C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 04/19

Roderick Mooi

  1. Universities cyber attack each other to test defences [UKAuthority]
    - see also: “It is unrealistic to expect the education system to tighten their security and it will never be hacked again, it is more a case of being one step ahead of the hacker and realising how they will hack this information and then securing it so that they cannot. Using ‘white hackers’ in this situation is a smart idea as they know all the techniques that the hackers will use to creep their way in to this sensitive information. Security is always changing, so it is vital we keep up with it.” – www.itproportal.com/features/education-industry-not-making-the-grade-for-cybersecurity/
  2. Mass email hacker targets Glasgow Caledonian University as students warned to ‘stay vigilant’ amid security fears [The Scottish Sun]
  3. How Universities Can Mitigate IoT Risk on Campus [EdTech]
    - see also: Security refresh teaches James Cook University the value of better visibility
  4. Data breaches, cyberattacks are top global risks alongside natural disasters and climate change [Zero Day Net]
    - Report available at www.weforum.org/reports/the-global-risks-report-2019
    - see also: South African cybersecurity trends for 2019
  5. Collection 1 data breach leaks 773 million records [MyBroadband]
    - Note that this is allegedly a combination of previous breached datasets. Worthwhile reminder though to check whether your information has been involved in a publicised leak(s)/breach(es).
  6. ‘It’s like they took a rug and covered it up’: Flight booking web app used by scores of airlines still vuln to attack – claim [The Register]
  7. Microsoft LAPS – Blue Team / Red Team [SANS ISC]
  8. ICASA’s hearings on its cybersecurity role are on 17 & 18 January: here’s a synopsis of submissions received [Lucien Pierce]
  9. Cybersecurity talent: thinking outside the ‘technical proficiency’ box [Networks Asia]
  10. Google Public DNS now supports DNS-over-TLS [Google Security Blog]
  11. mkcert: valid HTTPS certificates for localhost [Filippo.io]
  12. Windows 7 KMS Activation Issues Caused by Microsoft Mistake, Not an Update [Bleeping Computer]
    - Microsoft article: Activation failures and “not genuine” notifications around January 8, 2019, on volume-licensed Windows 7 KMS clients
  13. Global DNS Hijacking Campaign: DNS Record Manipulation at Scale [FireEye]
  14. 2FA codes can be phished by new pentest tool [Naked Security]
  15. Exclusive: How a Russian firm helped catch an alleged NSA data thief [Politico]
  16. Mondelez sues Zurich over $100m cyberhack insurance claim [The Irish Times]
  17. The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC [Commission Nationale de l’Informatique et des Libertés]
  18. ShmooCon 2019 streams [ShmooCon]

Infosec bits for week 02/19

Roderick Mooi

  1. Security Awareness Made Simple: 2019 Security Awareness Campaign Materials [EDUCAUSE]
    - see also: Information Security Guide: Effective Practices and Solutions for Higher Education
  2. ICASA to hold hearings on cybersecurity [MyBroadband]
    - see also: Top IT security stories in 2018
  3. Hacker steals 10 years worth of data from San Diego school district [ZDNet]
    - Official notice
  4. Ransomware suspected in cyberattack that crippled major US newspapers [ZDNet]
    - see also: Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
  5. JungleSec Ransomware Infects Victims Through IPMI Remote Consoles [Bleeping Computer]
    - see also: Linux Servers Appear Most Affected by IPMI Enabled JungleSec Ransomware Attacks
    - and: The Week in Ransomware – January 4th 2019 – IPMI, FilesLocker, and More
  6. Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks [ZDNet]
    - see also: Users report losing Bitcoin in clever hack of Electrum wallets
  7. Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services [US Department of Justice]
  8. Microsoft, Google Use Artificial Intelligence to Fight Hackers [Fortune]
  9. Raspberry Pi VPN Server: Build Your Own Virtual Private Network [Pi My Life Up]
    - and while you’re at it, consider this: Mmm… Pi-hole…
  10. New hardware-agnostic side-channel attack works against Windows and Linux [ZDNet]
  11. Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie [The Hacker News]
  12. India authorizes 10 agencies to intercept, monitor, and decrypt citizens’ data [ZDNet]
  13. Smart Home – Smart Hack
    - Worth watching – esp. if you’re considering using smart IOT devices in your own home

Infosec bits for week 51/18

Roderick Mooi

  1. Defending your university against the top 3 cyber threats [UK National Cyber Security Centre]
    - see also: How to defend your university against top cyber security threats
  2. Super Micro says external security audit found no evidence of backdoor chips [ZDNet]
    - see also: Audit: No Chinese surveillance implants in Supermicro boards found
  3. Signal: We can’t include a backdoor in our app for the Australian government [ZDNet]
    - see also: What’s actually in Australia’s encryption laws? Everything you need to know
  4. Russian disinformation ops were bigger than we thought [cyberscoop]
  5. Amazon S3 Block Public Access – Another Layer of Protection for Your Accounts and Buckets [AWS]
  6. Researchers Created Fake ‘Master’ Fingerprints to Unlock Smartphones [MOTHERBOARD]
  7. Kubernetes’ first major security hole discovered [ZDNet]
    - Official announcement: The Kubernetes privilege escalation flaw: Innovation still needs IT security expertise
  8. Cyber Intrusion Services Casebook 2018 [CrowdStrike]
    - “Stories from the front lines of Incident Response in 2018 and insights that matter for 2019” – some interesting case studies and useful recommendations starting on page 10…
    - see also: Active Directory Kill Chain Attack & Defense (“This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.”)
  9. Adventures in Video Conferencing Part 5: Where Do We Go from Here? [Project Zero]
  10. Humble Book Bundle: Hacking for the Holidays by No Starch Press
    - “Get Serious Cryptography: A Practical Introduction to Modern Encryption, Black Hat Python, Android Security Internals, and more” from as little as $1

Infosec bits for week 47/18

Roderick Mooi

  1. Attempted cyberattack results in network shutdown at St. Francis Xavier University [Global News]
    - see also: Cryptocoin mining forces St. F.X. to disable IT system
    - and: University shuts down network to thwart Bitcoin cryptojacking scheme
  2. Hacking forces MSU to stop SRC polls [Newsday]
  3. Where Does Your Institution Store—and How Does It Secure—Student Data? [EDUCAUSE]
    - “Show your campus registrars and enrollment managers why cybersecurity matters and how they can work together with IT and information security staff to protect student data.”
    - see also: Privacy at St. Thomas University: What’s public, what’s secret?
  4. Embedding Security in the Academy [EDUCAUSE]
    - “What would “security as a strategic business function” look like in a higher education information security program, and how can we get there?”
  5. Hacking for Defense Class Sets Students on Solutions for National Security Problems [DukeTODAY]
    - see also: Fairmont State University, WV, promotes cybersecurity through ‘Iron Falcon’ space program
    - and: Inside CSAW, a Massive Student-Led Cybersecurity Competition
  6. Encryption flaws in solid state drives enable unauthorized data access [SC Magazine]
    - Detail/research: www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
    - Microsoft advisory: ADV180028 | Guidance for configuring BitLocker to enforce software encryption
  7. Apache alerts developers of remote code execution flaw [cyberscoop]
  8. Apple Modernizes Its Hardware Security with T2 [threatpost]
  9. 1 Thing You Can Do To Make Your Internet Safer And Faster [cloudflare]
  10. GPUs are vulnerable to side-channel attacks [NetworkWorld from IDG]
  11. Why cryptojacking malware is a bigger threat to your PC than you realise [ZDNet]
  12. We don’ need no stinkin’ bounties: VirtualBox guest-to-host escape zero-day lands at GitHub [The Register]
  13. Internet Vulnerability Takes Down Google [ThousandEyes]
  14. How 1Password Works – Getting under the hood [David Schuetz]
  15. The Spy Drone In Your Cloud [Check Point]

Infosec bits for week 44/18

Roderick Mooi

  1. Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks [Krebs on Security]
  2. Cybersecurity isn’t being taken seriously enough: MIT professor [CNBC]
  3. Ask the Experts: How Do Campus Computing Environments Affect Cybersecurity Concerns? [EdTech]
  4. Before You Connect a New Computer to the Internet [NCCIC]
  5. Internet Solutions warns of security breach [MyBroadband]
  6. Yahoo must pay $50 million in damages for data breaches[The Verge]
  7. Facebook reportedly aims to buy a ‘major’ cybersecurity company [Engadget]
  8. The Cybersecurity 202: Google steps up security efforts as most campaigns use its email services [The Washington Post]
    - See also: Russian national charged with attempting to interfere in 2018 midterms
  9. Joint report on publicly available hacking tools [NCSC]
    - “In it we highlight the use of five publicly-available tools, observed in recent cyber incidents around the world. To aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.”
  10. Supply Chain Security 101: An Expert’s View [Krebs on Security]
    - See also: Super Micro to review hardware for malicious chips [Reuters]
  11. Remote Desktop Connection (RDP) – Certificate Warnings [Microsoft]
    - an older article but well worth reading if you use RDP to access Windows systems
  12. The Mysterious Return of Years-Old Chinese Malware [Wired]
  13. Cathy Pacific data breach
  14. The Sony Smart TV Exploit: An Inside View of Hijacking Your Living Room [Fortinet]
  15. Apple Just Killed The ‘GrayKey’ iPhone Passcode Hack [Forbes]
  16. Hacker Discloses New Windows Zero-Day Exploit On Twitter [The Hacker News]
  17. You’re Not Imagining It: Civilization is Flickering, Part 1 [Michael Assante]
    - Part 2

Infosec bits for week 41/18

Roderick Mooi

  1. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies [Bloomberg]
    - so for the story of the week, which side do you choose? Theory, truth or conspiracy?
    - AWS
    - Apple
    - see also: Supply Chain Security Speculation and Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?
    - and if you can’t get enough: hn.algolia.com/?query=supermicro
  2. Facebook Could Be Fined $1.63 Billion by European Privacy Regulators Over Latest Data Breach, Report Says [FORTUNE]
    - Security Update
    - Hope I don’t have one of those 50m accounts :-/
  3. Google+ Is Shutting Down After a Security Bug Exposed User Info [MotherBoard]
    - Google+ Breach — What Happened, Who Was Impacted And How To Delete Your Account [Forbes]
    - and if you have a WSJ subscription
    - Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+ [Google]
  4. Microsoft Has Pulled the Windows 10 October 2018 Update [Bleeping Computer]
    - Microsoft update
  5. Get Cyber Skilled [ECSM]
    - see also: IT security top tips
    and PDF guide
  6. How to turn your people into your best defence [TEISS] – which links to: Free ESET Cybersecurity Awareness Training (might be cool?)
  7. 945 data breaches led to compromise of 4.5 billion data records in first half of 2018 [Help Net Security]
    - get the report here
    - see also: Why 31% of data breaches lead to employees getting fired [TechRepublic]
    - and: Heathrow fined for USB stick data breach
  8. APT38: Details on New North Korean Regime-Backed Threat Group [FireEye]
  9. Four critical KPIs for securing your IT environment [Help Net Security]
  10. SIEM, UBA, UEBA… If you’re suffering netsec acronym overload, then here’s our handy guide [The Register]
  11. It’s 2018, and network middleware still can’t handle TLS without breaking encryption [Zero Day]
  12. Spectre and Meltdown Hardware Protection Added to Intel’s 9th Gen CPUs [Bleeping Computer]
  13. Intel ME Manufacturing Mode: obscured dangers and their relationship to Apple MacBook vulnerability CVE-2018-4251 [Positive Technologies]
  14. Identifying a phisher [SANS ISC]

Infosec bits for week 39/18

Roderick Mooi

  1. Infinite Campus DDoS attack impedes access to student data [Zero Day]
  2. Education Department warns that students on financial aid are being targeted in phishing attacks [The Washington Post]
    - see also: ifap.ed.gov/eannouncements/083118ActivePhishingCampaignTargetStudentEmailAccount.html
  3. One Way Office 365 Phishing Attacks Are Getting Sneakier [Redmond Magazine]
    - see also: www.avanan.com/resources/phishpoint-attack
    - and: healthitsecurity.com/news/phishing-attacks-that-impersonate-trusted-individuals-on-the-rise
  4. Dutch expelled Russians over alleged novichok lab hacking plot [The Guardian]
    - see also: arstechnica.com/information-technology/2018/09/russians-tried-to-hack-swiss-lab-testing-samples-from-skripal-attack/
    - and: www.bloomberg.com/view/articles/2018-09-18/russian-hackers-aren-t-the-only-ones-to-worry-about
  5. Newegg users’ credit card info was exposed to hackers for a month [The Verge]
    - see also: www.volexity.com/blog/2018/09/19/magecart-strikes-again-newegg/
    - and: www.riskiq.com/blog/labs/magecart-newegg/
  6. Think Like An Attacker: How a Red Team Operate [Dark Reading]
  7. Microsoft offers completely passwordless authentication for online apps [Ars Technica]
    - see also: www.zdnet.com/article/microsoft-heres-why-were-declaring-end-of-password-era/
    - and: cloudblogs.microsoft.com/microsoftsecure/2018/09/24/delivering-security-innovation-that-puts-microsofts-experience-to-work-for-you/
    - and: www.wired.com/story/yubikey-series-5-fido2-passwordless/
  8. Internet Organised Crime Threat Assessment 2018 [Europol]
    - see also: www.helpnetsecurity.com/2018/09/26/mcafee-labs-threats-report-september-2018/
    - and: www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
  9. Monero bug could have allowed hackers to steal massive amounts of cryptocurrency [Zero Day]
    - see also: fortune.com/2018/09/20/cryptocurrency-exchange-hack-zaif-japan-60-million/
  10. Equifax IT staff had to rerun hackers’ database queries to work out what was nicked – audit [The Register]
  11. Expanding DNSSEC Adoption [Cloudflare]
  12. Why I’m done with Chrome [Matthew Green]
    - see also: threatpost.com/googles-forced-sign-in-to-chrome-raises-privacy-red-flags/137651/
    - and: www.zdnet.com/article/backlash-sees-change-in-chrome-login-and-google-account-behaviour/

