F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Infosec bits for week 24/19

  1. Australian National University hit by huge data breach [Lisa Martin, The Guardian]
  2. Creating a Cybersecurity Strategy for Higher Education [Donald Welch, EDUCAUSE]
  3. Large European Routing Leak Sends Traffic Through China Telecom [Doug Madory, ORACLE]
  4. Sign in with Apple makes privacy a centerpiece [Dennis Fisher, Decipher]
    - see also: Is ‘Sign in with Apple’ Marketing Spin or Privacy Magic? Experts Weigh In
  5. Apple and WhatsApp fight proposal to let spies tap encrypted comms [Liam Tung, Zero Day]
  6. Huge scope of Australia’s new national security laws reveals itself [Stilgherrian, Zero Day]
  7. Corporate Surveillance in Everyday Life [Wolfie Christl, Cracked Labs]
  8. Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware [Krebs on Security]
  9. GitHub brings automated fixes with Dependabot [Fahmida Y. Rashid, Decipher]
  10. Identifying Vulnerabilities in Phishing Kits [Larry Cashdollar, Akamai]

Infosec bits for week 22/19

  1. What Colorado learned from treating a cyberattack like a disaster [Benjamin Freed, Scoop News]
  2. Intense scanning activity detected for BlueKeep RDP flaw [Catalin Cimpanu, Zero Day]
    - MS article: Prevent a worm by updating Remote Desktop Services
    - see also: An Update on the Microsoft Windows RDP “Bluekeep” Vulnerability (CVE-2019-0708) [now with pcaps]
  3. Infected by ransomware? – don’t forget the ‘No More Ransom!’ project (new decryptors available)
  4. Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable [Tara Seals, Threatpost]
    - Cisco advisory: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
  5. Notifying administrators about unhashed password storage [Suzanne Frey, Google]
  6. Senators propose bill requiring warrants to search devices at the border [James Martin, CNET]
    - see also: We Got U.S. Border Officials to Testify Under Oath. Here’s What We Found Out.
  7. 0day “In the Wild” [Ben Hawkes, Project Zero]
  8. Fun With Custom URI Schemes [Dominik Penner]
  9. Video: nmap Service Detection Customization [Didier Stevens, Internet Storm Center]
  10. The winner in the war on Huawei is Samsung [Chris Duckett, Zero Day]

Infosec bits for week 19/19

  1. Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018 [SC Media]
  2. Cybersecurity Stars: In a field dominated by men, female researchers take the lead at CMU [Carnegie Mellon University]
  3. In a first, Israel responds to Hamas hackers with an air strike [Zero Day]
  4. Tracking Phones, Google Is a Dragnet for the Police [New York Times]
  5. Apple and Google battle for the future of privacy [Zero Day]
    - see also: What do tech giants know about you? A new tool shows you just how much
  6. Microsoft recommends using a separate device for administrative tasks [Zero Day]
    - see also: 3 investments Microsoft is making to improve identity management
  7. Amazon can’t yet completely delete Alexa voice transcriptions [Zero Day]
  8. Oh dear. Secret Huawei enterprise router snoop ‘backdoor’ was Telnet service, sighs Vodafone [The Register]
  9. Cryptojacking in the post-Coinhive era [Malwarebytes Labs]
  10. Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak [Ars Technica]
    - see also: Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
  11. Johnny-You-Are-Fired

