Q-CERT Weekly Newsletter 2020-08-23

Vulnerabilities & Patches

Security update for Windows 8.1, RT 8.1, and Server 2012 R2: August 19, 2020 - Read more

IBM Db2 Shared Memory Vulnerability (CVE-2020-4414) - Read more

Jenkins Security Advisory 2020-08-17 - Read more

ISC Releases Security Advisories for BIND - Read more

Cisco releases Security Updates - Read more

Google Releases Security Updates for Chrome - Read more

Cyber Crime & Incidents

Tens of suspects arrested for cashing-out Santander ATMs using software glitch - Read more

Vulnerabilities Discovered in Concrete5 by Edgescan Researcher - Read more

Canada Revenue Agency suspends online services after cyberattacks - Read more

Experian South Africa curtails data incident - Read more

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware - Read more

Jack Daniel's-Maker Suffers REvil Ransomware Breach - Read more

One of the world's most famous hotels is targeted by scammers - Read more

Carnival Cruises into Danger After Ransomware Attack - Read more

University of Utah update on data security incident - Read more

Threats

Living Off Windows Land – A New Native File "downldr" - Read more

TEAM TNT – THE FIRST CRYPTO-MINING WORM TO STEAL AWS CREDENTIALs - Read more

Voice Phishers Targeting Corporate VPNs - Read more

DarkSide: New targeted ransomware demands million dollar ransoms - Read more

Malicious Docker Hub Container Images Used for Cryptocurrency Mining - Read more

New Attack Alert: Duri - Read more

Airline DMARC Policies Lag, Opening Flyers to Email Fraud - Read more

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware - Read more

FRITZFROG: A NEW GENERATION OF PEER-TO-PEER BOTNETS - Read more

New Vulnerability Could Put IoT Devices at Risk - Read more

Protecting Google Chrome users from insecure forms - Read more

Researchers Sound Alarm Over Malicious AWS Community AMIs - Read more

Transparent Tribe: Evolution analysis, part 1 - Read more

Tools

2020 CWE Top 25 Most Dangerous Software Weaknesses - Read more

BSF - Botnet Simulation Framework - Read more

Announcing MSTIC Notebooklets - Read more

Reports

MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN - Read more

EdgeScan - 2020 Vulnerability Statistics Report - Read more

Claroty Biannual ICS Risk & Vulnerability Report: 1H 2020 - Read more

Papers

A Survey of Privacy Attacks in Machine Learning - Read more

Upcoming Events

x33fcon Webinars - Read more

LevelUp0x07 - Schedule and CTF - Aug 22/23, 2020 - Read more

BSides Munich - Read more

Events Materials

DEF CON Conference - Read more

SANS Security Awareness Virtual Forum - Read more

Webcasts / Podcasts

Supply Chain Standards and Practices Updates from NIST and Industry - Read more

The State of Threat Intelligence with GreyNoise - Read more

Decrypt all the Things: How Encryption is Impacting Network-Based Security Controls - Read more

How to

Death from Above: Lateral Movement from Azure to On-Prem AD - Read more

Timeline Explorer - Read more

Privacy and Compliance

UKAS policy on recertification audit timescales during COVID-19 - Read more

Oracle and Salesforce to Face GDPR Lawsuit - Read more

Hotel group Marriot faces lawsuit over huge data breach - Read more

Q-CERT Weekly Newsletter Service is prepared by Cyber Security Intelligence Team, all concerns, recommendations and complaints are welcomed.The views and opinions expressed in media article are those of the authors and media organizations alone.

Q-CERT | Ministry of Transport and Communications, State of Qatar | Doha P.O.Box 24514 | Qatar