C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 34-18

Roderick Mooi

  1. 10 Steps to Cyber Security [NCSC]
    - sneak preview / useful infographic on the Download tab
  2. Phishing attack on Augusta University Health leads to breach exposing info on 400K persons [SC]
  3. Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution [threatpost]
    - see also: So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks [The Register]
  4. Two DDoS Friendly Bugs Fixed in Linux Kernel [Bleeping Computer]
    - see also: Back to the 90’s: FragmentSmack [SANS ISC]
  5. IPsec VPN Connections Broken Using 20 Year Old Flaw [Latest Hacking News]
  6. Instagram users are reporting the same bizarre hack [Mashable]
  7. New Man-in-the-Disk attack leaves millions of Android phones vulnerable [The Hacker News]
  8. Between You, Me, and Google: Problems With Gmail’s “Confidential Mode” [EFF (the other one)]
  9. Security flaw reported on Gauteng school applications website [MyBroadband]
  10. Melbourne teen hacked into Apple’s secure computer network, court told [The Age]
  11. In ‘Cybertropolis,’ Army begins to move its cyber training exercises into the physical world [Federal News Radio]
    - see also: China Believes Its Cyber Capabilities Lag Behind US: Pentagon [SecurityWeek]
  12. Why burnout happens in Information Security [CSO]
  13. Spliced Wire: How an international hacker network turned stolen press releases into $100 million [The Verge]

Infosec bits for week 33/18

Roderick Mooi

  1. Study: Spam is Still an Effective Way to Infect Computers [SANS NewsBites]
    - “…Beyond hardening of the endpoint and the perimeter, focus on user training which includes recognition for proper reporting.” – Neely
    - see also: threatpost.com/threatlist-spams-revival-is-tied-to-adobe-flashs-demise/134688/ and www.information-age.com/spam-still-first-choice-cyber-crime-according-study-123473840/
  2. Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered [The Hacker News]
    - Intel Reveals New Spectre-Like Vulnerability [DARKReading]
    - Resources and Response to Side Channel L1 Terminal Fault [Intel]
  3. Email Phishers Using New Way to Bypass Microsoft Office 365 Protections [The Hacker News]
  4. The Mouse is Mightier than the Sword [patrick wardle]
  5. Hanging Up on Mobile in the Name of Security [KrebsonSecurity]
  6. DeepLocker: When malware turns artificial intelligence into a weapon[Zero Day]
  7. Windows 10 to get disposable sandboxes for dodgy apps [arsTECHNICA]
  8. Facebook to Banks: Give Us Your Data, We’ll Give You Our Users [THE WALL STREET JOURNAL]
  9. Welcome to the Quiet Skies [The Boston Globe]

Infosec bits for week 32/18

Roderick Mooi

  1. Security Think Tank: Almost all security can be outsourced, but not the risk [ComputerWeekly]
  2. Your online privacy resource center
    - “You are being watched, tracked, and recorded by private and state-sponsored entities whenever you go online. Here you will find the tools and information you need to restore your privacy, secure your devices, and defeat online censorship.”
  3. We had a security incident. Here’s what you need to know. [reddit]
    - More: krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/
    - And: www.darkreading.com/endpoint/authentication/is-sms-2fa-enough-login-protection/d/d-id/1332479
  4. GDPR: What’s really changed so far? [ZDNet]
  5. Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World? [Trustwave]
    - More: nakedsecurity.sophos.com/2018/08/03/routers-turned-into-zombie-cryptojackers-is-yours-one-of-them/
    - And: threatpost.com/huge-cryptomining-attack-on-isp-grade-routers-spreads-globally/134667/
  6. BGP/DNS Hijacks Target Payment Systems [ORACLE+Dyn]
    - More: www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
  7. CCleaner Adds Data Collection Feature With No Way to Opt-Out [The Hacker News]
  8. Multiple Cobalt Personality Disorder [Cisco Talos]
  9. SamSam: The (Almost) Six Million Dollar Ransomware [SOPHOS]
    - TL;DR: thehackernews.com/2018/07/samsam-ransomware-attacks.html

Infosec bits for week 31/18

Roderick Mooi

  1. KnowBe4 Releases Q2 2018 Top-Clicked Phishing Report
    - Security Awareness Update -Watch out for these Common Scams [IRMSAinsight]
    - These are the five ways to avoid phishing scams [South African]
  2. SIEM – A Beginner’s Guide to Security Information and Event Management Tools
    - Critical Capabilities for Security Information and Event Management [Gartner]
  3. Google: Security Keys Neutralized Employee Phishing [KrebsOnSecurity]
  4. NetSpectre – New Remote Spectre Attack Steals Data Over the Network [The Hacker News]
  5. Decade-old Bluetooth flaw lets hackers steal data passing between devices [arsTECHNICA]
    - research paper here: Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
    - see also: www.kb.cert.org/vuls/id/304725
    - wccftech.com/bluetooth-bug-attackers-snoop/
  6. Presidency silent about website hack [MYBROADBAND]
  7. Attack inception: Compromised supply chain within a supply chain poses new risks [Microsoft]
  8. South African developer finds Pizza Hut security flaw which affected hundreds of websites [MYBROADBAND]
  9. Hackers in Singapore stole the personal information of 1.5 million citizens via the country’s government health database [BBC]
  10. Mobile Device Security for International Travelers – Part 1: How to prepare your phone and tablet for privacy and peace of mind while abroad [April Wright]

