C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 42/19

  1. Free Resources for National Cybersecurity Awareness Month 2019 [Infosec Institute]
  2. Security Education Companion [Electronic Frontier Foundation]
  3. Higher Education Community Vendor Assessment Toolkit [Higher Education Information Security Council (HEISC), Community]
  4. National Student Clearinghouse Playbooks [National Student Clearinghouse]
    - includes a DDoS and Ransomware incident response playbook
  5. Never Trust a Platform to Put Privacy Ahead of Profit [Lily Hay Newman, WIRED]
    - see also: Twitter Uses Phone Numbers, Emails to Sell Ads
  6. The broken record: Why Barr’s call against end-to-end encryption is nuts [Sean Gallagher, Ars Technica]
  7. Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move [Sergiu Gatlan, Bleeping Computer]
    - see also: DNS-over-HTTPS causes more problems than it solves, experts say
  8. AIG says its cyber insurance plans don’t cover criminal acts; wants lawsuit tossed [Jeff Stone, Cyberscoop]
  9. Vulnerabilities exploited in VPN products used worldwide [National Cyber Security Centre UK]
  10. State of Ransomware in the U.S.: 2019 Report for Q1 to Q3 [Emsisoft Malware Lab]
  11. Linux to get kernel ‘lockdown’ feature [Catalin Cimpanu, Zero Day]
  12. Report reveals play-by-play of first U.S. grid cyberattack [Blake Sobczak, E&E News]

Infosec bits for week 39/19

  1. Wind, Trees, and Security Awareness [Ben Woelk]
  2. Ransomware Strikes 49 School Districts & Colleges in 2019 [Kelly Sheridan, Dark Reading]
  3. Rica has been declared unlawful [Kaunda Selisho, The Citizen]
  4. 2019 CWE Top 25 Most Dangerous Software Errors (updated 18 September) [MITRE]
  5. Microsoft releases out-of-band security update to fix IE zero-day & Defender bug [Catalin Cimpanu, Zero Day]
  6. High-severity vulnerability in vBulletin is being actively exploited [Dan Goodin, Ars Technica]
  7. Iowa officials claim confusion over scope led to arrest of pen-testers [Sean Gallagher, Ars Technica]
  8. Emotet Trojan Evolves Since Being Reawakend, Here is What We Know [Lawrence Abrams, Bleeping Computer]
    - see also: Emotet malspam is back
  9. Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices [Hooman Mohajeri Moghaddam et. al.]
    - full paper
    - see also: Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach
  10. The NSA Is Running a Satellite Hacking Experiment [Patrick Ducker, Defense One]

Infosec bits for week 37/19

  1. Who’ll benefit from the Regis University cyberattack? The Denver school’s cybersecurity students. [Elizabeth Hernandez, The Denver Post]
  2. Ransomware shuts down classes, childcare centers in Flagstaff, Arizona [Colin Wood, Scoop News Group]
    - see also: Back to school: With latest attack, ransomware cancels classes in Flagstaff
  3. More than 99% of cyberattacks rely on human interaction [Help Net Security]
  4. Cyber-security incident at US power grid entity linked to unpatched firewalls [Catalin Cimpanu, Zero Day]
  5. MANRS Observatory: Monitoring the State of Internet Routing Security [Andrei Robachevsky, Internet Society]
    - find it here: observatory.manrs.org/
  6. BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks [Mohit Kumar, Teh Hacker News]
  7. Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks [Mohit Kumar, Teh Hacker News]
  8. Security hole opens a billion Android users to advanced SMS phishing attacks [Help Net Security]
  9. Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation [Andrea Fortuna]
  10. Twitter disables SMS-to-tweet feature after its CEO got hacked last week [Catalin Cimpanu, Zero Day]
  11. Why 5G requires new approaches to cybersecurity [Tom Wheeler and David Simpson, The Brookings Institution]

