9283 8B4A 87FE DC6E C327 EF05 70A8 B78D 1623 3FB5

Infosec bits for week 30/18

  1. Understanding Data Privacy Issues in Higher Education [EDUCAUSE]
  2. Responding to IT Security Incidents [Microsoft]
  3. Oracle Sets All-Time Record with July Critical Patch Update [threatpost]
    - www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
    - “The Oracle July 2018 Critical Patch Update (CPU) fixes eight (8) Java SE-related vulnerabilities, all of which can be remotely exploited by hackers without user credentials. Five (5) new critical Java vulnerabilities were also fixed in the WebLogic Server, all of which are remotely exploitable without authentication.”
  4. Alert (TA18-201A) – Emotet Malware [US-CERT]
  5. How to Protect Yourself From SIM Swapping Hacks [MOTHERBOARD]
  6. Decent Security. Start somewhere. Start here.
    - some great tips (missing some privacy issues imo but there’s other blogs for that…)
  7. Facebook says it gave companies ‘one-time’ access to user data after restricting information 2015 [CNBC]
    - Russian company had access to Facebook user data through apps [CNN Money]
  8. Hacker Puts Airport’s Security System Access On Dark Web Sale For Just $10 [The Hacker News]
    - make sure you’re implementing the RDP security measures at the end…
  9. Traditional identity systems are the new battleship row [BetaNews]
  10. What the Birds Can Teach Us About Building a Diverse Cybersecurity Team [EC-Council Blog]
  11. Shutting down the BGP Hijack Factory [ORACLE+Dyn]

Infosec bits for week 28/18

  1. The Worst Cybersecurity Breaches of 2018 So Far [Wired]
    - including >300 universities (176 outside the US)
  2. Center for Internet Security 2017 Year in Review [CIS]
    - TL;DR
    — Implement CIS controls
    — Benchmark your systems
    — Use their hardened images
  3. Chinese hackers infiltrate systems at Australian National University [abc.net]
    - www.cyberscoop.com/chinese-linked-hackers-breached-top-australian-defense-university-report/
  4. User-focused Password Guidance from NIST [video]
    - Developers and information security specialists, consult pages.nist.gov/800-63-3/
    - SP 800-63B for example recommends 8+ character length passwords/passphrases with no other complexity requirements and paying attention to how passwords are stored (hashed+salted)
  5. German Court Issues First GDPR Ruling
    - the IPANN vs EPAG case…
  6. Fraud: here’s how scammers get away with it [The Guardian]
  7. Lynis v/2.6.6 is out
    - “Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than many vulnerability scanners.”
  8. Not enough CISOs and business leaders cooperate on a cybersecurity plan and budget [Helpnet Security]
  9. Kids learn about cybersecurity through gaming [LLNL]
  10. The Ultimate Guide to Safe Online Browsing
  11. A curious tale of the priest, the broker, the hacked newswires, and $100m of insider trades [The Register]
  12. BSides Cape Town 1 Dec – ticket sales now open – get yours before they run out…
    - BSides is “an innovative one day information security conference”. Check past events for more info.

Infosec bits for week 25/18

  1. Liberty systems breached in hack [BusinessTech]
    - “Dear Valued Customer, Liberty regrets to inform you that it has been subjected to unauthorised access to its IT infrastructure, by an external party who requested compensation for it. Since becoming aware – we have taken immediate steps to secure our computer systems and are investigating the incident. We are giving this matter the highest priority and will keep you informed as appropriate.” – SMS 16 June
    - “Liberty hackers” warn they have client and financial data [MyBroadband]
    - Data breach under control and under investigation, says Liberty CEO [Fin24]
    - Information Regulator wants answers from Liberty over data breach (but cannot fine them yet) [EWN]
  2. Dominic White on hacking, SA capabilities and the Liberty breach
    - www.liberty.co.za/Pages/default.aspx#modLibertyNotice
  3. Microsoft reveals which Windows bugs it might decide not to fix [The Register]
    - get it at: msdnshared.blob.core.windows.net/media/2018/06/Microsoft-Security-Servicing-Commitments_SRD.pdf
  4. Google to Fix Location Data Leak in Google Home, Chromecast [KrebsOnSecurity]
    - Google’s Newest Feature: Find My Home (thanks Google – oh yes, we’re the product…) [TripWire]
  5. Honeypot-based Monitoring of Amplification DDoS Attacks [RIPE Labs]
  6. Attacking Private Networks from the Internet with DNS Rebinding [Medium]
    - read past the TLDR – it’s actually quite interesting…
  7. Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies [Symantec]

Infosec bits for week 24/18

  1. Net neutrality is dead — what now? (in some states at least) [The Verge]
    - arstechnica.com/tech-policy/2018/06/first-state-net-neutrality-law-took-effect-today-countering-fcc-repeal/
  2. 74 Arrested in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes [US DOJ]
    - www.wsj.com/articles/officials-arrest-dozens-in-email-scam-aimed-at-u-s-businesses-1528747102 [paywalled]
  3. Want to Break Into a Locked Windows 10 Device? Ask Cortana [McAfee]
    - www.bleepingcomputer.com/news/security/cortana-hack-lets-you-change-passwords-on-locked-pcs/
    - www.howtogeek.com/fyi/patched-cortana-bug-let-hackers-change-your-password-from-the-lock-screen/
  4. Crypto-currency mining malware wreaks havoc in Africa [ITWeb]
    - At least $175 million worth of the Monero cryptocurrency has been stolen as part of malicious malware campaigns, according to a new study [PaloAlto Networks]
    - Backdoored images downloaded 5 million times finally removed from Docker Hub [Arstechnica]
  5. The Seven Properties of Highly Secure Devices [Microsoft]
  6. Ever wondered how those adverts manage to keep on finding you – even when you go incognito, switch devices, or never actually searched for the product in the first place? Let us count the (many, many) ways [THREAD]
    - time to think about fingerprinting again… (see last post here )
  7. Facebook confirms data sharing with Chinese companies [Reuters]
  8. Creating Quick Mass Scanning Tool with Python and ZMap [Cybrary]
    - for your own, authorised networks of course ;)
  9. The InvisiMole malware allows attackers to take control of a machine and silently allow them to here and see through the computer [WeLiveSecurity]
  10. VPNFilter Malware is Worse Than We Thought [SANS]
    - “One good defensive measure you can take is to make sure remote administration of your devices is disabled, or if it must be enabled, tightly control the access and check the logs. Be proactive checking for and applying appropriate firmware updates.” – Neely
  11. Deepfake Videos Are Getting Impossibly Good (disturbing?) [Gizmodo]
  12. MIT researchers develop frequency-hopping transmitter that fends off attackers (yay, some good and interesting news :) )

Infosec bits for week 21/18

  1. Check that your Adobe products have been updated (as always…) [The Register]
    - and if that’s not enough:
    - PDF exploit built to combine zero-day Windows and Adobe Reader bugs [SC Magazine]
    - www.welivesecurity.com/2018/05/15/tale-two-zero-days/
  2. Preventing and recovering from ransomware: No More Ransom project
    - www.nomoreransom.org/en/prevention-advice.html
  3. Mirai botnet adds three new attacks to target IoT devices (including routers and DVRs) [ZDNet]
  4. It only took five hours to close a critical vulnerability in Signal’s desktop client [Cyberscoop]
  5. Side-Channel Vulnerability Variants 3a and 4 (aka New variants on Meltdown and Spectre) [US-CERT]
  6. Google’s Selfish Ledger ideas can also be found in its patent applications [The Verge]
  7. Is your browsing safe against tracking?
    - panopticlick.eff.org/
    - browserleaks.com/
    - amiunique.org/

Infosec bits for week 20/18

  1. What Makes a Cybersecurity Team Successful? [SANS]
    - `The real point is “well prepared, well trained, well managed teams using mature processes will perform better, and need less ad hoc personal interaction to do so.” ‘ – Pescatore
    - `One difference between a “team” and any other group of people is a “plan.” At a minimum, a plan will say who will do what and when they will do it.’ – Murray
    - The SANReN CSIRT is here to help – talk to us :)
  2. Drupal Sites Fall Victims to Cryptojacking Campaigns [Bleeping Computer]
    - Large cryptojacking campaign targeting vulnerable Drupal websites [Bad Packets Report]
    - In case you missed it last time, we hope you’ve patched (and are maintaining) your Drupal instances…
  3. The Digital Vigilantes Who Hack Back [The New Yorker]
    - an interesting read, PG L – would’ve removed it if I was allowed to hack back ;)
  4. ‘Next generation’ flaws found on computer processors: magazine [Reuters]
    - Exclusive: Spectre-NG – Multiple new Intel CPU flaws revealed, several serious [c’t]