Cyber WAR Weekly Awareness Report 2020-06-29

Jun-29-20
June 29, 2020

The Cyber WAR (Weekly Awareness Report) is an Open Source Intelligence AKA OSINT resource focusing on advanced
persistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category
directed at both business and political targets. Attack vectors include system compromise, social engineering, and even
traditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.
Summary
Symantec ThreatCon Low: Basic network posture
This condition applies when there is no discernible network incident activity and no malicious
code activity with a moderate or severe risk rating. Under these conditions, only a routine
security posture, designed to defeat normal network threats, is warranted. Automated systems
and alerting mechanisms should be used.
Other IWC Publications

The Cyber Intelligence Report (CIR) series caters to an
array of subjects ranging from Exploits, Advanced
Persistent Threat, National Infrastructure, Dark Web,
Digital Forensics & Incident Response (DIFR), and the
gambit of digital dangers. amzn.to/2UuIG9B
Interesting News
* The Cyber WAR (CWAR) recently received an overhaul. There is more content now along with more sections. You can
find previous issues of the CWAR here: informationwarfarecenter.com/CIR. We are constantly trying to improve the value of
our publications. This includes or Cyber Intelligence Report series and other books in our library. If you have any
suggestions for more content, please let us know: publications@informationwarfarecenter.com.
* * We have an active Facebook group that discusses topics ranging from computer forensics to ethical hacking and more.
Join the Cyber Secrets Facebook group here. If you would like to receive the CIR updates by email, Subscribe!
Index of Sections
Current News
* Packet Storm Security
* Krebs on Security
* Dark Reading
* The Hacker News
* Security Week
* Infosecurity Magazine
* KnowBe4 Security Awareness Training Blog
* ISC2.org Blog
* HackRead
* Koddos
* Naked Security
* Threat Post
* Null-Byte
* IBM Security Intelligence
* Threat Post
* C4ISRNET - Media for the Intelligence Age Military
The Hacker Corner:
* Security Conferences
* Google Zero Day Project
Cyber Range Content
* CTF Times Capture the Flag Event List
* Vulnhub
Tools & Techniques
* Packet Storm Security Latest Published Tools
* Kali Linux Tutorials
* GBHackers Analysis
InfoSec Media for the Week
* Black Hat Conference Videos
* Defcon Conference Videos
* Hak5 Videos
* Eli the Computer Guy Videos
* Security Now Videos
* Troy Hunt Weekly
* Intel Techniques: The Privacy, Security, & OSINT Show
Exploits and Proof of Concepts
* Packet Storm Security Latest Published Exploits
* CXSecurity Latest Published Exploits
* Exploit Database Releases
Cyber Crime & Malware Files/Links Latest Identified
* CyberCrime-Tracker
Advisories
* Dark Web Resources
* Dark Web News
* US-Cert (Current Activity-Alerts-Bulletins)
* Zero Day Initiative Advisories
* Packet Storm Security's Latest List
Information Warfare Center Products
* CSI Linux
* Cyber Secrets Videos & Resoures
* Information Warfare Center Print & eBook Publications
Credits
Packet Storm Security
* Nvidia Squashes Display Driver Code Execution Bug

* Glupteba Malware Leverages Blockchain As A Comms Channel
* Republicans Who Don't Understand Encryption Introduce Bill To Break It
* More Than 75% Of All Vulnerabilities Reside In Indirect Dependencies
* Assange Charged With Recruiting And Conspiring With Hackers
* PlayStation Announces Bug Bounty Program
* FBI Warns K12 Schools Of Ransomware Attacks Via RDP
* Microsoft: Patch Your Exchange Servers, They're Under Attack
* Twitter Terminates DDoSecrets Claiming It Will Infect You
* Facial Recognition To Predict Criminals Sparks Row Over AI Bias
* This Sneaky Malware Goes To Unusual Lengths To Cover Its Tracks
* European Union May Quarantine The United States
* Israeli Spyware Used To Target Moroccan Journalist, Amnesty Claims
* Adobe Prompts Users To Uninstall Flash Player As EOL Date Looms
* Privacy-Focused OS Wants To Know How Facebook And The FBI Hacked It
* Twitter Apologizes For Business Data Breach
* Google Analytics Abused To Conceal Theft Of Payment Card Data
* 296 Gigs Of Police Data Published In BlueLeaks
* Encrypted Phone Network Shutting Down After Police Hack
* Microsoft Details How Sophisticated Attacks Can Move Quickly
* Is Spyware Technology Helping Governments Hack Phones?
* Australian PM Morrison Warns Of Sophisticated State Hack
* Detroit Man Cuffed For Hacking University Of Pittsburgh Medical Center
* Top French Court Upholds $56 Million Google Privacy Breach Fine
* Four Zero-Days Spotted In Attacks On Researchers' Fake Networks
Krebs on Security
* Russian Cybercrime Boss Burkov Gets 9 Years

