C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 31/20

  1. ‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot [Catalin Cimpanu, ZDNet Zero Day]
  2. BootHole issue allows installing a stealthy and persistent malware [Pierluigi Paganini, Security Affairs]
  3. Zoom bug allowed attackers to crack private meeting passwords [Sergiu Gatlan, Bleeping Computer]
  4. Multiple Tor security issues disclosed, more to come [Catalin Cimpanu, ZDNet Zero Day]
  5. Open source F5 Big-IP exploit detector released [Juha Saarinen, it news]
  6. Expanse Researchers Show More Than 8,000 F5 BIG-IP TMUIs Are Still Exposed on the Internet [Expanse]
  7. CISA: Attackers Are Exploiting F5 BIG-IP Vulnerability [Prajeet Nair, Data Breach Today]
  8. Cisco fixes severe flaws in data center management solution [Sergiu Gatlan, Bleeping Computer]
  9. Patch now: Cisco warns of nasty bug in its data center software [Liam Tung, ZDNet]
  10. If you own one of these 45 Netgear devices, replace it [Gareth Corfield, The Register]
  11. Over Half of Universities Suffered Data Breach in Past Year [Phil Muncaster, Infosecurity Magazine]
  12. Introducing PhishingKitTracker [Marco Ramilli]
  13. Microsoft releases open-source Linux version of Procmon tool [Lawrence Abrams, Bleeping Computer]

Infosec bits for week 30/20

  1. University of York discloses [third-party] data breach, staff and student records stolen [Charlie Osborne, Zero Day]
  2. ‘Crypto’ Scammers Weren’t the First to Crack Twitter [Mathew J. Schwartz, Information Security Media Group]
    - see also: Twitter Hacking for Profit and the LoLs
  3. Details and PoC for critical SharePoint RCE flaw released [Zeljka Zorz, Help Net Security]
    - see also: SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
  4. Critical SIGred Windows DNS bug gets micropatch after PoCs released [Ionut Ilascu, Bleeping Computer]
  5. New ‘Meow’ attack has wiped dozens of unsecured databases [Ionut Ilascu, Bleeping Computer]
  6. Data Leaks in Online Education: Almost 1 Million Records Exposed [Chase Williams, WizCase]
  7. TLS 1.0 and 1.1 deprecation for Office 365 [Microsoft]
  8. OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory [Robert Falcone, Unit 42 / Palo Alto Networks]
  9. Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See [vpnMentor]
  10. How to use MITRE ATT&CK [Mark Dufresne, Elastic Security]
  11. Understanding the Benefits of the Capability Maturity Model Integration [Nigel Sampson (guest author) / Tripwire]
  12. Why Cyber Ranges Are Effective To Train Your Teams [Mark Stone, IBM / Security Intelligence]
  13. The InfoSec Barrier to AI [Praful Krishna, Dark Reading]
  14. Europeans Aren’t Really Using COVID-19 Contact-Tracing Apps [Gabriel Geiger, Motherboard / VICE]

Infosec bits for week 29/20

  1. Zoom fixes zero-day RCE bug affecting Windows 7, more updates soon [Ax Sharma, Bleeping Computer]
  2. VMWare XPC Client validation privilege escalation vulnerability [VMWare]
  3. NIST Password Guidelines: What You Need to Know [Josh Horwitz, Infosecurity Magazine]
  4. DigiCert ICA Replacement [DigiCert]
  5. Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans [Ionut Arghire , Security Week]
  6. The Great Twitter Hack
    1. Twitter reveals that its own employee tools contributed to unprecedented hack [ Nick Statt, The Verge]
    2. Hackers Convinced Twitter Employee to Help Them Hijack Accounts [Joseph Cox, Vice]
  7. EU Court of Justice Deems Privacy Shield Unlawful [Dan Raywood, Infosecurity Magazine]
  8. Top documentary films about hacking and cybersecurity [Vera Iurcu, Avira]

