F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Infosec bits for week 29/19

  1. Monroe College hacked, $2 million in Bitcoin demanded as ransom [Rocco Parascandola (interesting name!) and Thomas Tracy, New York Daily News ]
    - see also: Monroe College Hit With Ransomware, $2 Million Demanded – with interesting note that “The United States Conference of Mayors to make a non-binding agreement to not pay ransomware demands going forward”
  2. Microsoft Office 365: Banned in German schools over privacy fears [Cathrin Schaer, Zero Day]
    - see also: Increasing transparency and customer control over data
    - see also: Microsoft Office brings you new privacy controls
  3. British Airways faces record £183m fine for data breach [BBC News]
  4. HTTP Security Headers – A Complete Guide [Carlie Belmer, Null Sweep]
  5. GnuPG 2.2.17 released to mitigate attacks on keyservers [Werner Koch, GnuPG]
    - with ref from last week: SKS Keyserver Network Under Attack
  6. Samba Project tells us “What’s New” – SMBv1 Disabled by Default [Rob VandenBrink, SANS Internet Storm Center]
  7. How to securely erase the data off your iPhone or iPad, Android device, Windows PC, hard drives, SSDs, and flash drives [Adrian Kingsley-Hughes, Zero Day]
  8. Adventures building a Self Driving RC Car [Rahul]
    - I know, not directly security-related but it’s cool (and we’re allowed to end our list with something a bit off-topic ;))

Infosec bits for week 28/19

  1. I was 7 words away from being spear-phished [Robert Heaton]
  2. Introducing Elastic SIEM [Mike Paquette, Elasticsearch B.V.]
  3. SKS Keyserver Network Under Attack [Robert J. Hansen]
    - OpenPGP users take note
  4. Women in Security [Various, SC Magazine]
  5. Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers [Brian Krebs]
  6. Florida city fires IT employee after paying ransom demand last week [Catalin Cimpanu, Zero Day]
  7. Virtual Private Networks (VPNs) – Ouch! Newsletter [Phil Johnsey, Palm Beach County]
  8. Deconstructing Apple Card: A Hacker’s Perspective [Ryan McKamie and Swapnil Deshmukh, Certus Cybersecurity Solutions LLC]

Infosec bits for week 26/19

  1. Security Operations Center (SOC) Case Study [Higher Education Information Security Council (HEISC)]
  2. Evidence obtained unlawfully from Facebook – Does it infringe the right to privacy? [Brian Kahn Inc Attorneys, Go Legal]
  3. Awesome Web Security [@qazbnm456] – Curated list of Web Security materials and resources
  4. The Clouds Are Out to Get Me! [John Strand, SANS Pen Test HackFest Summit 2018]
  5. Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework [NIST CSRC]
  6. How spammers use Google services [Maria Vergelis, Kaspersky Daily]
  7. Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds [Catalin Cimpanu, Zero Day]
    - Primary advisory: Update Regarding Vulnerability Recently Discovered In Komodo’s Agama Wallet
  8. Google open sources Private Join and Compute, a tool for sharing confidential data sets [Natalie Gagliordi, Zero Day]
  9. Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness [Mark Simos, Kristina Laidler and John Dellinger; Microsoft Security]
  10. Microsoft warns about email spam campaign abusing Office vulnerability [Catalin Cimpanu, Zero Day]
  11. TCP SACK PANIC – Kernel vulnerabilities – CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 [Red Hat]
    - CVE-2019-11477
  12. The catch-22 that broke the Internet [Brian Barrett, Wired]