* New Charges, Sentencing in Satori IoT Botnet Conspiracy
* 'BlueLeaks' Exposes Files from Hundreds of Police Departments
* Turn on MFA Before Crooks Do It For You
* FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy
* When Security Takes a Backseat to Productivity
* Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com
* Microsoft Patch Tuesday, June 2020 Edition
* Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity
* Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service
Dark Reading
* Major US Companies Targeted in New Ransomware Campaign

* 5 New InfoSec Job Training Trends: What We're Studying During COVID-19
* SOC Wins & Losses
* Good Cyber Hygiene in a Post-Pandemic World Starts with Us
* Criminals Turn to IM Platforms to Avoid Law Enforcement Scrutiny
* 7 Tips for Effective Deception
* Contact Tracing & Threat Intel: Broken Tools & Processes
* Vulnerabilities Declining in Open Source, But Slow Patching Still a Problem
* Another Record-Breaking DDoS Attack Signals Shift in Criminal Methods
* Better Collaboration Between Security & Development
* Lucifer Malware Aims to Become Broad Platform for Attacks
* 'GoldenSpy' Malware Hidden in Tax Software Spies on Companies Doing Business in China
* Apple Buys Fleetsmith
* No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
* Average Cost of a Data Breach: $116M
* Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19
* COVID-19: Latest Security News & Commentary
* Rethinking Enterprise Access, Post-COVID-19
* Microsoft Previews Windows Defender ATP for Android
* Twitter Says Business Users Were Vulnerable to Data Breach
The Hacker News
* 'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

* WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers
* Docker Images Containing Cryptojacking Malware Distributed via Docker Hub
* Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners
* New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur
* VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection
* Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards
* Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online
* Over 100 New Chrome Browser Extensions Caught Spying On Users
* InvisiMole Hackers Target High-Profile Military and Diplomatic Entities
* Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free
* Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs
* New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
* Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations
* WebAuthn Passwordless Authentication Now Available for Atlassian Products
Security Week
* Hybrid Malware 'Lucifer' Includes Cryptojacking, DDoS Capabilities

* Man Convicted of Stealing High Tech Trade Secrets for China
* Salesforce Ventures Investment Values Tanium at $9 Billion
* Hackers Target Online Stores With Web Skimmer Hidden in Image Metadata
* Hackers Threaten to Leak Files Stolen From Australian Beverage Firm Lion
* Data Privacy, Other Measures Qualify for California Ballot
* NVIDIA Patches Code Execution Flaws in GPU Drivers
* IBM Discloses Tenda Powerline Extender Flaws Apparently Ignored by Vendor
* Siemens Acquires System-on-Chip Analytics Company UltraSoC
* Police Raids Target Users of Illegal Online Forum in Germany
* Developer of DDoS Botnets Based on Mirai Code Sentenced to Prison
* US Cybercom Virtual War Game Girds Against Increased Threats
* Login Now: Enterprise Lockdown Virtual Event - Immerse and Interact
* Ransomware Operators Claim They Hacked LG
* 'GoldenSpy' Malware Hidden In Chinese Tax Software
* Zoom Appoints Former Salesforce Security Executive as CISO
* Morocco Investigates Journalist After Amnesty Claims
* Apple Acquires Device Management Company Fleetsmith
* Akamai Mitigates Record 809 MPPS DDoS Attack
* Sony Launches PlayStation Bug Bounty Program on HackerOne
Infosecurity Magazine
* US Bill Proposes Ban on Feds' Using Facial Recognition Technology

* Fraudster Jailed for Stealing Millions from US Seniors
* $200m Spear Phished from Cryptocurrency Exchanges
* Microsoft: Patch IIS Bug Now to Protect Exchange Servers
* European Commission: Still Work to Do on GDPR
* Domestic Abuse Victims Exposed in Cloud Misconfiguration
* Police Seize Alleged Bitcoin Raider's $90m in Assets
* HelpSystems Acquires Two Security Software Companies
* 350,000 Social Media Influencers and Users at Risk Following Data Breach
* PlayStation Announces Bug Bounty Program
* NCSC: One Million Phishing Messages Reported in Two Months
* IRMS Appoints New Chair with Diversity, Inclusion and Education at Top of Agenda
KnowBe4 Security Awareness Training Blog RSS Feed
* Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