Infosec bits for week 28/20

  1. University of California San Francisco pays ransomware gang $1.14m as BBC publishes ‘dark web negotiations’ [Gareth Corfield, The Register]
  2. Applying the 80-20 Rule to Cybersecurity [Dan Blum, Dark Reading / Informa]
    - see also: Framing the Security Story: The Simplest Threats Are the Most Dangerous
  3. Over 100 Wi-Fi routers fail major security test — protect yourself now [Paul Wagenseil, Tom’s Guide]
    - Full report: www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
  4. Palo Alto Networks patches critical vulnerability in firewall OS [Sergiu Gatlan, Bleeping Computer]
  5. First reported Russian BEC scam gang targets Fortune 500 firms [Ionut Ilascu, Bleeping Computer]
  6. ‘Keeper’ hacking group behind hacks at 570 online stores [Catalin Cimpanu, Zero Day]
    - If you entered card / account details on any of these sites post the dates given, consider your information compromised!
  7. Google open-sources Tsunami vulnerability scanner [Catalin Cimpanu, Zero Day]
  8. Toward trusted sensing for the cloud: Introducing Project Freta [Mike Walker, Microsoft]
  9. Intel Owl Release v1.0.0 [Eshaan Bansal, The Honeynet Project]
  10. AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals [Lindsey O’Donnell, Threatpost]
  11. Redirect auction [Dmitry Kondratyev, Kaspersky]
  12. WastedLocker Goes “Big-Game Hunting” in 2020 [Ben Baker et al, Talos / Cisco]
  13. Ireland launches COVID-19 contact tracing app based on Apple-Google API [Mike Peterson, Apple Insider]
  14. How Police Secretly Took Over a Global Phone Network for Organized Crime [Joseph Cox, Motherboard / Vice]

Infosec bits for week 27/20

  1. Update on IT Security Incident at UCSF [UCSF CISO]
  2. Evil Corp blocked from deploying ransomware on 30 major US firms [Sergiu Gatlan, Bleeping Computer]
  3. New Mac ransomware spreading through piracy [Thomas Reed, Malwarebyte]
    More information:
    1. New Mac Ransomware Is Even More Sinister Than It Appears [Lily Hay Newman, Wired]
  4. Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities [Catalin Cimpanu, ZDNet]
  5. Apple strong-arms entire CA industry into one-year certificate lifespans [Catalin Cimpanu, ZDNet]
  6. Online Learning Platform Exposes Data on One Million Students [Phil Muncaster, Infosecurity Magazine]
  7. Security lapse at South Africa’s LogBox exposed user accounts and medical data [Jake Bright, Techcrunch]
  8. Ransomware Awareness [Lenny Zeltser, SANS]
  9. AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor [US Cert]
  10. Netgear Starts Patching Serious Vulnerabilities Affecting Tens of Products [Eduard Kovacs, Security Week]
  11. Cisco Releases Security Updates for Multiple Products [US Cert]
  12. Serious Vulnerabilities in F5’s BIG-IP Allow Full System Compromise [Eduard Kovacs , Security Week]

