Nightfall Infosec Roundup: January 27 To February 1

0cc7b68662a52b10a494da3f87cef45f_clientImage_568x183_xlarge_original_1.jpg

Exploits & Vulnerabilities


e63a992b46ef4c291a163313d140ed84_ogimg_648x432_xlarge_thumbnail_1.jpg?W=568&H=360&bestFit=1
Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon
Intel on Monday issued a processor data leakage advisory, INTEL-SA-00329, describing two chip architecture flaws, one of which it tried to fix twice before. The memo covers two security vulnerabilities: CVE-2020-0548, dubbed Vector Register Sampling and rated 2.8 Low severity, and CVE-2020-0549, described as L1D Eviction Sampling (L1Des) Leakage and rated 6.5 Medium severity.
[ READ MORE ]


7662abaefb98477d05f9baf28b8a9563_ogimg_800x453_xlarge_thumbnail_1.jpg?W=568&H=360&bestFit=1
Advanced Obfuscation Marks Widespread Info-Stealing Campaign
A large-scale spam campaign bent on spreading info-stealing malware is applying advanced obfuscation techniques to get around security scanning and maximize infection rates. According to Lastline researchers, a large botnet is distributing malicious rich text format (RTF) documents that act as downloaders for well-known info-stealers, such as Agent Tesla or LokiBot.
[ READ MORE ]


148e84dd69627dc8772ffbc046e10254_ogimg_700x412_xlarge_thumbnail_1.jpg?W=568&H=360&bestFit=1
200K WordPress Sites Vulnerable to Plugin Flaw
A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the website (essentially used as a mini-plugin).
[ READ MORE ]

Ongoing Risks & Threats


c671706dd500ba02dfce20c07a10ffe5_ogimg_860x484_xlarge_thumbnail_1.jpg?W=568&H=360&bestFit=1
US County’s Computers Still Down Nine Days After Ransomware Attack
A county in the Pacific Northwestern state of Oregon is yet to fully recover from a ransomware attack that happened over a week ago. Cyber-criminals hit Tillamook County in a targeted attack last Wednesday, January 22. As a result, all internal computer systems under the county government, which 250 county employees rely on, went down.
[ READ MORE ]


49d42cb63d852d94d915326a8eb157d8_ogimg_300x300_medium_thumbnail_1.jpg?W=568&H=360&bestFit=1
Weaponized Data Breaches: Fueling a Global Cyber Cold War
This new battlefield is filled with obfuscated identities and anonymous adversaries that have weaponized data breaches of government sites and combined this data with publicly available data to create powerful new sources of intelligence. Civil unrest, voter polarization, and international politics has increased demand for this data and as a result, we have seen increased circulation of voter information available in the underground community.
[ READ MORE ]


a6433ee07a4449bbd080b33c162f47e2_ogimg_620x300_xlarge_thumbnail_2.jpg?W=568&H=360&bestFit=1
As botnet bill gains new life, old concerns about scope linger
For years one of the most prominent pieces of legislation on this topic, the Botnet Prevention Act, which was first introduced in 2016, languished in Congress. Just last December, however, a version of the bill quietly passed through the Senate Judiciary Committee as part of a larger legislative package focused on countering the Russian government.
[ READ MORE ]


d33ef4468d99c0293f73ea53ec93b9ea_ogimg_980x552_xlarge_thumbnail_2.jpg?W=568&H=360&bestFit=1
Federal agency offers guidelines for businesses defending against ransomware attacks
The National Institute of Standards and Technology (NIST) published draft guidelines Monday providing businesses with ways to defend against debilitating ransomware attacks. The two draft practice guidelines help firms create strategies to protect data in the event of an cyberattack.
[ READ MORE ]


df7b1360c26f79ca48b42bb0bbf861ba_ogimg_720x405_xlarge_thumbnail_1.jpg?W=568&H=360&bestFit=1
N.Y. Could Ban Cities from Paying Ransomware Attackers
New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and municipal entities across the country.
[ READ MORE ]


f11b246f75e3c7104b969729a7249045_ogimg_769x630_xlarge_thumbnail_1.jpg?W=568&H=360&bestFit=1
Evil Corp Returns With New Malware Infection Tactic
Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware. Cybercrime group Evil Corp (a.k.a. TA505 or Dudear) is back in action after a short hiatus, with a technique in its arsenal not previously used by the group to distribute malware. Microsoft on Thursday said that it observed emails from the cybercriminal gang utilizing HTML redirectors.
[ READ MORE ]

Download WordPress Themes
Free Download WordPress Themes
Premium WordPress Themes Download
Download Premium WordPress Themes Free
free online course
download samsung firmware
Download Nulled WordPress Themes
free online course
Share this post: