9283 8B4A 87FE DC6E C327 EF05 70A8 B78D 1623 3FB5

Infosec bits for week 39/18

  1. Infinite Campus DDoS attack impedes access to student data [Zero Day]
  2. Education Department warns that students on financial aid are being targeted in phishing attacks [The Washington Post]
    - see also: ifap.ed.gov/eannouncements/083118ActivePhishingCampaignTargetStudentEmailAccount.html
  3. One Way Office 365 Phishing Attacks Are Getting Sneakier [Redmond Magazine]
    - see also: www.avanan.com/resources/phishpoint-attack
    - and: healthitsecurity.com/news/phishing-attacks-that-impersonate-trusted-individuals-on-the-rise
  4. Dutch expelled Russians over alleged novichok lab hacking plot [The Guardian]
    - see also: arstechnica.com/information-technology/2018/09/russians-tried-to-hack-swiss-lab-testing-samples-from-skripal-attack/
    - and: www.bloomberg.com/view/articles/2018-09-18/russian-hackers-aren-t-the-only-ones-to-worry-about
  5. Newegg users’ credit card info was exposed to hackers for a month [The Verge]
    - see also: www.volexity.com/blog/2018/09/19/magecart-strikes-again-newegg/
    - and: www.riskiq.com/blog/labs/magecart-newegg/
  6. Think Like An Attacker: How a Red Team Operate [Dark Reading]
  7. Microsoft offers completely passwordless authentication for online apps [Ars Technica]
    - see also: www.zdnet.com/article/microsoft-heres-why-were-declaring-end-of-password-era/
    - and: cloudblogs.microsoft.com/microsoftsecure/2018/09/24/delivering-security-innovation-that-puts-microsofts-experience-to-work-for-you/
    - and: www.wired.com/story/yubikey-series-5-fido2-passwordless/
  8. Internet Organised Crime Threat Assessment 2018 [Europol]
    - see also: www.helpnetsecurity.com/2018/09/26/mcafee-labs-threats-report-september-2018/
    - and: www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
  9. Monero bug could have allowed hackers to steal massive amounts of cryptocurrency [Zero Day]
    - see also: fortune.com/2018/09/20/cryptocurrency-exchange-hack-zaif-japan-60-million/
  10. Equifax IT staff had to rerun hackers’ database queries to work out what was nicked – audit [The Register]
  11. Expanding DNSSEC Adoption [Cloudflare]
  12. Why I’m done with Chrome [Matthew Green]
    - see also: threatpost.com/googles-forced-sign-in-to-chrome-raises-privacy-red-flags/137651/
    - and: www.zdnet.com/article/backlash-sees-change-in-chrome-login-and-google-account-behaviour/

Infosec bits for week 37/18

  1. British Airways boss apologises for ‘malicious’ data breach [BBC]
    - see also: BA apologizes after 380,000 customers hit in cyber attack [REUTERS]
    - Juicy, more technical details: Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims [RISKIQ]
  2. How US authorities tracked down the North Korean hacker behind WannaCry [ZDNet]
    - Also: MarkOfTheWeb: How a Forgetful Russian Agent Left a Trail of Breadcrumbs [RISKIQ]
  3. The Adoption of Multi-Factor Authentication in Higher Education [StaySafeOnline]
  4. The Equifax Breach One Year Later: 6 Action Items for Security Pros [DARKReading]
    - Of additional interest: Protected Voices – your voice matters, so protect it
    — “But even beyond political campaigns, the cybersecurity information contained in these videos—which ranges from protecting passwords to social engineering threats to what to do if you think you’ve been hacked—will be helpful to anyone who uses a computer.”
  5. Where have all my Certificates gone? [SANS ISC]
    - see also: How to nab a HTTPS cert for a stranger’s website: Step one, shatter those DNS queries… [The Register]
    - and Why do we need HTTPS?
  6. Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure [BLACK HILLS]
  7. The Chilling Reality of Cold Boot Attacks [F-Secure]
  8. Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob [WIRED]
    - Tesla Will Restore Car Firmware/OS When Hacking Goes Wrong [Bleeping Computer]
  9. Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw [threatpost]
    - Technical POC: Apple Safari & Microsoft Edge Browser Address Bar Spoofing – Writeup [Rafay Baloch]
  10. MacOS Security Baseline Script – tips for securing MacOS
  11. Security Management Guide [Praxiom]
    - aiming to make ISO 27001, 27002, 28000, 31000 and 22301 easier to understand and implement
  12. 10 Coolest Jobs in Cybersecurity [SANS]

Infosec bits for week 35/18

  1. Protecting the research & education sector against cyber attacks [in THE FIELD]
  2. Iranian Hackers Charged in March Are Still Actively Phishing Universities [Bleeping Computer]
    - see also (IOCs): Back to School: COBALT DICKENS Targets Universities [Secureworks]
    - and www.cnet.com/google-amp/news/cybersecurity-101-how-universities-are-dealing-with-hackers/
  3. Apache Struts Vulnerability POC Code Found on GitHub [Recorded Future]
    - see also: Another Year, Another Critical Struts Flaw – NB: links to hardening guides in the “You Can’t Install a Patch That Doesn’t Exist” section
    - and Hardening Apache Struts with SELinux [Double Pulsar]
  4. Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface [CERT-CC]
    - Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day [Bleeping Computer]
  5. Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades [Bleeping Computer]
    - see: nvd.nist.gov/vuln/detail/CVE-2018-15473 (user enumeration vulnerability)
  6. Following account hacks, Instagram will finally support third party 2FA apps [Mashable]
    - see also: Instagram’s New Security Tools are a Welcome Step, But Not Enough [Krebs on Security]
  7. The enemy is us: a look at insider threats [Malwarebytes LABS]
  8. Don’t shoot messenger [EFF (the other one again)]
  9. A cryptocurrency exchange hack with a North Korean accent [Kaspersky lab]
  10. Pwned Passwords, Now As NTLM Hashes! [Troy Hunt]
  11. Facebook removes 652 fake accounts and pages meant to influence world politics [The Guardian]
  12. Former NSA, CIA director on cyber, Facebook and hacking back [Fifth Domain]