C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 42/20

  1. Happy Weekend Patching
  2. New Exploits
  3. Security and Academia
  4. Vulnerabilities in Virtual Appliances
  5. Ransomware and Data-Leaks

Infosec bits for week 41/20

  1. Cybersecurity Awareness Month (CAM) Toolkit [SANS Institute]
  2. Security Awareness Episodes [Stay Safe Online / NCSA]
  3. 8 tips to tighten up your work‑from‑home network [Paul Ducklin, Sophos]
  4. Hackers Steal Swiss University Salaries [AFP, Eyewitness News]
  5. ZeroLogon(CVE-2020-1472) – Attacking & Defending [Andy Gill, ZeroSec]
    - see also: How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472
  6. Three common mistakes in ransomware security planning [Frank Trovato, Info-Tech Research Group / Help Net Security]
    - see also: Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam
  7. Processing Data to Protect Data: Resolving the Breach Detection Paradox [Andrew Cormack]
    - see also: Government Woe as Education Department Fails GDPR Test
  8. Open Source Threat Intelligence Searches for Sustainable Communities [Robert Lemos, Dark Reading / Informa PLC]
  9. QNAP fixes critical flaws that could lead to device takeover [Sergiu Gatlan, Bleeping Computer]
  10. We Hacked Apple for 3 Months: Here’s What We Found [Sam Curry]
  11. Iran’s total internet shutdown is a blueprint for breaking the web [Matt Burgess, WIRED / Condé Nast]

Infosec bits for week 40/20

October is Cybersecurity Awareness Month and CISA has published some useful resources: National Cybersecurity Awareness Month

  1. Ransomware and Malware
  2. Data Leaks
  3. Breaches
  4. Vulnerabilities
  5. General

Infosec bits for week 39/20

  1. Surge in DDoS attacks targeting education and academic sector [Ionut Ilascu, Bleeping Computer]
  2. German investigators treating ransomware attack as negligent homicide, reports say [Sean Lyngaas, Cybersccop / Scoop News Group]
  3. Cyber insurer’s security scans reduced ransomware claims by 65% [Lawrence Abrams, Bleeping Computer]
  4. New and improved Security Update Guide! [Microsoft Security Response Center]
  5. A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads [Dan Goodin, Ars Technica]
  6. Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [Catalin Cimpanu, Zero Day]
  7. Cybersecurity Skills Gap Threatens Job Effectiveness Amidst Global Talent Shortage [Cybrary]

Infosec bits for week 38/20

  1. Tracking Attacks on Critical Infrastructure
  2. Latest Data Leaks
  3. Attack on Academia
  4. Malware and Ransomware Extortion on the Rise
  5. General

Infosec bits for week 37/20

  1. Top of the news/attacks:
  2. Patch time:
  3. Awareness/general:
  4. Interesting reading:

Infosec bits for week 36/20

Infosec bits for week 35/20

  1. Identify:
  2. Protect and Detect:
  3. Respond:
  4. Recover:

Infosec bits for week 34/20

  1. The Experian data leak
  2. And Some protection mechanisms against identity fraud and spam SMS
  3. And more data leaks:
  4. Malware in the wild
  5. Other interesting articles:
  6. And a remotely exploitable DoS vulnerability in BIND:

Infosec bits for week 33/20

  1. Higher Ed Attacks / Breaches:
  2. Other Breaches / Leaks:
  3. Awareness / Detection:
  4. Advisories / Patches:
  5. General