Infosec bits for week 30/18

Roderick Mooi

  1. Understanding Data Privacy Issues in Higher Education [EDUCAUSE]
  2. Responding to IT Security Incidents [Microsoft]
  3. Oracle Sets All-Time Record with July Critical Patch Update [threatpost]
    - www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
    - “The Oracle July 2018 Critical Patch Update (CPU) fixes eight (8) Java SE-related vulnerabilities, all of which can be remotely exploited by hackers without user credentials. Five (5) new critical Java vulnerabilities were also fixed in the WebLogic Server, all of which are remotely exploitable without authentication.”
  4. Alert (TA18-201A) – Emotet Malware [US-CERT]
  5. How to Protect Yourself From SIM Swapping Hacks [MOTHERBOARD]
  6. Decent Security. Start somewhere. Start here.
    - some great tips (missing some privacy issues imo but there’s other blogs for that…)
  7. Facebook says it gave companies ‘one-time’ access to user data after restricting information 2015 [CNBC]
    - Russian company had access to Facebook user data through apps [CNN Money]
  8. Hacker Puts Airport’s Security System Access On Dark Web Sale For Just $10 [The Hacker News]
    - make sure you’re implementing the RDP security measures at the end…
  9. Traditional identity systems are the new battleship row [BetaNews]
  10. What the Birds Can Teach Us About Building a Diverse Cybersecurity Team [EC-Council Blog]
  11. Shutting down the BGP Hijack Factory [ORACLE+Dyn]

Infosec bits for week 28/18

Roderick Mooi

  1. The Worst Cybersecurity Breaches of 2018 So Far [Wired]
    - including >300 universities (176 outside the US)
  2. Center for Internet Security 2017 Year in Review [CIS]
    - TL;DR
    — Implement CIS controls
    — Benchmark your systems
    — Use their hardened images
  3. Chinese hackers infiltrate systems at Australian National University [abc.net]
    - www.cyberscoop.com/chinese-linked-hackers-breached-top-australian-defense-university-report/
  4. User-focused Password Guidance from NIST [video]
    - Developers and information security specialists, consult pages.nist.gov/800-63-3/
    - SP 800-63B for example recommends 8+ character length passwords/passphrases with no other complexity requirements and paying attention to how passwords are stored (hashed+salted)
  5. German Court Issues First GDPR Ruling
    - the IPANN vs EPAG case…
  6. Fraud: here’s how scammers get away with it [The Guardian]
  7. Lynis v/2.6.6 is out
    - “Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than many vulnerability scanners.”
  8. Not enough CISOs and business leaders cooperate on a cybersecurity plan and budget [Helpnet Security]
  9. Kids learn about cybersecurity through gaming [LLNL]
  10. The Ultimate Guide to Safe Online Browsing
  11. A curious tale of the priest, the broker, the hacked newswires, and $100m of insider trades [The Register]
  12. BSides Cape Town 1 Dec – ticket sales now open – get yours before they run out…
    - BSides is “an innovative one day information security conference”. Check past events for more info.

Infosec bits for week 25/18

Roderick Mooi

  1. Liberty systems breached in hack [BusinessTech]
    - “Dear Valued Customer, Liberty regrets to inform you that it has been subjected to unauthorised access to its IT infrastructure, by an external party who requested compensation for it. Since becoming aware – we have taken immediate steps to secure our computer systems and are investigating the incident. We are giving this matter the highest priority and will keep you informed as appropriate.” – SMS 16 June
    - “Liberty hackers” warn they have client and financial data [MyBroadband]
    - Data breach under control and under investigation, says Liberty CEO [Fin24]
    - Information Regulator wants answers from Liberty over data breach (but cannot fine them yet) [EWN]
  2. Dominic White on hacking, SA capabilities and the Liberty breach
    - www.liberty.co.za/Pages/default.aspx#modLibertyNotice
  3. Microsoft reveals which Windows bugs it might decide not to fix [The Register]
    - get it at: msdnshared.blob.core.windows.net/media/2018/06/Microsoft-Security-Servicing-Commitments_SRD.pdf
  4. Google to Fix Location Data Leak in Google Home, Chromecast [KrebsOnSecurity]
    - Google’s Newest Feature: Find My Home (thanks Google – oh yes, we’re the product…) [TripWire]
  5. Honeypot-based Monitoring of Amplification DDoS Attacks [RIPE Labs]
  6. Attacking Private Networks from the Internet with DNS Rebinding [Medium]
    - read past the TLDR – it’s actually quite interesting…
  7. Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies [Symantec]

