10/12/2018 06:37 PM EDT Original release date: October 12, 2018
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.
Finally, an end to robocalls? 35 state attorney generals tell FCC to pull the plug on robocalls. The AGs want the FCC to adopt SHAKEN and STIR.
10/11/2018 11:19 AM EDT Original release date: October 11, 2018
10/11/2018 01:23 PM EDT Original release date: October 11, 2018
This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States. In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The tools are:
- Remote Access Trojan: JBiFrost
- Webshell: China Chopper
- Credential Stealer: Mimikatz
- Lateral Movement Framework: PowerShell Empire
- C2 Obfuscation and Exfiltration: HUC Packet Transmitter
Google+ was started in November 2012. It will be closed by August 2019. Lack of serious use combined with a recently discovered software flaw that breached user records finally pushed G+ over the edge. G+ is doomed to suffer the fate of its’ predecessors, Google Buzz, FriendConnect, and Orcut. I only used G+ as a method to announce and promote my blog posts, and only because they were Google and it might hopefully improve page rank. It was never a destination service for me.
Facebook has suffered a data breach affecting almost 50 million accounts. Another 40 million have been reset as a “precautionary step”. New information here.