* Work From Home in America Sets Major Target for Russian Hackers
* [Heads Up] A New Devilish Malware Worm Called Lucifer Is Targeting Your Windows Workstations
* New Training Modules Added on Data-Driven Defense
* Survey Says...You've Been Pwned
* 'New VPN Configuration' Email Tricks Microsoft 365 Users Out of Credentials
* 20% of Organizations Provided No Cybersecurity Guidance to Users Making the Shift to Working from Hom
* Enterprises Experience Nearly Five Times as Many Mobile Phishing Attacks as Last Year
* How You Can Increase Employee Engagement with Security Awareness Training
* New Ransomware Strain CryCryptor Targets Canada on COVID-19 Tracing App
ISC2.org Blog
* There's Training ... and there's Official Training: Know the Differences
* (ISC)2 Costa Rica Chapter: Sharing reflections and lessons learned from Maze Team attack
* (ISC)2 Costa Rica Chapter: Sharing reflections and lessons learned from Maze Team attack
* On-Premise Accelerated Training to Resume at Firebrand
* Advice from 3 Cyber Pros on Getting Certified
* Report: Cybersecurity Understaffing Lowers Ability to Handle Cyber Threats
* 10 Critical Skills for the Cybersecurity Workforce
HackRead
* Sony Announces PlayStation Bug Bounty Program

* Lucifer malware infects Windows & launch DDoS attack using NSA exploits
* Russian hacker Aleksei Burkov jailed for 9 years in US
* Major Magecart skimming attack hits 8 local US government sites
* Mainstream European bank hit by largest ever PPS based DDoS attack
* Domestic violence assistance app breached placing victims at risk
* "I think you appear in this video" phishing scam hijacks Facebook accounts
Koddos
* Sony Announces PlayStation Bug Bounty Program

* Lucifer malware infects Windows & launch DDoS attack using NSA exploits
* Russian hacker Aleksei Burkov jailed for 9 years in US
* Major Magecart skimming attack hits 8 local US government sites
* Mainstream European bank hit by largest ever PPS based DDoS attack
* Domestic violence assistance app breached placing victims at risk
* "I think you appear in this video" phishing scam hijacks Facebook accounts
Naked Security
* Fancy hacking a PlayStation? Sony announces its bug bounty program

* REvil gang threaten to auction celebrity data from Mariah Carey, Lebron James, MTV and more
* Patch time! NVIDIA fixes kernel driver holes on Windows and Linux
* Twitter apologizes for leaking businesses' financial data
* Glupteba - the malware that gets secret messages from the Bitcoin blockchain
* iOS 14, macOS Big Sur, Safari to give us 'No, thanks!' option for ad tracking
* United States wants HTTPS for all government sites, all the time
* 'BlueLeaks' exposes sensitive files from hundreds of police departments
* Anatomy of a survey scam - how innocent questions can rip you off
* Hacker indicted for stealing 65K employees' PII in medical center hack
Threat Post
* DarkCrewFriends Returns with Botnet Strategy

* 8 U.S. City Websites Targeted in Magecart Attacks
* 'Cardplanet' Operator Sentenced to 9 Years for Selling Stolen Credit Cards
* Satori Botnet Creator Sentenced to 13 Months in Prison
* TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior
* Nationwide Facial Recognition Ban Proposed By Lawmakers
* Golang Worm Widens Scope to Windows, Adds Payload Capacity
* Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs
* Office 365 Users Targeted By 'Coronavirus Employee Training' Phish
* Emerging Ransomware Targets Photos, Videos on Android Devices
Null-Byte
* Zuitte Offers 50+ Must-Have Tools for Entrepreneurs

* How to Identify Antivirus Software Installed on a Target's Windows 10 PC
* How to Use Postenum to Gather Vital Data During Post-Exploitation
* Become a Big Data Expert with This 10-Course Bundle
* How to Use One-Lin3r to Quickly Generate Reverse Shells, Privesc Commands & More
* Become a Computer Forensics Pro with This $29 Training
* This Extensive Python Training Is Under $40 Today
* How to Program an ESP8266 or ESP32 Microcontroller Over Wi-Fi with MicroPython
* How to Write Your Own Bash Script to Automate Recon
* Lock Down Your DNS with a Pi-Hole to Avoid Trackers, Phishing Sites & More
IBM Security Intelligence
* The Security Risks of Contactless Payment

* Vulnerable Powerline Extenders Underline Lax IoT Security
* Three Approaches to Cybersecurity Planning for Post-Pandemic Cloud Adoption
* Visibility and Threat Detection in a Remote Working World
* An Apple a Day: Treating BYOD Pains with Apple User Enrollment
* A Game of Chess: Entropy and Patterns in Threat Intelligence
* Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey
* Best Practices for Managing Data Privacy & Responding to Privacy Breaches
* Introducing Collaborative Automated Course of Action Operations (CACAO): An Emerging Cybersecuri
* Chaos Engineering and Security: Upgrading Simulation Exercises For More Dynamic Threat Environments
InfoWorld
* What's new in Microsoft .NET 5