Infosec bits for week 24/18

Roderick Mooi

  1. Net neutrality is dead — what now? (in some states at least) [The Verge]
    - arstechnica.com/tech-policy/2018/06/first-state-net-neutrality-law-took-effect-today-countering-fcc-repeal/
  2. 74 Arrested in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes [US DOJ]
    - www.wsj.com/articles/officials-arrest-dozens-in-email-scam-aimed-at-u-s-businesses-1528747102 [paywalled]
  3. Want to Break Into a Locked Windows 10 Device? Ask Cortana [McAfee]
    - www.bleepingcomputer.com/news/security/cortana-hack-lets-you-change-passwords-on-locked-pcs/
    - www.howtogeek.com/fyi/patched-cortana-bug-let-hackers-change-your-password-from-the-lock-screen/
  4. Crypto-currency mining malware wreaks havoc in Africa [ITWeb]
    - At least $175 million worth of the Monero cryptocurrency has been stolen as part of malicious malware campaigns, according to a new study [PaloAlto Networks]
    - Backdoored images downloaded 5 million times finally removed from Docker Hub [Arstechnica]
  5. The Seven Properties of Highly Secure Devices [Microsoft]
  6. Ever wondered how those adverts manage to keep on finding you – even when you go incognito, switch devices, or never actually searched for the product in the first place? Let us count the (many, many) ways [THREAD]
    - time to think about fingerprinting again… (see last post here )
  7. Facebook confirms data sharing with Chinese companies [Reuters]
  8. Creating Quick Mass Scanning Tool with Python and ZMap [Cybrary]
    - for your own, authorised networks of course ;)
  9. The InvisiMole malware allows attackers to take control of a machine and silently allow them to here and see through the computer [WeLiveSecurity]
  10. VPNFilter Malware is Worse Than We Thought [SANS]
    - “One good defensive measure you can take is to make sure remote administration of your devices is disabled, or if it must be enabled, tightly control the access and check the logs. Be proactive checking for and applying appropriate firmware updates.” – Neely
  11. Deepfake Videos Are Getting Impossibly Good (disturbing?) [Gizmodo]
  12. MIT researchers develop frequency-hopping transmitter that fends off attackers (yay, some good and interesting news :) )

Infosec bits for week 21/18

Roderick Mooi

  1. Check that your Adobe products have been updated (as always…) [The Register]
    - and if that’s not enough:
    - PDF exploit built to combine zero-day Windows and Adobe Reader bugs [SC Magazine]
    - www.welivesecurity.com/2018/05/15/tale-two-zero-days/
  2. Preventing and recovering from ransomware: No More Ransom project
    - www.nomoreransom.org/en/prevention-advice.html
  3. Mirai botnet adds three new attacks to target IoT devices (including routers and DVRs) [ZDNet]
  4. It only took five hours to close a critical vulnerability in Signal’s desktop client [Cyberscoop]
  5. Side-Channel Vulnerability Variants 3a and 4 (aka New variants on Meltdown and Spectre) [US-CERT]
  6. Google’s Selfish Ledger ideas can also be found in its patent applications [The Verge]
  7. Is your browsing safe against tracking?
    - panopticlick.eff.org/
    - browserleaks.com/
    - amiunique.org/

Infosec bits for week 20/18

Roderick Mooi

  1. What Makes a Cybersecurity Team Successful? [SANS]
    - `The real point is “well prepared, well trained, well managed teams using mature processes will perform better, and need less ad hoc personal interaction to do so.” ‘ – Pescatore
    - `One difference between a “team” and any other group of people is a “plan.” At a minimum, a plan will say who will do what and when they will do it.’ – Murray
    - The SANReN CSIRT is here to help – talk to us :)
  2. Drupal Sites Fall Victims to Cryptojacking Campaigns [Bleeping Computer]
    - Large cryptojacking campaign targeting vulnerable Drupal websites [Bad Packets Report]
    - In case you missed it last time, we hope you’ve patched (and are maintaining) your Drupal instances…
  3. The Digital Vigilantes Who Hack Back [The New Yorker]
    - an interesting read, PG L – would’ve removed it if I was allowed to hack back ;)
  4. ‘Next generation’ flaws found on computer processors: magazine [Reuters]
    - Exclusive: Spectre-NG – Multiple new Intel CPU flaws revealed, several serious [c’t]