’s marked as spam. If it arrives as
legitimate, don’t click on any link inside! That includes the […]Students’ Data left Unprotected by International Education Body
(Friday February 14, 2020)
Third-Party Bot Exposes Thousands of Instagram Accounts
(Friday February 14, 2020)
700K Sites Affected by WordPress Plugin Bug
(Friday February 14, 2020)
Loda RAT phishing Campaign Targets Americas
(Friday February 14, 2020)
Malware Security Breach Disclosed by Rutter’s
(Friday February 14, 2020)
HTTP DoS / DDoS Tools User Manual
(Friday February 14, 2020)
This whitepaper acts as a user manual to go over HTTP DoS and DDoS
tooling. Written in Turkish.