* Oracle unveils Helidon 2.0 for Java microservices
* Why data and processing should live in the cloud, not on devices
* Amazon Honeycode lets non-developers build apps
* What's new in Angular 10
* MLflow is now a Linux Foundation project
* AI is now a C-suite imperative
* GitHub's Super Linter is 'one linter to rule them all'
* Python may get pattern matching syntax
* BrandPost: The Case for an Enterprise Kubernetes Platform
C4ISRNET - Media for the Intelligence Age Military
* Army selects eight counter-drone systems for the joint force

* Leonardo DRS wins Army network installation contract
* FCC unlikely to change course on Ligado decision
* How Project Blackjack is turning the corner
* Capella Space will share synthetic aperture radar imagery with NGA
* This training tool could be the answer to stop mass cyberattacks
* 'Lightning in her veins': How Katie Arrington is convincing defense contractors to love cybersecurity
* A machine-learning approach could help counter disinformation
* Pandemic doesn't slow cyber training for the Army
* Senate wants more clarity on cyber ops
The Hacker Corner
Conferences
* REVULN
* Suits & Spooks
* HACKLU (hack.lu)
* InfoSec Conference Spotlight Series
* NorthSec
* THOTCON
* nullcon
* TROOPERS
* We Stand With The #BLM Movement
* Cybersecurity Podcasts (With Categories)
Google Zero Day Project
* FF Sandbox Escape (CVE-2020-12388)

* A survey of recent iOS kernel exploits
Capture the Flag (CTF)
CTF Time has links to a lot of current Capture the Flag competitions and information on past events. Below is
a list if CTFs they have on thier calendar.
* CSCML CTF 2020

* ASIS CTF Quals 2020
* SCTF-XCTF 2020
* FAUST CTF 2020
* TSG CTF 2020
* rgbCTF 2020
* UIUCTF 2020
* ENOWARS 4
* 3kCTF-2020
* CyBRICS CTF 2020
VulnHub Downloadable CTFs for your Cyber Range (Most use VirtualBox)
* Ganana: 1
* infovore: 1
* Assertion: 1
* BBS: 1
* GainPower: 1
Tools & Techniques
Packet Storm Security Tools Links
* Hashcat Advanced Password Recovery 6.0.0 Source Code

* Hashcat Advanced Password Recovery 6.0.0 Binary Release
* Keystone 0.9.2
* Sifter 7.4
* Lynis Auditing Tool 3.0.0
* Haveged 1.9.12
* Packet Fence 10.1.0
* Haveged 1.9.11
* Haveged 1.9.10
* Zeek 3.1.4
Kali Linux Tutorials
* Attacker-Group-Predictor : Tool To Predict Attacker Groups

* EvilPDF - Embedding Executable Files In PDF Documents
* Needle : Instant Access To You Bug Bounty Submission Dashboard On Various Platforms
* Atlas : Quick SQLMap Tamper Suggester v1.0
* RMIScout : Bruteforce Attacks Against Exposed Java RMI Interfaces
* StegCloak : Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
* BabyShark : Basic C2 Server 2020
* URLCrazy : OSINT Tool To Generate And Test Domain
* Impost3r : A Linux Password Thief
* Xeexe : Undetectable & Xor Encrypting With Custom KEY
GBHackers Analysis
* Vulnerability in Bitdefender Anti-Virus Let Hackers Run The Malicious Arbitrary Code Remotely
* Cisco Webex Meetings for Windows Let Hackers Gain Access to Sensitive Data
* VLC Vulnerability Let Remote Hackers to Execute Arbitrary Code with User Privilege
* Multiple Flaws in GTP Tunneling Protocol Let Hackers to Attack 3G/4G/5G Users
* SMBleed - Windows SMB Protocol Bug Let Hackers Leak Kernel Memory & Execute a Code Remotely
Weekly Cyber Security Video and Podcasts
Black Hat
* Practical steps on your zero trust journey. A CyberWire Pro Briefing by Rick Howard.
* CyberWire office tour with Dave: week 5
* DATATRIBE TOUR WITH DAVE
* evm: ALLSTAR: New Challenge Problems for Static Analysis
Defcon Conference
* DEF CON Safe Mode

* Breaking the back end! - Gregory Pickett - DEF CON China 1
* Bridge Attack Double edged Sword in MobileSec - Zidong Han - DEF CON China 1
* Creating the DEFCON China 1.0 Badge - Joe Grand - DEF CON China 1
Hak5
* Law Enforcement Data Leaked in BlueLeaks - ThreatWire

* Hacking a 3D Printer to run on USB-C Power w/ Glytch!
* Facial Recognition Bans are Trending - ThreatWire
The PC Security Channel [TPSC]
* NordVPN Review: How secure is a VPN?