Infosec bits for week 36/19

  1. Every Computer Science Degree Should Require a Course in Cybersecurity [Jack Cable, Harvard Business Publishing]
  2. FinCEN Issues Advisory on Business Email Compromise Schemes and Names Colleges and Universities among Top Targets [Katie Branson, EDUCAUSE]
    - see also: Cyber Claims: GDPR and business email compromise drive greater frequencies
  3. When Ransomware Cripples a City, Who’s to Blame? This I.T. Chief Is Fighting Back [Frances Robles, New York Times]
    - see also: Rockville Center School District pays $88,000 ransom
  4. South Africa’s mass surveillance revealed [Tefo Mohapi, iAfrikan]
    - see also: South African authorities admit to mass surveillance (comments)
  5. Bitcoin Warning As Serious Security Vulnerabilities Uncovered [Billy Bambrough, Forbes]
    - see also: China In the Process of Rolling Out State-Backed Cryptocurrency
  6. Open Redirect: A Small But Very Common Vulnerability [Jan Kopriva, SANS ISC]
  7. Putting an end to Retadup: A malicious worm that infected hundreds of thousands [Jan Vojtěšek, Avast Software]

Infosec bits for week 35/19

  1. The Higher Ed Model for Cybersecurity Compliance [Colleen Johnson, EDUCAUSE Review]
  2. New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks [Ionut Ilascu, Bleeping Computer]
  3. Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs [Catalin Cimpanu, Zero Day]
  4. Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks [Jovi Umawing, Malwarebytes Labs]
    - see also: knobattack.com/
  5. The Difference Between Red, Blue, and Purple Teams [Daniel Miessler]
  6. FNB backs down on password decision after backlash [Duncan Mcleod, NewsCentral Media]
  7. Is this Crown Sterling press release from another planet? [Josh Bernoff]
  8. Employees connect nuclear plant to the internet so they can mine cryptocurrency [Catalin Cimpanu, Zero Day]

Infosec bits for week 33/19

  1. Cyberattack forces Houston County schools to postpone opening day [Doug Olenick, Haymarket Media]
  2. Fraudster Brought Back from Kenya to Face Jail Time for Stealing Almost $750,000 from UCSD through a Spear Phishing Campaign [Alexandra F. Foster, US DOJ]
  3. A Campus Culture of Cybersecurity [Julianne Basinger, The Chronicle of Higher Education]
  4. Windows Defender Gets Perfect Scores in Antivirus Test [Nathaniel Mott, Tom’s Hardware]
  5. Apple halts practice of contractors listening in to users on Siri [Alex Hern, The Guardian]
    - see also: Google: More information about our processes to safeguard speech data
  6. I Always Feel Like Somebody’s Watching Listening to Me (click on link to 29 July article) [Jacob Baines, Tenable TechBlog]
  7. Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V [Mohit Kumar, The Hacker News]
  8. Boffins hacked Siemens Simatic S7, most secure controllers in the industry [Pierluigi Paganini, SecurityAffairs]
  9. Extended Validation Certificates are (Really, Really) Dead [Troy Hunt]
  10. Clever Vanity License Plate Backfires On Man, Winds Up With Tons Of Tickets [Dave Basner, iHeartRadio]

Infosec bits for week 31/19

  1. Louisiana declares emergency over cyberattacks targeting schools [Benjamin Freed, Scoop News Group]
    - see also: Louisiana governor declares state emergency after local ransomware outbreak
    - and: Syracuse cyber attack: Experts say schools easy prey for ransomware
  2. Ed Dept: Hackers created thousands of fake student profiles [Natalie Schwartz, Industry Dive]
    - see also: Ellucian Banner System Vulnerability Update
    - and note: “Attackers are utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals. Ellucian recommends adding reCAPTCHA capabilities to the admission process to reduce the likelihood of experiencing fraudulent applications for admissions, even if institutions are not currently experiencing this issue.”
  3. Student data systems compromised in Hawaii, Tennessee [Ryan Johnston, Scoop News Group]
  4. Most City Power IT systems, networks restored following cyber attack [Alex Mitchley, 24.com]
    - see also: Ransomware incident leaves some Johannesburg residents without electricity
  5. Steps to Safeguard Against Ransomware Attacks [The Cybersecurity and Infrastructure Security Agency (CISA)]
  6. A BEAST and a POODLE celebrating SWEET32 [Bojan Zdrnja]
    - Overview: “In last couple of years we have witnessed many SSL/TLS vulnerabilities with various acronyms: POODLE, BEAST, BREACH, CRIME, DROWN, FREAK and SWEET32 – to name some. Almost every time, a snazzy logo and a lot of panic around the vulnerability made us believe that this is the end of secure communication on the Internet. However, we are yet to see any real hacks that actually exploited one of the above mentioned vulnerabilities. This presentation will explain how these vulnerabilities work and will comment on their viability for web, mobile and fat client applications. We will try to identify the SSL/TLS vulnerabilities who cried wolf, so we can concentrate on those that pose a serious threat (if such exist, that is).”
    - See also: Verifying SSL/TLS configuration
  7. Password Managers [Higher Education Information Security Council (HEISC)]
  8. Teenage hackers are offered a second chance under European experiment [Jeff Stone, Scoop News Group]
  9. The Encryption Debate Is Over – Dead At The Hands Of Facebook [Kalev Leetaru, Forbes Media LLC]
  10. How Cyber Weapons Are Changing the Landscape of Modern Warfare [Sue Halpern, The New Yorker]
    - see also: U.S. Cyber Command simulated a seaport cyberattack to test digital readiness

