Here is your weekly newsletter to keep you up-to-date with the latest threats, news, tools and recommended reading.
StationX blog posts updates
A snapshot of the current threat landscape
- FBI - Operation reWired (fbi.gov)
- UNICEF Data Leak Reveals Personal Info of 8,000 Online Learners (devex.com)
- Marketer Exposes 198 Million Car Buyer Records (infosecurity-magazine.com)
- Oklahoma Law Enforcement Retirement System Incident (olers.state.ok.us)
- New Simjacker Vulnerability Exploited by Surveillance Companies for Espionage Operation (simjacker.com)
- North Korean Malicious Cyber Activity (us-cert.gov)
- ESET Discovered an Undocumented Backdoor Used by the Infamous Stealth Falcon Group (welivesecurity.com)
- COBALT DICKENS Goes Back to School Again (secureworks.com)
- More Than 99% of Threats Target Corporate Staff (infosecurity-magazine.com)
- Pupils Flagged as Cyber Threat to UK Schools (infosecurity-magazine.com)
- InnfiRAT: A New RAT Aiming for your Cryptocurrency and More (zscaler.com)
Notable vulnerabilities and patches
- Microsoft Patch Tuesday September 2019 (portal.msrc.microsoft.com)
- Adobe Releases Security Updates (us-cert.gov)
- Google Releases Security Updates for Chrome (chromereleases.googleblog.com)
- Intel Releases Security Updates (us-cert.gov)
- Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers (thehackernews.com)
New and cool tools!
- Lockdoor Pentesting Framework (github.com)
- gitCraber - Monitor Github for Sensitive Data in Real-Time (github.com)
Our recommended reads and how to guides
- API Security Project Top-10 Release Candidate (owasp.org)
- Derbycon 2019 Videos (irongeek.com)
- BSidesMCR 2018: Practical Web Cache Poisoning: Redefining 'Unexploitable' by James Kettle (youtube.com
- A New Needle and Haystack: Detecting DNS over HTTPS Usage (sans.org)
- Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response (sans.org)
- Intel NetCAT Side-Channel Attack (cs.vu.nl)
- CIS - Security Event Primer Malware (cisecurity.org)
- OWASP API Security Project (owasp.org)