E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 08/20

Roderick Mooi

  1. Cyber Fitness Takes More Than a Gym Membership & a Crash Diet [Ryan Weeks (Datto CISO), DarkReading/Informa PLC]
  2. Why you can’t bank on backups to fight ransomware anymore [Sean Gallagher, Ars Technica/Condé Nast]
    - see also: How to Protect Your Networks from Ransomware
  3. Three Italian universities hacked by LulzSec_ITA collective [Pierluigi Paganini (ENISA), Security Affairs]
  4. Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world [Catalin Cimpanu, Zero Day]
  5. Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations [Robert Falcone, Palo Alto Networks]
  6. 37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept [Risk Based Security]
  7. Nedbank says 1.7 million customers impacted by breach at third-party provider [Catalin Cimpanu, Zero Day]
    - see also: The Southern African Fraud Prevention Service (especially if you were impacted)
  8. Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers [Eclypsium]
  9. OpenSSH FIDO/U2F Support (search for: “FIDO/U2F Support”)
  10. Encoding Stolen Credit Card Data on Barcodes [Brian Krebs]
  11. Sale of corp.com can expose corporate data [Fahmida Y. Rashid, Duo Security]
  12. Martin and Dorothie Hellman on Love, Crypto & Saving the World [Sara Peters, Dark Reading / Informa PLC]

Infosec bits for week 07/20

Roderick Mooi

  1. Dutch university paid $220,000 ransom to hackers after Christmas attack [Graham Cluley]
    - see also: TA505 Hackers Behind Maastricht University Ransomware Attack
    - and: Response of Maastricht University to FOX-IT report
  2. Denver’s Regis University paid ransom to “malicious actors” behind campus cyberattack [Elizabeth Hernandez, The Denver Post]
    - and at least one with a slightly more positive spin: A week on from the cyber attack, Dundee and Angus College has made excellent progress in re-establishing business as normal.
  3. Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events [NIST NCCoE]
  4. Battling online coronavirus scams with facts [David Ruiz, Malwarebytes Labs]
  5. Cybersecurity in 2020: From secure code to defense in depth [Eric Knorr, CSO / IDG Communications]
  6. The future of DNS security: From extremes to a new equilibrium [Mirko Zorz, Help Net Security]
  7. Protecting Organizations from Customized Phishing Attacks [Alethe Denis (guest author), Tripwire]
  8. Cisco Patches Critical CDP Flaws Affecting Millions of Devices [Sergiu Gatlan, Bleeping Computer]
  9. Unit 42 CTR: Leaked Code from Docker Registries [Jay Chen, Palo Alto Networks]
  10. RobbinHood – the ransomware that brings its own bug [Paul Ducklin, Sophos]
  11. Safer Internet Day [CISA]
    - see also: Social Robots Teach Cyber Safety
  12. The intelligence coup of the century [Greg Miller, The Washington Post]

Infosec bits for week 05/20

Roderick Mooi

  1. Ransomware attacks are causing more downtime than ever before [Danny Palmer, Zero Day]
  2. Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events [NIST National Cybersecurity Center of Excellence (NCCoE)]
  3. New web service can notify companies when their employees get phished [Catalin Cimpanu, Zero Day]
  4. How to protect your privacy from Facebook [Steven J. Vaughan-Nichols, Zero Day]
  5. Cybersecurity: A guide for parents to keep kids safe online [Charlie Osborne, Zero Day]
  6. Microsoft discloses security breach of customer support database [Catalin Cimpanu, Zero Day]
  7. Travelex recovering from ransomware, but more firms at risk of VPN exploit [Bradley Barth, SC News / CyberRisk Alliance]
  8. ProtonVPN apps handed to open source community in transparency push [Charlie Osborne, Zero Day]
  9. Self-driving cars: The hunt for security flaws steps up a gear [Daphne Leprince-Ringuet, Zero Day]
  10. Network Security Perspective on Coronavirus Preparedness [Johannes B. Ullrich, SANS ISC]
  11. Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats [Stephen Hilt et al, Trend Micro research]

