C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 42/20

Schalk Peach

2020-10-16 11:53

Happy Weekend Patching
- Microsoft October 2020 Patch Tuesday fixes 87 security bugs [Lawrence Abrams, Bleeping Computer]
- SAP Releases October 2020 Security Updates [US-CERT]
- Apache Releases Security Updates for Apache Tomcat
  [US-CERT]
- Security Advisories – Juniper Networks [Juniper Networks]
New Exploits
- BleedingTooth Linux Exploit Can Lead to Remote Code Execution Within Bluetooth Range [Nathan Ord, Hot Hardware]
- CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel [Or Cohen, Palo Alto]
- Taking over Windows systems with a Netlogon man-in-the-middle attack [Tom Tervoort, Secura]
Security and Academia
- Wisepay: School payments service hit by cyber-attack [BBC News]
- Hackers Publish Public School District’s Stolen Data Online [Associated Press via Security Week]
- Iranian hackers restart attacks on universities as the new school year begins [Catalin Cimpanu, ZDNet]
- Online proctor service ProctorTrack disables service after hack [Lawrence Abrams, Bleeping Computer]
- Why are educational establishments so vulnerable to cyber-attack? [Tony Morbin, Teiss]
- Silent Librarian APT Targeting Universities with Spear Phishing Attacks [David Bisson, Tripwire]
Vulnerabilities in Virtual Appliances
- Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances [Eduard Kovacs, Security Week]
- Major vulnerabilities found in top virtual appliances [Sudais Asif, HackRead]
- Half of all virtual appliances have outdated software and serious vulnerabilities [Lucian Constantin, CSO Online]
Ransomware and Data-Leaks
- Ubisoft, Crytek data posted on ransomware gang’s site [Catalin Cimpanu, ZDNet]
- German tech giant Software AG down after ransomware attack [Catalin Cimpanu, ZDNet]
- Report: U.S. Cyber Command Behind Trickbot Tricks [Krebs on Security]

Infosec bits for week 41/20

Roderick Mooi

2020-10-09 11:58

Cybersecurity Awareness Month (CAM) Toolkit [SANS Institute]
Security Awareness Episodes [Stay Safe Online / NCSA]
8 tips to tighten up your work‑from‑home network [Paul Ducklin, Sophos]
Hackers Steal Swiss University Salaries [AFP, Eyewitness News]
ZeroLogon(CVE-2020-1472) – Attacking & Defending [Andy Gill, ZeroSec]
- see also: How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472
Three common mistakes in ransomware security planning [Frank Trovato, Info-Tech Research Group / Help Net Security]
- see also: Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam
Processing Data to Protect Data: Resolving the Breach Detection Paradox [Andrew Cormack]
- see also: Government Woe as Education Department Fails GDPR Test
Open Source Threat Intelligence Searches for Sustainable Communities [Robert Lemos, Dark Reading / Informa PLC]
QNAP fixes critical flaws that could lead to device takeover [Sergiu Gatlan, Bleeping Computer]
We Hacked Apple for 3 Months: Here’s What We Found [Sam Curry]
Iran’s total internet shutdown is a blueprint for breaking the web [Matt Burgess, WIRED / Condé Nast]

Infosec bits for week 40/20

Schalk Peach

2020-10-02 10:58

October is Cybersecurity Awareness Month and CISA has published some useful resources: National Cybersecurity Awareness Month

Ransomware and Malware
- CISA: Detections of LokiBot Info-Stealer Are Soaring [Phil Muncaster, Infosecurity Magazine]
- Microsoft, Italy, and the Netherlands warn of increased Emotet activity [Catalin Cimpanu, ZDNet]
- Ransomware gangs add DDoS attacks to their extortion arsenal [Lawrence Abrams, Bleeping Computer]
- NIST guide to help orgs recover from ransomware, other data integrity attacks [Zeljka Zorz, Helpnet Security]
Data Leaks
- Skyline.com Ransomware Attackers Claim 200+ GB of Cleartext Financial, Passport, and Personal Data Leaked [RiskBased Security]
- Nevada school district refuses to submit to ransomware blackmail, hacker publishes student data [Charlie Osborne, ZDNet]
Breaches
- Shopify discloses security incident caused by two rogue employees [Catalin Cimpanu, ZDNet]
- Hackers hit South African government fund for children and missing people [Mfuneko Toyana, Reuters]
Vulnerabilities
- Known Citrix Workspace Bug Open to New Attack Vector [Tara Seals, ThreatPost]
- Microsoft: Hackers using Zerologon exploits in attacks, patch now! [Lawrence Abrams, Bleeping Computer]
- Update now: Cisco warns over 25 high-impact flaws in its IOS and IOS XE software [Liam Tung, ZDNet]
- Critical Vulnerabilities Found in Remote Access Software [Sarah Coble, Infosecurity Magazine]
- FYI: If you’re running HP Device Manager, anyone on your network can get admin on your server via backdoor [Thomas Claburn, The Register]
- Exploiting Other Remote Protocols in IBM WebSphere [Zero Day Initiative]
General
- A Fifth of Privileged Users Don’t Need Elevated Access [Phil Muncaster, Infosecurity Magazine]
- Why a Security Maturity Model Can Transform How You Use Analytics [Joerg Stephan, Security Intelligence]

