Copy
Click 'Display images' to view images
QCERT News
Security Guidelines for Critical Users Working From Home - Read more
Vulnerabilities & Patches
IP-in-IP protocol routes arbitrary traffic by default - Read more
Google Releases Security Updates for Chrome - Read more
Mozilla Releases Security Updates for Firefox and Firefox ESR - Read more
Cisco Releases Security Updates - Read more
Apple Releases Security Updates - Read more
Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers - Read more
Cyber Crime & Incidents
OmanNet down for e-payments: CBO - Read more
Amtrak discloses data breach, potential leak of customer account data - Read more
Hackers steal secrets from US nuclear missile contractor - Read more
Payment App Data Breach Exposes Millions of Indians' Data - Read more
Australian sports fan portal leaks 132GB of private data - Read more
Joomla Resources Directory (JRD) Portal Suffers Data Breach - Read more
REvil Ransomware Group Auctions Stolen Data - Read more
Cyberattacks since the murder of George Floyd - Read more
Google caught Iranian and Chinese state hackers targeting the Trump and Biden campaigns - Read more
QNAP NAS devices targeted in another wave of ransomware attacks - Read more
Hackers hijack one of Coincheck's domains for spear-phishing attacks - Read more
Threats
STEALTHWORKER: GOLANG-BASED BRUTE FORCE MALWARE STILL AN ACTIVE THREAT - Read more
Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers - Read more
Russian Actors Are Targeting Vulnerable Exim Mail Servers. Patching Is Up, but More Than 900k Remain Online - Read more
Two vulnerabilities in Zoom could lead to code execution - Read more
System Takeover Through New SAP ASE Vulnerabilities - Read more
Unpatched Microsoft Systems Vulnerable to CVE-2020-0796 - Read more
Hurricane-Related Scams - Read more
Stolen YouTube Credentials Growing in Popularity on Dark Web Forums - Read more
Fraudulent iOS VPN Apps Attempt to Scam Users - Read more
Understanding the Payload-Less Email Attacks Evading Your Security Team - Read more
Tycoon Ransomware Targets Education and Software Sectors - Read more
Tools
kitphishr - A tool designed to hunt for Phishing Kit source code - Read more
shad0w - a post exploitation framework designed to operate covertly on heavily monitored environments - Read more
Cerbero - Kerberos protocol attacker - Read more
IBM Releases Fully Homomorphic Encryption Toolkit for MacOS and iOS; Linux and Android Coming Soon - Read more
Reports
In-depth analysis of the new Team9 malware family - Read more
Cycldek: Bridging the (air) gap - Read more
Phishing Spotlight Research Report - Read more
The Invisible Digital Threat - Mobile Ad Fraud 2019 Report - Read more
Papers
Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices - Read more
Upcoming Events
Getting Started in Security with BHIS and MITRE ATT&CK - Read more
SplunkLive! Virtual - Read more
Events Materials
WHACKZCON 2020- Track 1 - Read more
WHACKZCON 2020 - Track 2 - Read more
TMA CONFERENCE 2020 - Read more
SSTIC 2020 - Read more
The CISO Speaks Roundtable: Where Do We Go from Here? - Read more
HITBLockdown D2 - Exploiting The Netlogon Protocol - Tom Tervoort - Read more
Guidelines
CYBER RISKS TO 911: TELEPHONY DENIAL OF SERVICE - Read more
ACTIVE DIRECTORY SECURITY ASSESSMENT CHECKLIST - Read more
Webcasts / Podcasts
Cloud Forensics in AWS, Episode 2 - Read more
How to
How To Do Recon: API Enumeration - Read more
H2 Matrix Challenge - Read more
Guide to Setting Up Android Pentesting Lab - Read more
Resources-for-Beginner-Bug-Bounty-Hunters - Read more
Privacy and Compliance
Zoom says free users won't get end-to-end encryption so FBI and police can access calls - Read more
Care19 Update: Foursquare allows developers to disable IDFA collection - Read more
The need for privacy with public digital contact tracing during the COVID-19 pandemic - Read more
After Windows 10 upgrade, use this checklist to ensure safety and privacy - Read more
Zoom security: Here's how Germany got its wires crossed over video-chat privacy - Read more
Q-CERT Weekly Newsletter Service is prepared by Cyber Security Intelligence Team, all concerns, recommendations and complaints are welcomed.The views and opinions expressed in media article are those of the authors and media organizations alone.

Q-CERT | Ministry of Transport and Communications, State of Qatar | Doha P.O.Box 24514 | Qatar