54BD 783A 27D2 85C1 C46D 5A02 3651 ADE3 E402 9FC2

Infosec bits for week 02/21

  1. Patch
  2. Defend
  3. Attacks / Breaches
  4. Other news

Infosec bits for week 01/21

  1. Vulnerabilities
  2. Crying Wolf
  3. Policy
  4. Ransomware
  5. SolarWinds Things
  6. Breaches and Bugs
  7. 2020 InfoSec in Review

Infosec bits for week 51/20

  1. SolarWinds Orion updates
  2. Education sector
  3. Learning
    • Operational network security – training sessions Aug 2020 to Feb 2021 (new DNS security modules added) [GÉANT / DFN / DFN-CERT]
  4. Web application security
  5. General interest

Infosec bits for week 50/20

  1. #LocalLeaks (ie Do we still have such a thing as personal information in SA?)
    1. SABC confirms that its website was hacked [Jamie McKane, MyBroadband]
  2. Why email security matters
    1. Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame? [Bradley Barth, SC Magazine]
    2. How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain [The Hacker News]
  3. US CERT Advisories
    1. It is very advisable to add Alerts and Tips > Current Activity to your RSS feed
    2. Apache Releases Security Advisory for Apache Tomcat [US CERT]
    3. Microsoft Releases December 2020 Security Updates [US CERT]
    4. SAP Releases December 2020 Security Updates [US CERT]
    5. OpenSSL Releases Security Update [US CERT]
    6. Theft of FireEye Red Team Tools [US CERT]
    7. NSA Releases Advisory on Malicious Cyber Actors Exploiting CVE-2020-4006 [US CERT]
  4. Bugs, bugs everywhere (insert Buzz Lightyear meme…)
    1. NSA: Hackers exploit new VMware vulnerability to steal data [Sergui Gatlan, Bleeping Computer]
    2. The patch that wasn’t: Cisco emits fresh fixes for NTLM hash-spilling vuln and XSS-RCE combo in Jabber app [Gareth Corfield, The Register]
    3. Cisco fixes Security Manager vulnerabilities with public exploits [Sergiu Gatlan, Bleeping Computer]
    4. 4 major browsers are getting hit in widespread malware attacks [Dan Goodin, Ars Technica]
    5. High-Severity Chrome Bugs Allow Browser Hacks [Tom Spring, Threat Post]
  5. New things in ransomware
    1. Hackers are selling more than 85,000 MySQL databases on a dark web portal [Catalin Cimpanu, ZDNet]
    2. Ransomware gangs are now cold-calling victims if they restore from backups without paying [Catalin Cimpanu, ZDNet]
    3. RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report [Elizabeth Montalbano, Threat Post]
  6. Farewell Flash
    1. Adobe just released the last Flash update ever [Adi Robertson, The Verge]
    2. But do not despair, you can still get some Alien Homonid, Yeti Sports, and Strong Bad at The Internet Archive Do not click, time wasters…

Infosec bits for week 49/20

  1. ABSA Data Leak
    1. Absa bank embroiled in data leak, rogue employee accused of theft [Charlie Osborne, ZDNet]
    2. Absa data leak update: ID numbers, vehicle details among stolen info [Business Insider]
    3. Details about person behind Absa data breach emerge [MyBroadband]
  2. Cybercrimess Bill Passed
    1. Parliament passes Cybercrimes Bill [MyBroadband via BusinessTech]
  3. Exploitable Vulnerabilities
    1. iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever [Dan Goodin, Ars Technica]
    2. FortiNet: Update Regarding CVE-2018-13379 [Carl Windsor, Fortinet]
    3. Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW [Ravie Lakshmanan, The Hacker News]
    4. VMWare VMSA-2020-0027.2 Update [VMWare]
    5. Multiple vulnerabilities in WebKit [Jon Munshaw, Talos Intelligence]
  4. Education and Academia
    1. Ransomware halts classes for 115,000 Baltimore pupils [BBC News]
    2. University of Vermont Medical Center has yet to fully recover from October cyber attack [Pierluigi Paganini, Security Affairs]
    3. Alabama school district shut down by ransomware attack [Lawrence Abrams, Bleeping Computer]
  5. Hacker Techniques
    1. How attackers exploit Window Active Directory and Group Policy [Susan Bradley, CSO Online]
  6. Container Security
    1. A scan of 4 Million Docker images reveals 51% have critical flaws [Perluigi Paganini, Security Affairs]
    2. Half of all Docker Hub images have at least one critical vulnerability [Lucian Constantin, CSO Online]
    3. Misconfigured Docker Servers Under Attack by Xanthe Malware [Lindsey O’Donnell, Threat Post]
  7. Governance and the Year in Review
    1. Notable Enhancements to the New Version of NIST SP 800-53 [Steven Tipton, Tripwire]
    2. The NCSC Annual Review 2020 [NCSC]
    3. The biggest hacks, data breaches of 2020 [Charlie Osborne, ZDNet]

Infosec bits for week 48/20

  1. Higher Education
  2. Budget
  3. Social Engineering / Awareness
  4. Smart cars / IOT
  5. Webinars and trainings
  6. Advisories / Vulnerabilities
  7. DDoS Mitigation
  8. General