Infosec bits for week 17/19

  1. The EDUCAUSE Information Security Almanac 2019
    - “This two-page, easy-to-scan almanac shares the most important EDUCAUSE data regarding the state of information security, privacy, and identity management in higher education.”
    - see also: Campus MFA Practices
  2. SANS Top New Attacks and Threat Report
    - “There is no shortage of media coverage of breaches and outages, and there are many places to find backward-looking statistics about how many attacks were launched in cyberspace. What is harder to find is expert analysis of the areas security managers should prioritize in order to increase effectiveness and efficiency in dealing with known threats while also minimizing the risk from emerging attacks. For the past 13 years, the SANS “Five Most Dangerous Attacks” expert panel at the annual RSA Conference has filled that gap. This SANS whitepaper begins with a baseline of statistics from two of the most reliable sources of breach and malware data, then summarizes the expert advice from the SANS instructors on the RSA panel, detailing the emerging threats to look out for in 2019 and beyond.”
  3. McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all [Ars Technica]
  4. IT Security Guidelines for Transport Layer Security [NCSC]
    - “These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS)…These guidelines are technical in nature. They help an organisation choose between all possible configurations of TLS to arrive at a secure configuration. An administrator or supplier then applies this configuration.”
  5. Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent [Business Insider]
    - see also: Facebook security notice announces millions of Instagram users had their passwords stored in plaintext
  6. DNS Hijacking Abuses Trust In Core Internet Service [Talos]
  7. Popular jQuery JavaScript library impacted by prototype pollution flaw [Zero Day]
  8. Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks [@GelosSnake]
  9. How Not to Acknowledge a Data Breach [Krebs on Security]
  10. Dragonblood – Analysing WPA3’s Dragonfly Handshake
  11. Security BSides San Francisco – incl. BSidesSF 2019 videos
  12. Darknet Diaries Ep 36: Jeremy from Marketing (PG L)
    - “A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned.”
    - (podcast account of threader.app/thread/1063423110513418240)

Infosec bits for week 15/19

  1. 3 Ways Universities Can Keep Their Data Safe [EdTech Magazine]
  2. Hackers beat university cyber-defences in two hours [BBC News]
  3. Georgia Tech Data Breach Exposed 1.3 Million Records [Latest Hacking News]
  4. CyberStart: Finding the Best Candidates for Student Cybersecurity Positions…and Beyond! [EDUCAUSE review]
  5. Hacker group has been hijacking DNS traffic on D-Link routers for three months [Zero Day Net]
    - see also: Rapidly multiplying IoT cyber attacks use well-known weaknesses
  6. The Windows 10 security guide: How to safeguard your business [Zero Day Net]
  7. Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print [Threatpost]
  8. Google’s Making It Easier to Safeguard Sensitive Data Troves [WIRED]
  9. Vulnerability in Xiaomi Pre-Installed Security App [Check Point Research]
  10. Making Passwords Simple [SANS OUCH! Newsletter]
  11. A few Ghidra tips for IDA users, part 1 – the decompiler/unreachable code [SANS ISC InfoSec Forums]
  12. Hardenize
    - “With so many security features to deploy and services to configure, we all need help to understand what our networks look like, if they’re configured correctly, and if they’re protected using appropriate security standards. Things break and certificates expire. Our discovery and continuous monitoring services keep an eye on your infrastructure, prevent breakage, and enable you to have exactly the security you want.”
  13. Thumb drive carried by Mar-a-Lago intruder immediately installed files on a PC [Ars Technica]
    - see also: Mar-a-Lago’s Security Problems Go Way Beyond a Thumb Drive

Advisories for week 12/19

  1. Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers [Bleeping Computer]
  2. Cisco Patches Critical ‘Default Password’ Bug [Threatpost]
    - Look out for all the NX-OS vulns as well
  3. Intel Advisories
    - Updated Firmware available for: CSME, Server Platform Services, Trusted Execution Engine and Intel® Active Management Technology
    - Check for system firmware updates from your manufacturer
    - Update Intel® Graphics Driver for Windows
  4. *Microsoft March Patch Tuesday comes with fixes for two Windows zero-days [Zero Day]