Infosec bits for week 39/20

Roderick Mooi

2020-09-23 14:40

Surge in DDoS attacks targeting education and academic sector [Ionut Ilascu, Bleeping Computer]
German investigators treating ransomware attack as negligent homicide, reports say [Sean Lyngaas, Cybersccop / Scoop News Group]
Cyber insurer’s security scans reduced ransomware claims by 65% [Lawrence Abrams, Bleeping Computer]
New and improved Security Update Guide! [Microsoft Security Response Center]
A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads [Dan Goodin, Ars Technica]
Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [Catalin Cimpanu, Zero Day]
Cybersecurity Skills Gap Threatens Job Effectiveness Amidst Global Talent Shortage [Cybrary]

Infosec bits for week 38/20

Schalk Peach

2020-09-18 08:59

Tracking Attacks on Critical Infrastructure
- Critical Infrastructure Ransomware Attacks [CARE Lab, Temple University]
- University Project Tracks Ransomware Attacks on Critical Infrastructure [Eduard Kovacs, Security Week]
Latest Data Leaks
- Razer data leak exposes personal information of gamers [Lawrence Abrams, Bleeping Computer]
- Leaky server exposes users of dating site network [Catalin Cimpanu, ZDNet]
- Over 1 Million Patients and Donors Impacted by Inova Health System Data Breach [Alina Bizga, Bitdefender]
- Research Finds Nearly 800,000 Access Keys Exposed Online [Dark Reading]
- Personal data from Experian on 40% of South Africa’s population has been bundled onto a file-sharing website [Gareth Corfield, The Register]
- US Court Documents Published in Ransomware Attack [Sarah Coble, Infosecurity Magazine]
- US staffing firm Artech discloses ransomware attack, data breach [Sergiu Gatlan, Bleeping Computer]
Attack on Academia
- Computer Attack Disables California School District’s System [Associated Press, Republished by Security Week]
- Not for higher education: cybercriminals target academic & research institutions across the world [Check Point Blog]
- Cyber security alert issued following rising attacks on UK academia [NCSC UK]
- Alert: Targeted ransomware attacks on the UK education sector by cyber criminals [NCSC UK]
- GCHQ agency ‘strongly urges’ Brit universities, colleges to protect themselves after spike in ransomware infections [Gareth Corfield, The Register]
- Universities Face Increase in Ransomware Attacks as Students Return [Dan Raywood, Infosecurity Group]
- Leeds-based college group hit by cyber attack [BBC News]
Malware and Ransomware Extortion on the Rise
- SunCrypt ransomware operators leak data of University Hospital New Jersey [Pierluigi Paganini, Security Affairs]
- LockBit ransomware launches data leak site to double-extort victims [Lawrence Abrams, Bleeping Computer]
- New MrbMiner malware has infected thousands of MSSQL databases [Catalin Cimpanu, ZDNet]
General
- Four ways network traffic analysis benefits security teams [Nadeem Zahid, Helpnet Security]
- More Cyberattacks in the First Half of 2020 Than in All of 2019 [Jai Vijayan, Dark Reading]
- Back to Basics: Creating a Culture of Cybersecurity at Work [George Platsis, Security Intelligence]