Infosec bits for week 04/20

Roderick Mooi

  1. University Hit by Ransomware, Almost All Windows Systems Compromised [Bogdan Popa, SoftNews]
    - see also: Cyber attack – a summary
  2. Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following ‘cyber attack’ [Shaun Nichols, The Register]
    - see also: University of Giessen offline for security reasons
    - and: Open letter of Justus Liebig University Giessen
  3. Proof-of-concept exploits published for the Microsoft-NSA crypto bug [Catalin Cimpanu, Zero Day]
    - see also: Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
    - and: Microsoft Patch Tuesday crypt32.dll Vulnerability Overview
  4. Another reason to hurry with Windows server patches: A new RDP vulnerability [Sean Gallagher, Ars Technica]
  5. Windows 7 end of life: Security risks and what you should do next [Danny Palmer, Zero Day]
    - see also: How To Restrict Internet Access Using Group Policy
  6. Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up [Brian Krebs, Krebs on Security]
    - see also: Sodinokibi Ransomware Publishes Stolen Data for the First Time
  7. From DNS hijacking to domain fronting – SANS security pros offer retrospective on 2019 threat predictions [Emma Woollacott, The Daily Swig/PortSwigger]
  8. Cyber security world first as unique guide is launched [UK NCSC]
    - Get it here: www.cybok.org/resources/
  9. Are universities prepared for cyberattacks? [Study International]
  10. Former Twitter CISO shares his advice for IT security hiring and cybersecurity [Bill Dewiler, Zero Day]
  11. OUT OF CONTROL – How consumers are exploited by the online advertising industry (from: https://www.forbrukerradet.no/out-of-control/) [Forbrukerrådet]

Infosec bits for week 51/19

Roderick Mooi

  1. A decade of hacking: The most notable cyber-security events of the 2010s [Catalin Cimpanu, Zero Day]
  2. The quiet evolution of phishing [Office 365 Threat Research Team, Microsoft]
  3. Latest Microsoft Update Patches New Windows 0-Day Under Active Attack [Swati Khandelwal, The Hacker News]
  4. How South Africa will fight DDoS attacks in 2020 [Jamie McKane, MyBroadband]
  5. The Great $50M African IP Address Heist [Brian Krebs, Krebs on Security]
  6. The VPN is dying, long live zero trust [Neal Weinberg, Network World]
  7. 5 Reasons Why Programmers Should Think like Hackers [The Hacker News]
  8. SQL Murder Mystery [Joon Park, Cathy He and Joe Germuska, Northwestern University Knight Lab]

Infosec bits for week 49/19

Roderick Mooi

  1. Charting Your Course: Cyber Security Governance [National Cyber Security Centre – New Zealand]
    - “The steps outlined in Charting Your Course define the principles of a cyber security programme and help to focus engagement between senior leadership and security practitioners.”
  2. NIST Developing Hardware Security Guidelines for Enterprises [Dennis Fisher, Duo Security] – new draft guidance on supply chain security
    - find it here: Validating the Integrity of Servers and Client Devices
  3. SQL Injection Errors No Longer the Top Software Security Issue [Jai Vijayan, Dark Reading]
    - 2019 CWE Top 25 Most Dangerous Software Errors
    - see also: Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications
  4. OUCH! Newsletter: Messaging / Smishing Attacks [Jen Fox]
  5. Incident Response Casefile – A successful BEC leveraging lookalike domains [Matan Ben David, Check Point Research]
  6. Fundamentals of Cross Domain Solutions [Australian Cyber Security Centre]
  7. Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data [Catalin Cimpanu, Zero Day]
    - see also: Keeping your account safe from malicious activity
  8. Alert (AA19-339A) – Dridex Malware [US Cybersecurity and Infrastructure Security Agency]
  9. New Disney Plus Streaming Service Hit By Credential Stuffing Cyber Attack [Nicole Lindsey, CPO Magazine / Data Privacy Asia]
  10. Avast Online Security and Avast Secure Browser are spying on you [Wladimir Palant]
  11. Lessons learned from playing a willing phish [Jan Kopriva, SANS ISC]

Infosec bits for week 48/19

Roderick Mooi

  1. Cyber Security Challenge 2019: Qualifying Teams [SANReN]
    - Our champions will compete head-to-head at the CHPC conference next week in an attack/defend contest and solving various CTF challenges
  2. Black Friday Shopping: Protect Your Identity [CISA]
  3. PN-G [schools district] pays ransom to regain access to district files [Isaac Windes, Beaumont Enterprise / Hearst Newspapers]
  4. Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak [Tara Seals, Threatpost]
    - see also: Data Enrichment Industry Responsible for a Massive Data Leak Affecting 1.2 Billion Individuals
  5. ICANN races towards regulatory capture: the great .ORG heist [Sam Klein, SJ’s Lingest Now]
  6. Twitter will finally let users disable SMS as default 2FA method [Catalin Cimpanu, Zero Day]
  7. Lights That Warn Planes of Obstacles Were Exposed to Open Internet [Joseph Cox, Motherboard / VICE]
  8. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers [Andy Greenberg (book)]
  9. Russia bans sale of gadgets without Russian-made software [BBC News]
  10. Local Malware Analysis with Malice [Guy Bruneau, SANS]