* How to Decrypt Ransomware: A full guide
Eli the Computer Guy
* Raspberry Pi - Setup Pi Hole for DNS Security

* Raspberry Pi - Control GPIO Pins with GPIOzero Library
* Raspberry Pi - How to Begin Coding Python on Raspberry Pi
* Raspberry Pi - How to Use Raspberry Pi OS
Security Now
* Ripple20 - Security Now 772

* Lamphone - Security Now 771
Troy Hunt
* Weekly Update 197
Intel Techniques: The Privacy, Security, & OSINT Show
* 176-Privacy Crash Course 03: Mobile Devices

* 175-Privacy Crash Course 02: Email & Messengers
Proof of Concept (PoC) & Exploits
Packet Storm Security
* Inductive Automation Ignition Remote Code Execution

* iOS / macOS Wifi Proximity Kernel Double-Free
* Online Student Enrollment System 1.0 Shell Upload
* FHEM 6.0 Local File Inclusion
* Windows Print Spooler Privilege Escalation
* ASUS Aura Sync 1.07.71 Privilege Escalation
* Cisco AnyConnect Path Traversal / Privilege Escalation
* NETGEAR R6700v3 Password Reset / Remote Code Execution
* BSA Radar 1.6.7234.24750 Cross Site Scripting
* Responsive Online Blog 1.0 SQL Injection
* Online Student Enrollment System 1.0 Cross Site Request Forgery
* Qmail Local Privilege Escalation / Remote Code Execution
* GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting
* Lansweeper 7.2 Default Account / Remote Code Execution
* Code Blocks 20.03 Denial Of Service
* LanSpy 2.0.1.159 Stack Buffer Overflow
* Student Enrollment 1.0 Remote Code Execution
* Odoo 12.0 Local File Inclusion
* WebPort 1.19.1 Cross Site Scripting
* FileRun 2019.05.21 Cross Site Scripting
* Online Student Enrollment System 1.0 Arbitrary File Upload
* Trend Micro Web Security (Virtual Appliance) Remote Code Execution
* Mereo 1.9.4 Denial Of Service
* Frigate 2.02 Denial Of Service
* Beauty Parlour Management System 1.0 SQL Injection
CXSecurity
* Inductive Automation Ignition Remote Code Execution

* Online Student Enrollment System 1.0 Shell Upload
* Cisco AnyConnect Path Traversal / Privilege Escalation
* NETGEAR R6700v3 Password Reset / Remote Code Execution
* Mereo 1.9.4 Denial Of Service
* LanSpy 2.0.1.159 Stack Buffer Overflow
* Trend Micro Web Security (Virtual Appliance) Remote Code Execution
Proof of Concept (PoC) & Exploits
Exploit Database
* [local] KiteService 1.2020.618.0 - Unquoted Service Path

