C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F
-
Dutch university paid $220,000 ransom to hackers after Christmas attack [Graham Cluley]
- see also: TA505 Hackers Behind Maastricht University Ransomware Attack
- and: Response of Maastricht University to FOX-IT report
-
Denver’s Regis University paid ransom to “malicious actors” behind campus cyberattack [Elizabeth Hernandez, The Denver Post]
- and at least one with a slightly more positive spin: A week on from the cyber attack, Dundee and Angus College has made excellent progress in re-establishing business as normal.
-
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events [NIST NCCoE]
-
Battling online coronavirus scams with facts [David Ruiz, Malwarebytes Labs]
-
Cybersecurity in 2020: From secure code to defense in depth [Eric Knorr, CSO / IDG Communications]
-
The future of DNS security: From extremes to a new equilibrium [Mirko Zorz, Help Net Security]
-
Protecting Organizations from Customized Phishing Attacks [Alethe Denis (guest author), Tripwire]
-
Cisco Patches Critical CDP Flaws Affecting Millions of Devices [Sergiu Gatlan, Bleeping Computer]
-
Unit 42 CTR: Leaked Code from Docker Registries [Jay Chen, Palo Alto Networks]
-
RobbinHood – the ransomware that brings its own bug [Paul Ducklin, Sophos]
-
Safer Internet Day [CISA]
- see also: Social Robots Teach Cyber Safety
-
The intelligence coup of the century [Greg Miller, The Washington Post]
-
Ransomware attacks are causing more downtime than ever before [Danny Palmer, Zero Day]
-
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events [NIST National Cybersecurity Center of Excellence (NCCoE)]
-
New web service can notify companies when their employees get phished [Catalin Cimpanu, Zero Day]
-
How to protect your privacy from Facebook [Steven J. Vaughan-Nichols, Zero Day]
-
Cybersecurity: A guide for parents to keep kids safe online [Charlie Osborne, Zero Day]
-
Microsoft discloses security breach of customer support database [Catalin Cimpanu, Zero Day]
-
Travelex recovering from ransomware, but more firms at risk of VPN exploit [Bradley Barth, SC News / CyberRisk Alliance]
-
ProtonVPN apps handed to open source community in transparency push [Charlie Osborne, Zero Day]
-
Self-driving cars: The hunt for security flaws steps up a gear [Daphne Leprince-Ringuet, Zero Day]
-
Network Security Perspective on Coronavirus Preparedness [Johannes B. Ullrich, SANS ISC]
-
Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats [Stephen Hilt et al, Trend Micro research]
-
University Hit by Ransomware, Almost All Windows Systems Compromised [Bogdan Popa, SoftNews]
- see also: Cyber attack – a summary
-
Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following ‘cyber attack’ [Shaun Nichols, The Register]
- see also: University of Giessen offline for security reasons
- and: Open letter of Justus Liebig University Giessen
-
Proof-of-concept exploits published for the Microsoft-NSA crypto bug [Catalin Cimpanu, Zero Day]
- see also: Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
- and: Microsoft Patch Tuesday crypt32.dll Vulnerability Overview
-
Another reason to hurry with Windows server patches: A new RDP vulnerability [Sean Gallagher, Ars Technica]
-
Windows 7 end of life: Security risks and what you should do next [Danny Palmer, Zero Day]
- see also: How To Restrict Internet Access Using Group Policy
-
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up [Brian Krebs, Krebs on Security]
- see also: Sodinokibi Ransomware Publishes Stolen Data for the First Time
-
From DNS hijacking to domain fronting – SANS security pros offer retrospective on 2019 threat predictions [Emma Woollacott, The Daily Swig/PortSwigger]
-
Cyber security world first as unique guide is launched [UK NCSC]
- Get it here: www.cybok.org/resources/
-
Are universities prepared for cyberattacks? [Study International]
-
Former Twitter CISO shares his advice for IT security hiring and cybersecurity [Bill Dewiler, Zero Day]
-