Infosec bits for week 37/20

Roderick Mooi

2020-09-11 15:22

Top of the news/attacks:
- Northumbria Uni Campus Closed After Serious Cyber-Attack [Phil Muncaster, Infosecurity Magazine]
- DoppelPaymer ransomware hits Newcastle University, leaks data [Sergiu Gatlan, Bleeping Computer]
- Equinix data center giant hit by Netwalker Ransomware, $4.5M ransom [Lawrence Abrams, Bleeping Computer]
- MAZE Claims Attack on US School System [Sarah Coble, Infosecurity Magazine]
- Stefanutti Stocks shuts down IT systems after cyber attack [Admire Moyo, ITWeb]
Patch time:
- Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities [Catalin Cimpanu, Zero Day]
- Intel fixes critical flaw in corporate remote management platform [Sergiu Gatlan, Bleeping Computer]
- Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls [Help Net Security]
Awareness/general:
- Jisc security conference 2020 [free and open to R&E] [Jisc]
- Client privacy and security (Operational network security) – new for 2020 – virtual learning with experts [Irina Matthews, GÉANT Learning and Development]
- BEC Scam Losses Surge as the Number of Attacks Diminish [Chinmay Rautmare, Bank Info Security / Information Security Media Group]
- Digital Education: The cyberrisks of the online classroom [Kaspersky]
- WhatsApp Discloses 6 Bugs via Dedicated Security Site [Elizabeth Montalbano, Threatpost]
- Botnets: A cheat sheet for business users and security admins [Brandon Vigliarolo, TechRepublic]
- 99 Ransomware Problems – and a Decryptor Ain’t One [Mathew J. Schwartz, Bank Info Security]
Interesting reading:
- Most cyber-security reports only focus on the cool threats [Catalin Cimpanu, Zero Day]
- Data Confidentiality Issues and Solutions in Academic Research Computing [Trusted CI]
- A look inside the hacker community that’s vandalizing the web [Paul Bischoff, Comparitech]
- MIT scientists unveil cybersecurity aggregation platform to gauge effective measures [Jonathan Greig, TechRepublic / CBS Interactive]

Infosec bits for week 36/20

Schalk Peach

2020-09-04 09:30

Updates on the Experian Data Leak
- Data from SA’s massive info breach is ‘on the internet’, Experian now admits [Business Insider SA]
- Data from Experian breach dumped on the Internet [Admire Moyot, ITWeb]
- Data breach: Experian identifies files, criminal case under investigation [Ernest Mabuza, Times Live]
More Revelations Regarding Alleged Airtime Theft
- MTN security flaw allows “secret” airtime theft – Industry insider [MyBroadband]
- Big development in Vodacom airtime theft case [MyBroadband]
An Insightful Article Regarding the State of South African Cyber Attacks
- Insight into the cyber threat landscape in South Africa [Accenture]
Other Data Breaches and Leaks
- Unknown commercial entity blamed for NSW driver’s licence data breach [Rootdaemon]
- Details of millions of U.S. Voters leaked to Russia’s Dark Web forum [Pierluigi Paganini, Security Affairs]
- AusCERT says alleged DoE hack came from a third-party [Catalin Cimpanu, ZDNet]
The Snowden Leaks Revisited
- NSA call records collection ruled illegal by US appeals court [Zack Whittaker, TechCrunch]
The 2 Types of Insider Threat
- Are employees the weakest link in your security strategy? Train them! [Joyce Huang, TrendMicro]
- Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts [Lindsey O’Donnell, ThreatPost]
Apple Notarized Malware
- Apple Signs Shlayer, Legitimizes Malware [Dark Reading]
- Apple-notarized malware foils macOS defenses [Zeljka Zorz, Help Net Security]
Exploits in the Wild
- Hackers actively exploiting severe bug in over 300K WordPress sites [Sergiu Gatlan, Bleeping Computer]
- Hackers are backdooring QNAP NAS devices with 3-year old RCE bug [Sergiu Gatlan, Bleeping Computer]
- Attackers abuse Google DNS over HTTPS to download malware [Ax Sharma, Bleeping Computer]
- Cisco fixes critical code execution bug in Jabber for Windows [Sergiu Gatlan, Bleeping Computer]
- Microsoft Warns of New ‘Anubis’ Info-Stealer Distributed in the Wild [Eduard Kovacs, Security Week]
- Cetus: Cryptojacking Worm Targeting Docker Daemons [Aviv Sasson, Palo Alto Networks]
Other (General)
- Can Vulnerability Scanning Replace Penetration Testing? [Waqas, HackRead]
- Hypothesis: Cyber Attackers Are After Your Scientific Research [Curtis Franklin Jr, Dark Reading]
- The Life Cycle of a Compromised (Cloud) Server [Bob McArdle, TrendMicro]
- Safe domain: How to protect your enterprise from DNS hijacking [Vincent D’Angelo, HelpNet Security]