* [local] Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
* [webapps] OpenEMR 5.0.1 - 'controller' Remote Code Execution
* [webapps] FHEM 6.0 - Local File Inclusion
* [remote] mySCADA myPRO 7 - Hardcoded Credentials
* [webapps] BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting
* [local] Lansweeper 7.2 - Incorrect Access Control
* [dos] Code Blocks 20.03 - Denial Of Service (PoC)
* [webapps] Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)
* [webapps] Responsive Online Blog 1.0 - 'id' SQL Injection
* [dos] Frigate 2.02 - Denial Of Service (PoC)
* [webapps] WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
* [webapps] WebPort 1.19.1 - Reflected Cross-Site Scripting
* [webapps] Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
* [webapps] Odoo 12.0 - Local File Inclusion
* [webapps] Student Enrollment 1.0 - Unauthenticated Remote Code Execution
* [webapps] FileRun 2019.05.21 - Reflected Cross-Site Scripting
* [webapps] Beauty Parlour Management System 1.0 - Authentication Bypass
* [webapps] OpenCTI 3.3.1 - Directory Traversal
* [local] Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)
* [webapps] College-Management-System-Php 1.0 - Authentication Bypass
* [local] Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path
* [webapps] Gila CMS 1.11.8 - 'query' SQL Injection
* [webapps] Netgear R7000 Router - Remote Code Execution
* [remote] SOS JobScheduler 1.13.3 - Stored Password Decryption
Exploit Database for offline use
Kali has the Exploit-DB preinstalled and updates the database on a monthly basis. The tool that they have
added is called "SearchSploit". This can be installed on Linux, Mac, and Windows. Using the tool is also quite
simple. In the command line, type:
user@yourlinux:~$ searchsploit keyword1 keyword2
There is a second tool that uses searchsploit and a few other resources writen by 1N3 called "FindSploit". It is
also a command line (CLI) tool used to search for exploits, but it also requires online access.
Cyber Crime & Malware Files/Links Latest Identified
CyberCrime-Tracker
infocheckdetails.com/salvation/webpanel/login.php
[CWHQ:21176] Type: Tesla - IP: 38.114.114.163
poiuytrewq3.site/login/
[CWHQ:21175] Type: TaurusStealer - IP: 82.146.49.38
180.214.236.98/webpanel/10/login.php
[CWHQ:21174] Type: Tesla
usafile.info/
[CWHQ:21164] Type: Nexus - IP: 8.210.21.253
host-109-234-35-62.hosted-by-vdsina.ru/
[CWHQ:21163] Type: Nexus - IP: 109.234.33.9
194.87.111.43/
[CWHQ:21162] Type: Nexus
185.205.209.42/
109.234.35.62/
ggtyyu.pw/login.php
[CWHQ:21159] Type: OskiStealer - IP: 92.53.96.159
Tor Dark Web Search Engines
Dark Web Websites.
This resource has been added to give those using the Tor Dark Web some extra search engines they may not
have had before. To access .onion sites, you must have access to the Tor network. Disclaimer: Do NOT break
the law!
Ahmia: "searches hidden services on the Tor network. To access these hidden services, you need the Tor
browser bundle. Abuse material is not allowed on Ahmia. See our service blacklist and report abuse material if
you find it in the index. It will be removed as soon as possible.""
Link: msydqstlz2kzerdg.onion
Candle: Tor Search is a "Google" like search engine that crawl s Tor sites.
Link: gjobqjj7wyczbqie.onion
Kilos: Dark Market Search Engine: As per this article, Kilos was searching over 525k forum posts, 60k listings,
2500 vendors, and 190k reviews of 5 of the biggest Tor Dark Markets.
Link: dnmugu4755642434.onion
Onion.Live: "We are a Tor Network directory created to monitor and study popular .onion hidden services. Our
focus is to track the darknet websites uptime, as it conveys a lot of information for cybersecurity professionals.
Onion.live is designed to offer URL uptime stats and protection against common darknet scam such as
phishing, and it's only suitable for informative purposes only. No endorsements are made or implied regarding
any hidden service or organizations mentioned here."
Link: onion.live
Tor66: As per this article, Tor66 was searching the Tor Onion network and has the option for looking at random
.onion sites (dangerous if not filtered), the top 100 sites calculated by them, and "fresh” sites (also
dangerous if not filtered).
Link: tor66sezptuu2nta.onion
TORCH: "is a very efficient crawler and search engine which is 24 hour indexing new contents from the Tor
network. It serves over 80,000 search requests every day from Tor users looking for content in Tor network and
it is referred by hundreds of sites within Tor and on the clear web."
Link: xmh57jrzrnw6insl.onion
Dark Web News
Coinbase Eager To Sell Blockchain Analysis Software To Government Agency Duo
Blockchain Analytics Software Sale: Coinbase, the most prominent cryptocurrency exchange, is now eager to
sell its blockchain analytics software named Coinbase Analytics. According to the public documents, two U.S.
government agencies would be buying the software from Coinbase. As records obtained through the sources, it
reveals that the Internal Revenue Service (IRS) and the U.S. [...] The post Coinbase Eager To Sell Blockchain
Analysis Software To Government Agency Duo appeared first on Dark Web Link | Deep web Onion Links |
Darknet News.
Truecaller Sells 4.75 Cr Indian's Data on the Darknet Markets
An online intelligence firm named Cyble has flagged a criminal to sell Truecaller records of 4.75 Cr Indians on
the Darknet Markets. The Truecaller data was sold on the dark web for a meagre amount of just Rs. 75,000.
Although after the flagship, the Sweden based caller identification app has straightforwardly denied any
breaches that [...] The post Truecaller Sells 4.75 Cr Indian’s Data on the Darknet Markets appeared
first on Dark Web Link | Deep web Onion Links | Darknet News.
International Collaboration Aids in Italian Paedophile Arrest
A 30-year-old Italian individual (Italian Paedophile) has been arrested by the Italian State Police (Polizia di
Stato). It is stated that the arrest took place within just ten days of the video discovery. International police
forces also equally took part in the arrest incident to trace down the accused who allegedly produced child
sexual abuse [...] The post International Collaboration Aids in Italian Paedophile Arrest appeared first on Dark
Web Link | Deep web Onion Links | Darknet News.
Trend Micro Anti-Malware Blog

* XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
* New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
* Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs
* New Tekya Ad Fraud Found on Google Play
* Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
* Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
* Netwalker Fileless Ransomware Injected via Reflective Loading
* QNodeService: Node.js Trojan Spread via Covid-19 Lure
* May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released
* Tropic Trooper's Back: USBferry Attack Targets Air-gapped Environments
Advisories
US-Cert Alerts & bulletins
* Apache Releases Security Advisory for Apache Tomcat

* Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software
* VMware Releases Security Updates for Multiple Products
* Adobe Releases Security Updates for Magento
* Google Releases Security Updates for Chrome
* ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises
* Microsoft Releases Security Updates for Windows
* Cisco Releases Multiple Security Updates
* AA20-133A: Top 10 Routinely Exploited Vulnerabilities
* AA20-126A: APT Groups Target Healthcare and Essential Services
* Vulnerability Summary for the Week of June 15, 2020
* Vulnerability Summary for the Week of June 8, 2020
Zero Day Initiative Advisories
ZDI-CAN-11433: Foxit
A CVSS score 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) severity vulnerability discovered by 'Mat Powell of
Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2020-06-26, 3 days ago. The vendor is
given until 2020-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will
coordinate the release of a public advisory.
ZDI-CAN-11432: Foxit
A CVSS score 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) severity vulnerability discovered by 'Mat Powell of
Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2020-06-26, 3 days ago. The vendor is
given until 2020-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will
coordinate the release of a public advisory.
ZDI-CAN-11417: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
Packet Storm Security - Latest Advisories
Ubuntu Security Notice USN-4404-2

Ubuntu Security Notice 4404-2 - USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update
provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Thomas E. Carroll discovered
that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An
attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues
were also addressed.
Red Hat Security Advisory 2020-2755-01
Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol
version 2 protocol in C. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2020-2751-01 - AMQ Broker is a high-performance messaging implementation
based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports
multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.7.0 serves as a
replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For
further information, refer to the release notes linked to in the References section.
Ubuntu Security Notice 4403-1 - It was discovered that Mutt incorrectly handled certain requests. An attacker
could possibly use this issue to enable MITM attacks. This update also address a regression caused in the last
update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu
19.10.
Red Hat Security Advisory 2020-2740-01 - Red Hat Satellite is a system management solution that allows
organizations to configure and maintain their systems without the necessity to provide public Internet access to
their servers or other client systems. It performs provisioning and configuration management of predefined
standard operating environments.
Ubuntu Security Notice 4402-1 - Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl
incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive
information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. It was discovered that curl
incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file.
Various other issues were also addressed.
Red Hat Security Advisory 2020-2732-01 - The OpenStack Identity service authenticates and authorizes
OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple
forms of authentication, including user name and password credentials, token-based systems, and AWS-style
logins.
Red Hat Security Advisory 2020-2730-01 - KVM is a full virtualization solution for Linux on a variety of
architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines
that use KVM in environments managed by Red Hat products. Issues addressed include an out of bounds
access vulnerability.
Red Hat Security Advisory 2020-2729-01 - OpenStack Shared Filesystem Service provides services to manage
network filesystems for use by Virtual Machine instances. OpenStack Shared Filesystem Service provides
services to manage network filesystems for use by Virtual Machine instances.
ABUS Secvest Wireless Control Device Missing Encryption
The wireless communication of the ABUS Secvest Wireless Control Device (FUBE50001) for transmitting
sensitive data like PIN codes or IDs of used proximity chip keys (RFID tokens) is not encrypted.
Red Hat Security Advisory 2020-2653-01 - Docker is an open-source engine that automates the deployment of
any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
Red Hat Security Advisory 2020-2635-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues
addressed include a double free vulnerability.
Red Hat Security Advisory 2020-2706-01 - Updated microcode_ctl packages that fix several security bugs and
add various enhancements are now available.
Red Hat Security Advisory 2020-2681-01 - The skopeo command lets you inspect images from container
image registries, get images and image layers, and use signatures to create and verify files. An issue was
addressed where container images read the entire image manifest into memory.
Red Hat Security Advisory 2020-2684-01 - The Container Network Interface project consists of a specification
and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of
supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated
resources when the container is deleted. Issues addressed include a man-in-the-middle vulnerability.
Red Hat Security Advisory 2020-2683-01 - The dpdk packages provide the Data Plane Development Kit, which
is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include an
integer overflow vulnerability.
Red Hat Security Advisory 2020-2667-01 - The kernel packages contain the Linux kernel, the core of any Linux
operating system. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2020-2669-01 - This is a kernel live patch module which is automatically loaded by
the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free
vulnerability.
Red Hat Security Advisory 2020-2672-01 - The libexif packages provide a library for extracting extra
information from image files. Issues addressed include buffer over-read, denial of service, and information
leakage vulnerabilities.
Red Hat Security Advisory 2020-2676-01 - Grafana is an open source, feature rich metrics dashboard and
graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a server-side request forgery
vulnerability.
Red Hat Security Advisory 2020-2670-01 - The pcs packages provide a command-line configuration system for
Information Warfare Center Products
CSI Linux: Current Version: 2020.2
Download here.
CSI Linux is a Linux Distro focusing on Online/Live/Disk Forensic Investigations,

Incident Response, Reverse Engineering, OSINT, and SIIGINT.
CSI Linux Investigator is a Virtual Machine Appliance that contains 3 different virtual machines. CSI Linux
Analyst is the environment that you will use most of the time. CSI Linux Gateway is a Tor gateway that can help
mask your online location while allowing the tools within CSI Linux Analyst access to the Tor dark web. CSI
Linux SIEM contains the tools you need for identifying local network threats.
* Version 2020.3 is soon to be released! This next version will combine the 3 (Analyst/SIEM/Gateway) into 1
distro with 2 different download options. The first will be a Virtul Machine like before and the second will be a
bootable install. This will allow for booting from both internal and externl drives.
CSI Linux Tutorials:
Video/None: Welcome to CSI Linux: A quick description.