OUT OF CONTROL – How consumers are exploited by the online advertising industry (from: https://www.forbrukerradet.no/out-of-control/) [Forbrukerrådet]
-
Give Me Security, Give Me Convenience, or Give Me Both! [Joe Galanek, EDUCAUSE]
- see also: Education before Regulation: Empowering Students to Question Their Data Privacy
-
Ransomware forces New Mexico school district to scrub 30,000 devices [Colin Wood, Scoop News Group]
-
Major ASP.NET hosting provider infected by ransomware [Catalin Cimpanu, Zero Day]
-
Who Do You Believe? Conflicting Stories About Pemex Ransomware Attack Impacts [Bruce Sussman, SecureWorld / Seguro Group]
- see also: Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
-
Google Enlists Outside Help to Clean Up Android’s Malware Mess [Lily Hay Newman, WIRED / Condé Nast]
- see also: The App Defense Alliance: Bringing the security industry together to fight bad apps
-
Microsoft vows to ‘honor’ California’s sweeping privacy law across entire US [Makena Kelly, The Verge / Vox Media]
-
Amazon fixes Ring Video Doorbell wi-fi security vulnerability [Danny Palmer, Zero Day]
-
Trend Micro hit with insider attack [Doug Olenick, SC Magazine / CyberRisk Alliance]
-
Google: You can trust us with the medical data you didn’t know we already had [Updated] [Jon Brodkin, Ars Technica / Condé Nast]
-
OUCH! Newsletter: Shopping Online Securely [Lenny Zeltser (guest editor), SANS Security Awareness]
-
The Way America Votes Is Broken. In One Rural County, a Nonprofit Showed a Way Forward. [Jessica Huseman, ProPublica]
-
Over 500 US schools were hit by ransomware in 2019 [Catalin Cimpanu, Zero Day]
- see also: At least 13 managed service providers were used to push ransomware this year
-
Utah renewables company was hit by rare cyberattack in March [Sean Lyngaas, Scoop News Group]
-
Office 365 Users Targeted by Voicemail Scam Pages [Oliver Devane and Rafael Pena, McAfee]
-
Thousands of QNAP NAS devices have been infected with the QSnatch malware [Catalin Cimpanu, Zero Day]
-
First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild [Mohit Kumar, The Hacker News]
-
Google promises to replace Home devices bricked by flawed firmware update [Charlie Osborne, Zero Day]
-
Episode 165: Oh, Canada! Independent Security Researchers Feel the Chill Up North [Paul Roberts, The Security Ledger]
-
Five months after returning rental car, man still has remote control [Dan Goodin, Ars Technica / Condé Nast]
- see also: The perils of security and how I finally resolved my Amazon fraud
-
MESSAGETAP: Who’s Reading Your Text Messages? [Raymond Leong, Dan Perez and Tyler Dean, FireEye Mandiant]
-
The Ransomware Superhero of Normal, Illinois [Benjamin Marra, ProPublica]
-
City of Joburg shuts down all systems after cyber attack demanding bitcoin ransom [Riaan Grobler, News24]
- see also: City of Johannesburg held for ransom by hacker gang
-
Liquid Telecom fights off massive DDoS attack — over 100Gbps [Jan Vermeulen, MyBroadband]
- see also: South African banks hit by massive DDoS attack
-
EDUCAUSE 2019: In OmniSOC, Colleges Build a Stronger Defense, Together [Amy Burroughs, EdTech Magazine]
-
German Automation Giant Still Down After Ransomware Attack [Phil Muncaster, Infosecurity Magazine]
- see also: Italians Rocked by Ransomware
-
DNS Security: Threat Modeling DNSSEC, DoT, and DoH [JSchauma, Netmeister]
-
Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone [BBC News]
- see also: Samsung will begin patching fingerprint scanner security flaw within 24 hours
-
“BriansClub” Hack Rescues 26M Stolen Cards [Brian Krebs, Krebs on Security]
-
Cyber War Between Iran and United States Could Have Far-Reaching Implications [Nicole Lindsey, CPO Magazine]
-
Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs [Kelly Sheridan, Dark Reading]
-
Your Supply Chain Doesn’t End At Receiving: How Do You Decommission Network Equipment? [Johannes B. Ullrich, SANS ISC]
-
The US nuclear forces’ Dr. Strangelove-era messaging system finally got rid of its floppy disks [Valerie Insinna, C4ISRNET]