Infosec bits for week 29/19

  1. Monroe College hacked, $2 million in Bitcoin demanded as ransom [Rocco Parascandola (interesting name!) and Thomas Tracy, New York Daily News ]
    - see also: Monroe College Hit With Ransomware, $2 Million Demanded – with interesting note that “The United States Conference of Mayors to make a non-binding agreement to not pay ransomware demands going forward”
  2. Microsoft Office 365: Banned in German schools over privacy fears [Cathrin Schaer, Zero Day]
    - see also: Increasing transparency and customer control over data
    - see also: Microsoft Office brings you new privacy controls
  3. British Airways faces record £183m fine for data breach [BBC News]
  4. HTTP Security Headers – A Complete Guide [Carlie Belmer, Null Sweep]
  5. GnuPG 2.2.17 released to mitigate attacks on keyservers [Werner Koch, GnuPG]
    - with ref from last week: SKS Keyserver Network Under Attack
  6. Samba Project tells us “What’s New” – SMBv1 Disabled by Default [Rob VandenBrink, SANS Internet Storm Center]
  7. How to securely erase the data off your iPhone or iPad, Android device, Windows PC, hard drives, SSDs, and flash drives [Adrian Kingsley-Hughes, Zero Day]
  8. Adventures building a Self Driving RC Car [Rahul]
    - I know, not directly security-related but it’s cool (and we’re allowed to end our list with something a bit off-topic ;))

Infosec bits for week 28/19

  1. I was 7 words away from being spear-phished [Robert Heaton]
  2. Introducing Elastic SIEM [Mike Paquette, Elasticsearch B.V.]
  3. SKS Keyserver Network Under Attack [Robert J. Hansen]
    - OpenPGP users take note
  4. Women in Security [Various, SC Magazine]
  5. Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers [Brian Krebs]
  6. Florida city fires IT employee after paying ransom demand last week [Catalin Cimpanu, Zero Day]
  7. Virtual Private Networks (VPNs) – Ouch! Newsletter [Phil Johnsey, Palm Beach County]
  8. Deconstructing Apple Card: A Hacker’s Perspective [Ryan McKamie and Swapnil Deshmukh, Certus Cybersecurity Solutions LLC]

Infosec bits for week 26/19

  1. Security Operations Center (SOC) Case Study [Higher Education Information Security Council (HEISC)]
  2. Evidence obtained unlawfully from Facebook – Does it infringe the right to privacy? [Brian Kahn Inc Attorneys, Go Legal]
  3. Awesome Web Security [@qazbnm456] – Curated list of Web Security materials and resources
  4. The Clouds Are Out to Get Me! [John Strand, SANS Pen Test HackFest Summit 2018]
  5. Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework [NIST CSRC]
  6. How spammers use Google services [Maria Vergelis, Kaspersky Daily]
  7. Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds [Catalin Cimpanu, Zero Day]
    - Primary advisory: Update Regarding Vulnerability Recently Discovered In Komodo’s Agama Wallet
  8. Google open sources Private Join and Compute, a tool for sharing confidential data sets [Natalie Gagliordi, Zero Day]
  9. Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness [Mark Simos, Kristina Laidler and John Dellinger; Microsoft Security]
  10. Microsoft warns about email spam campaign abusing Office vulnerability [Catalin Cimpanu, Zero Day]
  11. TCP SACK PANIC – Kernel vulnerabilities – CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 [Red Hat]
    - CVE-2019-11477
  12. The catch-22 that broke the Internet [Brian Barrett, Wired]