Infosec bits for week 46/20

  1. Patch EveryDay
    1. Intel fixes 95 vulnerabilities in November 2020 Platform Update [BleepingComputer, Sergiu Gatlan]
    2. Microsoft Exchange Server ExportExchangeCertificate WriteCertiricate File Write Remote Code Execution Vulnerability [SourceIncite]
    3. Office November security updates fix remote code execution bugs [BleepingComputer, Sergiu Gatlan]
    4. Remote kernel heap overflow in NFSv3 Windows Server [McAfee, Eoin Carroll and Steve Povolny]
    5. Microsoft Security Update Guide [Microsoft]
    6. Changes to Microsoft Security Bulletins [TripWire, Tyler Reguly]
  2. Attacks
    1. DNS cache poisoning, the Internet attack from 2008, is back from the dead [Ars Technica, Dan Goodin]
    2. How to get root on Ubuntu 20.04 by pretending nobody’s /home [Kevin Backhouse]
  3. Academia and Research
    1. Cyberattack on University of Vermont hospital IT network [CyberScoop, Sean Lyngaas]
    2. Price Dropped on Hacked Educational RDP Details [InfoSecurity Magazine, Dan Raywood]
    3. Open University Targeted With Over a Million Malicious Email Attacks So Far This Year [InfoSecurity Magazine, James Coker]
    4. European weather services hit by storm of malicious email attacks [NewScientist, Adam Vaughan]
  4. Sad News about the Arecibo Observatory
    1. Second Cable Fails at Arecibo Observatory – Massive Radio Telescope Used in the Search for Alien Life [SciTechDaily]

Infosec bits for week 45/20

  1. Operational network security – training sessions Aug 2020 to Feb 2021 [GÉANT/DFN]
  2. Interview: How the University of Duisburg-Essen (UDE) prevented a ransomware attack [Davina Luyten/Marius Mertens]
  3. Privacy Impact Assessment Toolkit [ucisa]
  4. Ransomware Protection and Containment Strategies [MANDIANT]
  5. Active Directory administrative tier model [Microsoft]
  6. OUCH! Newsletter: Social Engineering Attacks [Christian Nicholson]
  7. Cybersecurity as we know it will be ‘a thing of the past in the next decade,’ says Cloudflare’s COO, as security moves towards a ‘water treatment’ model [Rosalie Chan, Business Insider]
  8. Zoom Finally Has End-to-End Encryption. Here’s How to Use It [Brain Barrett, WIRED / Condé Nast]
    - see also: End-to-end (E2E) encryption for meetings
  9. Patch for Critical VMware ESXi Vulnerability Incomplete [Eduard Kovacs, SecurityWeek / Wired Business Media]
  10. PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots [Johannes Ullrich, SANS ISC]
    - see also: Security Alert CVE-2020-14750 Patch Availability Document for Oracle WebLogic Server
  11. Why Paying to Delete Stolen Data is Bonkers [Krebs on Security]
  12. NAT Slipstreaming [Samy Kamkar]
    - see also: news.ycombinator.com/item?id=24955891
  13. Dr. Strangenet—or, how I stopped worrying and embraced the WFH IT apocalypse [Sean Gallagher, Ars Technica / Condé Nast]
  14. ‘There’s a whole war going on’: the film tracing a decade of cyber-attacks [Adrian Horton, The Guardian]

Infosec bits for week 44/20

  1. Vulnerabilities
  2. Academic and Education Sector
  3. Botnet News
  4. Ransomware News
  5. Awareness and Conferences

Infosec bits for week 43/20

  1. ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected [ENISA]
  2. Privacy nightmare for Toledo Public Schools: Hackers dumped student and employee data [DISSENT]
  3. Where Do Security Awareness Programs Belong on the Org Chart? [Tonia Dudley, Cofense]
  4. 4 Tips For Protecting Intellectual Property In Academia [Mike Chapple, EdTech / CDW]
  5. Hacking Incident Has an Unusual Ending [Marianne Kolbasuk McGee, HealthcareInfoSecurity / ISMG]
    - see also: Ransomware gang donates part of ransom demands to charity organizations
  6. Quarterly Update: Ransomware Trends in Q3 [Jamie Hart, Digital Shadows]
  7. Cisco warns of attacks targeting high severity router vulnerability [Sergiu Gatlan, Bleeping Computer]
  8. VMware Security Advisories
  9. Government will force ISPs to crack down on piracy in South Africa [Jan Vermeulen, MyBroadband]
  10. Vodacom and MTN have not notified Information Regulator of location data breach [Jan Vermeulen, MyBroadband]
  11. What is confidential computing? How can you use it? [Mirko Zorz, Help Net Security]
  12. Hackers hijack Telegram, email accounts in SS7 mobile attack [Ionut Ilascu, Bleeping Computer]
  13. Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks [Ravie Lakshmanan, The Hacker News]
  14. Robot’s parents very proud of her for finally passing CAPTCHA test [Mary Gillis, The Beaverton]