Infosec bits for week 26/20

  1. Commencement of certain sections of the Protection of Personal Information Act, 2013 [The Presidency]
    - see also: GDPR vs POPIA
  2. Largest Ever Recorded Packet Per Second-Based DDoS Attack Mitigated by Akamai [Tom Emmons, Akamai]
  3. List of Ripple20 vulnerability advisories, patches, and updates [Ionut Ilascu, Bleeping Computer]
  4. Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it [Lorenzo Franceschi-Bicchierai, Motherboard / Vice Media]
  5. Defending Exchange servers under attack [Microsoft Defender ATP Research Team]
  6. Turn on MFA Before Crooks Do It For You [Brian Krebs]
  7. Australian PM says nation under serious state-run ‘cyber attack’ – Microsoft, Citrix, Telerik UI bugs ‘exploited’ [Simon Sharwood, The Register]
    - official advisory here
  8. Glupteba – the malware that gets secret messages from the Bitcoin blockchain [Paul Ducklin, Naked Security / Sophos]
  9. Adobe Flash Player EOL General Information Page [Adobe] – and everyone in infosec rejoices :) [now we just need that pesky Java to EOL ;)]
  10. If a Cyber Security Report Falls in a Forest, Is Anyone Listening? [Ian Trump, HackRead]
  11. To evade detection, hackers are requiring targets to complete CAPTCHAs [Dan Goodin, Ars Technica]
  12. New technique protects consumers from voice spoofing attacks [Help Net Security]
  13. Academics studied DDoS takedowns and said they’re ineffective, recommend patching vulnerable servers [Catalin Cimpanu, Zero Day]
  14. Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider [Karim Lalji and Johannes Ullrich, SANS ISC]
  15. Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It [Rokas Laurinavičius and Ilona Baliūnaitė, Bored Panda]
  16. My Adventures Hacking the iParcelBox [Sam Quinn, McAfee]

Infosec bits for week 25/20

  1. Phishing Attacks:
    1. Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com [Krebs on Security]
  2. Breaches:
    1. South African bank to replace 12m cards after employees stole master key [Catalin Cimpanu, ZDNet]
  3. Developments in Video Conferencing Systems Security:
    1. New Cisco Webex Meetings flaw lets attackers steal auth tokens [Sergiu Gatlan, Bleeping Computer]
    2. End-to-End Encryption Update [Zoom] [Eric S. Yuan, Zoom]
  4. Ransomware:
    1. City of Knoxville shuts down network after ransomware attack [Sergiu Gatlan, Bleeping Computer]
  5. General Security Interest:
    1. After a breach, users rarely change their passwords, and when they do, they’re often weaker [Daniel Tkacik, Tech Xplore]
    2. The Impending Doom of Expiring Root CAs and Legacy Clients [Scott Helme]
    3. FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy [Krebs on Security]
  6. New Vulnerabilities:
    1. Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack [Zeljka Zorz, Help Net Security]
      - List of known vulnerable vendors/devices: Overview- Ripple20
    2. SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost [ZecOps Blog]
  7. Vulnerabilities in Home Routers:
    1. WFH Alert: Critical Bug Found in Old D-Link Router Models [Tom Spring, Threat Post]
    2. Unpatched vulnerability identified in 79 Netgear router models [Catalin Cimpanu, ZDNet]

Infosec bits for week 24/20

  1. South Africa’s Life Healthcare hit by cyber attack [Aniruddha Ghosh, Reuters]
    - see also: Hackers strike at Life Healthcare, extent of data breach yet to be assessed
  2. Ransomware attackers threaten to leak Telkom client database [Jan Vermeulen, MyBroadband]
  3. Exploit code for wormable flaw on unpatched Windows devices published online [Dan Goodin, Ars Technica]
    - see also: SMBleed could allow a remote attacker to leak kernel memory
  4. 3 phishing trends organizations should watch out for [Kacey C, Digital Shadows]
    - see also: Abnormal Attack Stories: COVID-19 Relief Phishing Through Dropbox Transfer
  5. OUCH! Newsletter: Creating a Cyber Secure Home [Randy Marchany, Virginia Tech / SANS]
  6. The Hitchhiker’s Guide to Web App Pen Testing [Vanessa Sauter, Dark Reading]
  7. How Threat Actors Are Adapting to the Cloud [Charles DeBeck, IBM Security Intelligence]
  8. Email threat types: Conversation hijacking [Christine Barry, Barracuda]
  9. New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs [The Hacker News]
  10. uBlock Origin ad blocker now blocks port scans on most sites [Lawrence Abrams, Bleeping Computer]
  11. VPNs are dead. Long Live Identity-Aware Proxies [Sat G, Medium]
  12. Another Intel Speculative Execution Vulnerability [Bruce Schneier]
  13. When Your Biggest Security and Privacy Threats Come From the Ones You Love [Ericka Chickowski, Dark Reading]