Video/PDF : A beginner's guide to downloading and getting started with CSI Linux Analyst
Video/PDF : A beginner's guide to using CSI Linux Gateway With CSI Linux Analyst
Video/PDF : A beginner's guide to using CSI Linux SIEM With CSI Linux Analyst
Cyber Secrets
Cyber Secrets is a community revolving around all layers of cybersecurity. Within this community is a YouTube
Channel, FaceBook/LinkedIn Group, and a few websites.
Videos:
Anonymity on the Internet, Powershell, PsExec, & SED
Maltego demo with Social Links from mtg-bi
Powershell PsExec Network - Just the Tip (JtT)
Capture the Flag (CTF) Events:

Avengers Arsenal CTF - Ends Septemper 15th
Reverse Engineering CTF - Ends Septemper 15th
The Cyber Intelligence Report Series on Amazon
The Cyber Intelligence Report (CIR) is an Open Source Intelligence (AKA OSINT) resource centering around
an array of subjects ranging from Exploits, Advanced Persistent Threat, National Infrastructure, Dark Web,
Digital Forensics & Incident Response (DIFR), and the gambit of digital dangers.
Items that focus on cyber defense and DFIR usually spotlight capabilities in the CSI Linux environment. If
interested in helping evolve, please let us know. The CIR rotates between odd quarters issues focusing on
Blue Team and the even issues on Red Team information.
Other Publications from Information Warfare Center

Cyber WAR Weekly Awareness Report 2020-06-29

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber WAR Weekly Awareness Report 2020-06-29

Uploaded by

Copyright:

Available Formats

Jun-29-20

June 29, 2020

Other IWC Publications

* Nvidia Squashes Display Driver Code Execution Bug

* Russian Cybercrime Boss Burkov Gets 9 Years

* Major US Companies Targeted in New Ransomware Campaign

The Hacker News

* 'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

* Hybrid Malware 'Lucifer' Includes Cryptojacking, DDoS Capabilities

* US Bill Proposes Ban on Feds' Using Facial Recognition Technology

* Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

* Sony Announces PlayStation Bug Bounty Program

* Sony Announces PlayStation Bug Bounty Program

* Fancy hacking a PlayStation? Sony announces its bug bounty program

* DarkCrewFriends Returns with Botnet Strategy

* Zuitte Offers 50+ Must-Have Tools for Entrepreneurs

* The Security Risks of Contactless Payment

* What's new in Microsoft .NET 5

C4ISRNET - Media for the Intelligence Age Military

* Army selects eight counter-drone systems for the joint force

Google Zero Day Project

* FF Sandbox Escape (CVE-2020-12388)

Capture the Flag (CTF)

* CSCML CTF 2020

* Hashcat Advanced Password Recovery 6.0.0 Source Code

Kali Linux Tutorials

* Attacker-Group-Predictor : Tool To Predict Attacker Groups

* DEF CON Safe Mode

* Law Enforcement Data Leaked in BlueLeaks - ThreatWire

The PC Security Channel [TPSC]

* NordVPN Review: How secure is a VPN?

Eli the Computer Guy

* Raspberry Pi - Setup Pi Hole for DNS Security

* Ripple20 - Security Now 772

* Weekly Update 197

Intel Techniques: The Privacy, Security, & OSINT Show

* 176-Privacy Crash Course 03: Mobile Devices

* Inductive Automation Ignition Remote Code Execution

* Inductive Automation Ignition Remote Code Execution

* [local] KiteService 1.2020.618.0 - Unquoted Service Path

Exploit Database for offline use

user@yourlinux:~$ searchsploit keyword1 keyword2

Dark Web Websites.

Trend Micro Anti-Malware Blog

* Apache Releases Security Advisory for Apache Tomcat

Zero Day Initiative Advisories

Ubuntu Security Notice USN-4404-2

CSI Linux is a Linux Distro focusing on Online/Live/Disk Forensic Investigations,

CSI Linux Tutorials:

Video/None: Welcome to CSI Linux: A quick description.

Capture the Flag (CTF) Events:

Other Publications from Information Warfare Center

You might also like