Q-CERT Weekly Newsletter 2020-06-21

Vulnerabilities & Patches

79 Netgear router models risk full takeover due to unpatched bug - Read more

Adobe wants users to uninstall Flash Player by the end of the year - Read more

Multiple vulnerabilities fixed in VLC media player - Read more

Ripple20 - 19 Zero-Day Vulnerabilities Amplified by the Supply Chain - Read more

CVE-2020-1441 | Windows Spatial Data Service Elevation of Privilege Vulnerability - Read more

Google releases Security Updates for Chrome - Read more

Adobe Releases Security Updates for Multiple Products - Read more

Drupal releases Security Updates - Read more

ISC Releases Security Advisories for BIND - Read more

Cisco Releases Security Updates for Multiple Products - Read more

Cyber Crime & Incidents

South African bank to replace 12m cards after employees stole master key - Read more

AWS says it mitigated the largest DDoS attack ever recorded - Read more

Digging up InvisiMole's hidden arsenal - Read more

AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations - Read more

Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers - Read more

Delivery Hero Confirms Foodora Data Breach - Read more

Magecart strikes amid Corona lockdown - Read more

NHS Digital statement on NHSmail phishing incident - Read more

Global DDoS Attack Dismissed as T-Mobile Misconfiguration - Read more

Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks - Read more

Singapore Businesses Reportedly Among Targets of Global Phishing Campaign - Read more

Threats

Active ransomware campaign leveraging remote access technologies - Read more

New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users - Read more

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies - Read more

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations - Read more

New Mac malware reveals Google searches can be unsafe - Read more

Exposed Cloud Databases Attacked 18 Times Per Day - Read more

Alert: Mass credential harvesting phishing campaign active in the UK - Read more

Tools

Tsunami: An extensible network scanning engine for detecting high severity vulnerabilities with high confidence - Read more

Grafiki - Threat Hunting tool about Sysmon and graphs - Read more

Reports

Exposing Secondary Infektion - Forgeries, interference, and attacks on Kremlin critics across six years and 300 sites and platforms - Read more

AWS Shield - Threat Landscape Report – Q1 2020 - Read more

JPCERT/CC Incident Handling Report - Read more

JPCERT/CC Internet Threat Monitoring Report - Read more

Analysis of the recent report of supply chain attacks on US electric infrastructure by Chinese Actors - Read more

Do cybercriminals play cyber games during quarantine? - Read more

The Internet's New Arms Dealers: Malicious Domain Registrars - Read more

Abnormal Quarterly BEC Report Q1 2020 - Read more

Exploiting a crisis: How cybercriminals behaved during the outbreak - Read more

Papers

THREAT VECTOR: GTP. VULNERABILITIES IN LTE AND 5G NETWORKS 2020 - Read more

OPERATION IN(TER)CEPTION: TARGETED ATTACKS AGAINST EUROPEAN AEROSPACE AND MILITARY COMPANIES - Read more

People-Centric Cybersecurity from a Federal Perspective - Read more

INVISIMOLE: THE HIDDEN PART OF THE STORY - Read more

Events Materials

DevSecCon 2020 - Hardening your soft software supply chain - Read more

Hacking the Cybersecurity Job Market: A Primer for Students & Grads - Read more

Venture Investments, Active Directory in Azure, and Null Points! | June 17, 2020 | vOPCDE #7 - Read more

Best Practices for Building a Cybersecurity Strategy - Read more

Guidelines

Digital Identity Guidelines - Read more

Webcasts / Podcasts

Forensic Lunch 6/19/20 - how Google does IR Management - Read more

How to

Microsoft Azure Fundamentals - Read more

ADVENTURES IN PHISHING EMAIL ANALYSIS - Read more

A Guide to Digital Reconnaissance - Read more

Five Password Tips for Securing the New WFH Normal - Read more

Privacy and Compliance

Norway pulls its coronavirus contacts-tracing app after privacy watchdog's warning - Read more

Facebook's FTC-Mandated Privacy Committee Now in Effect - Read more

COMPARING CONTACT TRACING APPS FOR CORONAVIRUS AROUND THE WORLD - Read more

Q-CERT Weekly Newsletter Service is prepared by Cyber Security Intelligence Team, all concerns, recommendations and complaints are welcomed.The views and opinions expressed in media article are those of the authors and media organizations alone.

Q-CERT | Ministry of Transport and Communications, State of Qatar | Doha P.O.Box 24514 | Qatar