Infosec bits for week 47/19

Roderick Mooi

  1. Give Me Security, Give Me Convenience, or Give Me Both! [Joe Galanek, EDUCAUSE]
    - see also: Education before Regulation: Empowering Students to Question Their Data Privacy
  2. Ransomware forces New Mexico school district to scrub 30,000 devices [Colin Wood, Scoop News Group]
  3. Major ASP.NET hosting provider infected by ransomware [Catalin Cimpanu, Zero Day]
  4. Who Do You Believe? Conflicting Stories About Pemex Ransomware Attack Impacts [Bruce Sussman, SecureWorld / Seguro Group]
    - see also: Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
  5. Google Enlists Outside Help to Clean Up Android’s Malware Mess [Lily Hay Newman, WIRED / Condé Nast]
    - see also: The App Defense Alliance: Bringing the security industry together to fight bad apps
  6. Microsoft vows to ‘honor’ California’s sweeping privacy law across entire US [Makena Kelly, The Verge / Vox Media]
  7. Amazon fixes Ring Video Doorbell wi-fi security vulnerability [Danny Palmer, Zero Day]
  8. Trend Micro hit with insider attack [Doug Olenick, SC Magazine / CyberRisk Alliance]
  9. Google: You can trust us with the medical data you didn’t know we already had [Updated] [Jon Brodkin, Ars Technica / Condé Nast]
  10. OUCH! Newsletter: Shopping Online Securely [Lenny Zeltser (guest editor), SANS Security Awareness]
  11. The Way America Votes Is Broken. In One Rural County, a Nonprofit Showed a Way Forward. [Jessica Huseman, ProPublica]

Infosec bits for week 45/19

Roderick Mooi

  1. Over 500 US schools were hit by ransomware in 2019 [Catalin Cimpanu, Zero Day]
    - see also: At least 13 managed service providers were used to push ransomware this year
  2. Utah renewables company was hit by rare cyberattack in March [Sean Lyngaas, Scoop News Group]
  3. Office 365 Users Targeted by Voicemail Scam Pages [Oliver Devane and Rafael Pena, McAfee]
  4. Thousands of QNAP NAS devices have been infected with the QSnatch malware [Catalin Cimpanu, Zero Day]
  5. First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild [Mohit Kumar, The Hacker News]
  6. Google promises to replace Home devices bricked by flawed firmware update [Charlie Osborne, Zero Day]
  7. Episode 165: Oh, Canada! Independent Security Researchers Feel the Chill Up North [Paul Roberts, The Security Ledger]
  8. Five months after returning rental car, man still has remote control [Dan Goodin, Ars Technica / Condé Nast]
    - see also: The perils of security and how I finally resolved my Amazon fraud
  9. MESSAGETAP: Who’s Reading Your Text Messages? [Raymond Leong, Dan Perez and Tyler Dean, FireEye Mandiant]
  10. The Ransomware Superhero of Normal, Illinois [Benjamin Marra, ProPublica]

Infosec bits for week 44/19

Roderick Mooi

  1. City of Joburg shuts down all systems after cyber attack demanding bitcoin ransom [Riaan Grobler, News24]
    - see also: City of Johannesburg held for ransom by hacker gang
  2. Liquid Telecom fights off massive DDoS attack — over 100Gbps [Jan Vermeulen, MyBroadband]
    - see also: South African banks hit by massive DDoS attack
  3. EDUCAUSE 2019: In OmniSOC, Colleges Build a Stronger Defense, Together [Amy Burroughs, EdTech Magazine]
  4. German Automation Giant Still Down After Ransomware Attack [Phil Muncaster, Infosecurity Magazine]
    - see also: Italians Rocked by Ransomware
  5. DNS Security: Threat Modeling DNSSEC, DoT, and DoH [JSchauma, Netmeister]
  6. Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone [BBC News]
    - see also: Samsung will begin patching fingerprint scanner security flaw within 24 hours
  7. “BriansClub” Hack Rescues 26M Stolen Cards [Brian Krebs, Krebs on Security]
  8. Cyber War Between Iran and United States Could Have Far-Reaching Implications [Nicole Lindsey, CPO Magazine]
  9. Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs [Kelly Sheridan, Dark Reading]
  10. Your Supply Chain Doesn’t End At Receiving: How Do You Decommission Network Equipment? [Johannes B. Ullrich, SANS ISC]
  11. The US nuclear forces’ Dr. Strangelove-era messaging system finally got rid of its floppy disks [Valerie Insinna, C4ISRNET]