Infosec bits for week 35/20

Roderick Mooi

2020-08-27 14:57

Identify:
- Higher Education CISOs Share COVID-19 Response Stories [Kelly Sheridan, Dark Reading / Informa]
- Digital Attacks on Educational Resources [Daniel Smith, Radware]
- Facebook apologizes to users, businesses for Apple’s monstrous efforts to protect its customers’ privacy [Kieren McCarthy, The Register]
Protect and Detect:
- Under-the-Hoodie: 2020 Research Report [Rapid7]
- Shields Up: A Good Cyber Defense is an Active Defense [MITRE]
- Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme [Catalin Cimpanu, Zero Day]
- CIS Password Policy Guide: Passphrases, Monitoring, and More [CIS (sponsored), CSO / IDG Communications]
- Office 365 now opens attachments in a sandbox to prevent infections [Sergiu Gatlan, Bleeping Computer]
Respond:
- DDoS extortionists target NZX, Moneygram, Braintree, and other financial services [Catalin Cimpanu, Zero Day]
- The State of Exploit Development: 80% of Exploits Publish Faster than CVEs [Jay Chen, Unit42 / Palo Alto]
Recover:
- Most organizations have no Active Directory cyber disaster recovery plan [Help Net Security]
- Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up [Elizabeth Montalbano, Threatpost]
- The Post-Pandemic Future of Cybersecurity [Charles Kapelke, Center for Long-Term Cybersecurity at UC Berkeley]

Infosec bits for week 34/20

Schalk Peach

2020-08-21 08:54

The Experian data leak
- EXPERIAN DATA BREACH [SABRIC]
- Massive data attack exposes personal info of 24 million South Africans [TimesLIVE]
- Experian South Africa discloses data breach impacting 24 million customers [ Catalin Cimpanu, ZDNet]
And Some protection mechanisms against identity fraud and spam SMS
- There’s a new way you can block SMS spam – it takes about 5 seconds and costs up to 50 cents [Business Insider SA]
- SAFPS Protective Registration [South African Fraud Prevention Service]
And more data leaks:
- AI firm exposes 2.5 million sensitive medical records online [Zara Khan, HackRead]
- Updated cryptojacking worm steals AWS credentials [Zeljka Zorz, Help Net Security]
- Maze ransomware gang leaked Canon USA’s stolen files [Pierluigi Paganini, Security Affairs]
- 22-year-old student held for ‘hacking GTU portal, stealing and leaking data’ [The Indian Express]
- 235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak [Davey Winder, Forbes]
- Fearing coronavirus, a Michigan college is tracking its students with a flawed app [Zack Whittaker, Techcrunch]
Malware in the wild
- University of Utah pays $457,000 to ransomware gang [Catalin Cimpanu, ZDNet]
- FritzFrog malware attacks Linux servers over SSH to mine Monero [Ax Sharma, Bleeping Computer]
Other interesting articles:
- WannaRen ransomware author contacts security firm to share decryption key [Catalin Cimpanu, ZDNet]
- 2020 CWE Top 25 Most Dangerous Software Weaknesses [MITRE]
- Ex Tennessee University Employee Sentenced to Over 30 Months for Student Loan Fraud, Aggravated Identity Theft [Alina Bizga, Security Boulevard]
And a remotely exploitable DoS vulnerability in BIND:
- Vulnerability Spotlight: Internet Systems Consortium BIND server DoS [Jon Munshaw, Talos Security]

Infosec bits for week 33/20

Roderick Mooi

2020-08-13 16:03

Higher Ed Attacks / Breaches:
- AAU IT Services – Alert – Information about IT systems after critical IT [security] incident [Aalborg University]
- Hackers publish Australian universities’ ProctorU data [Nina Dillon Britton and Chuyi Wang, Honi Soit]
- Michigan State University discloses credit card theft incident [Sergiu Gatlan, Bleeping Computer]
- IVC Hit With Ransomware Attack; Multiple Systems Impacted and Remain Offline [Richard Montenegro Brown and Jayson Barniske, Calexico Chronicle]
Other Breaches / Leaks:
- Intel investigating breach after 20GB of internal documents leak online [Catalin Cimpanu, Zero Day]
- Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers [Teri Robinson, SC Media]
Awareness / Detection:
- Ransomware: These warning signs could mean you are already under attack [Steve Ranger, Zero Day]
Advisories / Patches:
- Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days [Catalin Cimpanu, Zero Day]
- Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows [Liam Tung, Zero Day]
  - see also: Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
- Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules [Lindsey O’Donnell, Threatpost]
- Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs [Sergiu Gatlan, Bleeping Computer]
- Critical ManageEngine ADSelfService Plus RCE flaw patched [Zeljka Zorz, Help Net Security]
General
- DEF CON 2020 Wrap-Up: Hacking Phones, Cars and Satellites [Eduard Kovacs, Security Week / Wired Business Media]
- Keeping the mysteries of the universe safe from hackers [Indiana University]
- This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height [Shaun Nichols, The Register / Situation Publishing]