Infosec bits for week 37/18

Roderick Mooi

  1. British Airways boss apologises for ‘malicious’ data breach [BBC]
    - see also: BA apologizes after 380,000 customers hit in cyber attack [REUTERS]
    - Juicy, more technical details: Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims [RISKIQ]
  2. How US authorities tracked down the North Korean hacker behind WannaCry [ZDNet]
    - Also: MarkOfTheWeb: How a Forgetful Russian Agent Left a Trail of Breadcrumbs [RISKIQ]
  3. The Adoption of Multi-Factor Authentication in Higher Education [StaySafeOnline]
  4. The Equifax Breach One Year Later: 6 Action Items for Security Pros [DARKReading]
    - Of additional interest: Protected Voices – your voice matters, so protect it
    — “But even beyond political campaigns, the cybersecurity information contained in these videos—which ranges from protecting passwords to social engineering threats to what to do if you think you’ve been hacked—will be helpful to anyone who uses a computer.”
  5. Where have all my Certificates gone? [SANS ISC]
    - see also: How to nab a HTTPS cert for a stranger’s website: Step one, shatter those DNS queries… [The Register]
    - and Why do we need HTTPS?
  6. Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure [BLACK HILLS]
  7. The Chilling Reality of Cold Boot Attacks [F-Secure]
  8. Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob [WIRED]
    - Tesla Will Restore Car Firmware/OS When Hacking Goes Wrong [Bleeping Computer]
  9. Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw [threatpost]
    - Technical POC: Apple Safari & Microsoft Edge Browser Address Bar Spoofing – Writeup [Rafay Baloch]
  10. MacOS Security Baseline Script – tips for securing MacOS
  11. Security Management Guide [Praxiom]
    - aiming to make ISO 27001, 27002, 28000, 31000 and 22301 easier to understand and implement
  12. 10 Coolest Jobs in Cybersecurity [SANS]

Infosec bits for week 35/18

Roderick Mooi

  1. Protecting the research & education sector against cyber attacks [in THE FIELD]
  2. Iranian Hackers Charged in March Are Still Actively Phishing Universities [Bleeping Computer]
    - see also (IOCs): Back to School: COBALT DICKENS Targets Universities [Secureworks]
    - and www.cnet.com/google-amp/news/cybersecurity-101-how-universities-are-dealing-with-hackers/
  3. Apache Struts Vulnerability POC Code Found on GitHub [Recorded Future]
    - see also: Another Year, Another Critical Struts Flaw – NB: links to hardening guides in the “You Can’t Install a Patch That Doesn’t Exist” section
    - and Hardening Apache Struts with SELinux [Double Pulsar]
  4. Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface [CERT-CC]
    - Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day [Bleeping Computer]
  5. Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades [Bleeping Computer]
    - see: nvd.nist.gov/vuln/detail/CVE-2018-15473 (user enumeration vulnerability)
  6. Following account hacks, Instagram will finally support third party 2FA apps [Mashable]
    - see also: Instagram’s New Security Tools are a Welcome Step, But Not Enough [Krebs on Security]
  7. The enemy is us: a look at insider threats [Malwarebytes LABS]
  8. Don’t shoot messenger [EFF (the other one again)]
  9. A cryptocurrency exchange hack with a North Korean accent [Kaspersky lab]
  10. Pwned Passwords, Now As NTLM Hashes! [Troy Hunt]
  11. Facebook removes 652 fake accounts and pages meant to influence world politics [The Guardian]
  12. Former NSA, CIA director on cyber, Facebook and hacking back [Fifth Domain]