Infosec bits for week 23/20

  1. Information Security and Privacy Perspectives on the EDUCAUSE 2020 Top 10 IT Issues [Brian Kelly et al, EDUCAUSE]
    - see also: EDUCAUSE COVID-19 QuickPoll Results: Information Security During the Pandemic
  2. Netwalker ransomware continues assault on US colleges, hits UCSF [Lawrence Abrams, Bleeping Computer]
  3. Threat Spotlight: Tycoon Ransomware Targets Education and Software Sectors [BlackBerry & KPMG]
  4. REvil ransomware gang launches auction site to sell stolen data [Catalin Cimpanu, Zero Day]
    - see also: REvil ransomware gang publishes ‘Elexon staff’s passports’ after UK electrical middleman shrugs off attack
  5. CISA releases new Cyber Essentials Toolkit [CISA]
  6. The ransomware that attacks you from inside a virtual machine [Mark Stockley, Naked Security / Sophos]
  7. Securing SSH: What To Do and What Not To Do [Ed Williams, Trustwave]
  8. Why is This Website Port Scanning me? [Charlie Belmer, Null Sweep]
  9. Cisco warns: These Nexus switches have been hit by a serious security flaw [Liam Tung, Zero Day]
  10. Evolution of Excel 4.0 Macro Weaponization [James Haughom and Stefano Ortolani, Lastline]
  11. The mystery of the expiring Sectigo web certificate [Paul Ducklin, Naked Security / Sophos]
  12. G Suite Marketplace primed for a privacy scandal, researchers warn [Catalin Cimpanu, Zero Day]
  13. What is pretexting? Definition, examples and prevention [Josh Fruhlinger, CSO / IDG Communications]
  14. Risk Assessment & the Human Condition [Joshua Goldfarb, Dark Reading]

Infosec bits for week 21/20

  1. Incident Of The Week: Educational Infrastructures At Risk Of Invasive Breaches [Seth Adler, Cyber Security Hub / IQPC]
  2. Sharing Threat Intelligence in Higher Ed [Meg Lloyd, Campus Technology / Ed-Tech Group]
    - see also: Predicting the Future of the SOC Analyst
  3. European supercomputers hacked in mysterious cyberattacks [Ionut Ilascu, Bleeping Computer]
    - see also: Supercomputers hacked across Europe to mine cryptocurrency
  4. The 3 Top Cybersecurity Myths & What You Should Know [Zack Schuler, Dark Reading / Informa Tech]
    - see also: Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
  5. Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019 [Doug Olenick, Bank Info Security / ISMG]
    - see also: 6 ways to be more secure in the cloud
  6. Security News This Week: Hackers Claim to Have ‘Dirty Laundry’ About Donald Trump [Brian Barrett, WIRED / Condé Nast]
    - see also: REvil Ransomware found buyer for Trump data, now targeting Madonna
  7. Microsoft warns of ‘massive’ phishing attack pushing legit RAT [Lawrence Abrams, Bleeping Computer]
    - see also: Response Playbooks » RP0001: Phishing email
  8. Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack [ROOTDAEMON]
  9. Digital Ethics in Higher Education: 2020 [John O’Brien, EDUCAUSE]
  10. Why You May Not Need to Monitor the Dark Web [Idan Aharoni, Security Week / Wired Business Media]
  11. Pingcastle – Active Directory Security Assessment Tool [Vincent Letoux, Darknet]
  12. Enhanced Safe Browsing Protection now available in Chrome [Nathan Parker et al, Google]
  13. This Service Helps Malware Authors Fix Flaws in their Code [Brain Krebs, Krebs on Security]
  14. US officials say they’ve cracked Pensacola shooter’s iPhones, blast Apple [Sean Lyngaas, Cyberscoop, Scoop News Group]
  15. Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App [Foeke Postma, Bellingcat]