Security daily (21-04-2020)

How To Hack A Company By Circumventing Its WAF For Fun And Profit - Part 2

(News ≈ Packet Storm)

The CFAA Is Finally Being Reviewed By The Supreme Court

(News ≈ Packet Storm)

DForce Hacker Returns $25m In Stolen Cryptocurrency

(News ≈ Packet Storm)

Nintendo Accounts Are Getting Hacked To Buy Fortnite Currency

(News ≈ Packet Storm)

Hackers Target Oil Producers With Attacks

(News ≈ Packet Storm)

Obfuscated WordPress Malware Dropper

It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make it unreadable to the naked eye. In our recent post we demonstrated how the PHP function fileputcontents is used to inject malicious data into a website file — but in that example, hackers used concatenated decimal strings to obfuscate much of their malicious PHP code. Continue reading Obfuscated WordPress Malware Dropper at Sucuri Blog. (Sucuri Blog)

The Incident Response Challenge 2020 — Win $5,000 Prize!

Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts.

The challenge is available on https://incident-response-challenge.com/ and is open to anyone willing to test his or her investigation skills, between April 21st and May (The Hacker News)

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure.

The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information (The Hacker News)

Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans.

The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays (FPGAs) have been covered in a paper titled "The (The Hacker News)