Infosec bits for week 12/19

  1. Hackers breach admissions files at three private colleges [The Washington Post]
  2. Fighting cybercrime in the research & education sector [In The Field]
  3. The Five Most Dangerous New Attack Techniques and How to Counter Them [RSA Conference]
  4. Google: Chrome zero-day was used together with a Windows 7 zero-day [Zero Day]
    - Patches available from Microsoft
  5. Google reveals “high severity” flaw in macOS kernel [Neowin]
  6. NSA’s Ghidra Reverse Engineering Framework Stirs Up Malware Researchers [Bleeping Computer]
  7. Marriott CEO shares post-mortem on last year’s hack [Zero Day]
  8. Dutch Data Protection Authority chips away at ‘cookie walls,’ declaring they violate GDPR [SC Media]
    - see also: Dispelling GDPR Myths: Avoid the Compliance Trap, Make Real Security/Privacy Gains
  9. Gone in six seconds? Exploiting car alarms [Pen Test Partners]
  10. Facebook’s Data Deals Are Under Criminal Investigation [The New York Times]
    - Facebook in the news again, not surprising :/
    When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security
    - But, When Facebook Goes Down, Don’t Blame Hackers
    - See also: Facebook exploit – Confirm website visitor identities
    - Are you sure you really still want that Facebook account? ;)
  11. W3C approves WebAuthn as the web standard for password-free logins [Venture Beat]
  12. Introducing Firefox Send, Providing Free File Transfers while Keeping your Personal Information Private [Mozilla]
  13. Researchers break digital signatures for most desktop PDF viewers [Zero Day]
  14. Meet the New ‘Public-Interest Cybersecurity Technologist’ [Dark Reading]
  15. StackStorm – From Originull to RCECVE-2019-9580 [Barak Tawily]

Infosec bits for week 08/19

  1. Power Company Has Security Breach Due to Downloaded Game [Bleeping Computer]
    - as if load shedding’s not enough :-/
  2. The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey [SANS]
  3. Facebook broad data collection ruled illegal by German anti-trust office [ZDNet]
  4. What Happens If Russia Cuts Itself Off From the Internet [Wired]
  5. Selecting the Right SOC Model for Your Organization [Gartner]
    - see also: The CIS Critical Security Controls for Effective Cyber Defense
  6. The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme [CNBC]
    - see also: Where’s the Equifax Data? Does It Matter?
  7. Ransomware Attacks Target MSPs to Mass-Infect Customers [Bleeping Computer]
  8. BOV [Bank of Valletta] goes dark after hackers go after €13m [Times of Malta]
  9. Mitigations against Mimikatz Style Attacks [SANS ISC]
  10. How to Test Bro-Sysmon [Salesforce Engineering]
  11. Are airlines putting your data at risk? [Wandera]
  12. Many popular iPhone apps secretly record your screen without asking [Tech Crunch]
  13. Android Phones Can Get Hacked Just by Looking at a PNG Image [The Hacker News]
  14. Spying on Safari in Mojave [Jeff Johnson]

Advisories for week 06/19

  1. Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
    - MS advisory
  2. Google Chrome update contains 58 security fixes
  3. Firefox 65 Released with Updated Content Blocking, MSI Installers, and More
    - but: www.zdnet.com/article/windows-firefox-65-rollout-halted-by-mozilla-av-clash-stopped-users-browsing/
  4. Update for Windows Defender antimalware platform
    - oh wait, Windows 10 might not boot afterwards and the workarounds… hmm, really :-/

Infosec bits for week 06/19

  1. Team America tries to crash Little Rocket Man’s Joanap botnet from within, warns owners of infected boxes [The Register]
  2. Abusing Exchange: One API call away from Domain Admin [dirkjanm.io]
    - see also: You’re an admin! You’re an admin! You’re all admins, thanks to this Microsoft Exchange zero-day and exploit
    - and: Relaying Exchange’s NTLM authentication to domain admin
  3. Facebook pays teens to install VPN that spies on them [TechCrunch]
    - see also: Facebook Has Just Been Caught Spying On Users’ Private Messages And Data — Again
    - and: Why Facebook’s Banned ‘Research’ App Was So Invasive
    - lastly: Apple blocks Facebook from running its internal iOS apps
  4. FaceTime bug lets callers eavesdrop on recipients [SC Magazine]
    - see also: Apple says iOS fix for Group FaceTime bug now coming next week, issues apology
  5. ENISA: Updated network forensics training material [ENISA]
  6. The Cybersecurity Workforce Gap [CSIS]
  7. SpeakUp Linux Backdoor Sets Up for Major Attack [Threatpost]
  8. Unlocking God Mode on x86 Processors [Hackaday]
  9. Understanding Ubiquiti Discovery Service Exposures [Rapid7]
  10. Over 9,000 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653 [Bad Packets Report]
  11. Net neutrality: Federal judges had tough questions for the FCC [The Washington Post]
  12. I used to be a dull John Doe. Thanks to Huawei, I’m now James Bond! [The Register]