E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 51/19

Roderick Mooi

  1. A decade of hacking: The most notable cyber-security events of the 2010s [Catalin Cimpanu, Zero Day]
  2. The quiet evolution of phishing [Office 365 Threat Research Team, Microsoft]
  3. Latest Microsoft Update Patches New Windows 0-Day Under Active Attack [Swati Khandelwal, The Hacker News]
  4. How South Africa will fight DDoS attacks in 2020 [Jamie McKane, MyBroadband]
  5. The Great $50M African IP Address Heist [Brian Krebs, Krebs on Security]
  6. The VPN is dying, long live zero trust [Neal Weinberg, Network World]
  7. 5 Reasons Why Programmers Should Think like Hackers [The Hacker News]
  8. SQL Murder Mystery [Joon Park, Cathy He and Joe Germuska, Northwestern University Knight Lab]

Infosec bits for week 49/19

Roderick Mooi

  1. Charting Your Course: Cyber Security Governance [National Cyber Security Centre – New Zealand]
    - “The steps outlined in Charting Your Course define the principles of a cyber security programme and help to focus engagement between senior leadership and security practitioners.”
  2. NIST Developing Hardware Security Guidelines for Enterprises [Dennis Fisher, Duo Security] – new draft guidance on supply chain security
    - find it here: Validating the Integrity of Servers and Client Devices
  3. SQL Injection Errors No Longer the Top Software Security Issue [Jai Vijayan, Dark Reading]
    - 2019 CWE Top 25 Most Dangerous Software Errors
    - see also: Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications
  4. OUCH! Newsletter: Messaging / Smishing Attacks [Jen Fox]
  5. Incident Response Casefile – A successful BEC leveraging lookalike domains [Matan Ben David, Check Point Research]
  6. Fundamentals of Cross Domain Solutions [Australian Cyber Security Centre]
  7. Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data [Catalin Cimpanu, Zero Day]
    - see also: Keeping your account safe from malicious activity
  8. Alert (AA19-339A) – Dridex Malware [US Cybersecurity and Infrastructure Security Agency]
  9. New Disney Plus Streaming Service Hit By Credential Stuffing Cyber Attack [Nicole Lindsey, CPO Magazine / Data Privacy Asia]
  10. Avast Online Security and Avast Secure Browser are spying on you [Wladimir Palant]
  11. Lessons learned from playing a willing phish [Jan Kopriva, SANS ISC]

Infosec bits for week 48/19

Roderick Mooi

  1. Cyber Security Challenge 2019: Qualifying Teams [SANReN]
    - Our champions will compete head-to-head at the CHPC conference next week in an attack/defend contest and solving various CTF challenges
  2. Black Friday Shopping: Protect Your Identity [CISA]
  3. PN-G [schools district] pays ransom to regain access to district files [Isaac Windes, Beaumont Enterprise / Hearst Newspapers]
  4. Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak [Tara Seals, Threatpost]
    - see also: Data Enrichment Industry Responsible for a Massive Data Leak Affecting 1.2 Billion Individuals
  5. ICANN races towards regulatory capture: the great .ORG heist [Sam Klein, SJ’s Lingest Now]
  6. Twitter will finally let users disable SMS as default 2FA method [Catalin Cimpanu, Zero Day]
  7. Lights That Warn Planes of Obstacles Were Exposed to Open Internet [Joseph Cox, Motherboard / VICE]
  8. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers [Andy Greenberg (book)]
  9. Russia bans sale of gadgets without Russian-made software [BBC News]
  10. Local Malware Analysis with Malice [Guy Bruneau, SANS]

Infosec bits for week 47/19

Roderick Mooi

  1. Give Me Security, Give Me Convenience, or Give Me Both! [Joe Galanek, EDUCAUSE]
    - see also: Education before Regulation: Empowering Students to Question Their Data Privacy
  2. Ransomware forces New Mexico school district to scrub 30,000 devices [Colin Wood, Scoop News Group]
  3. Major ASP.NET hosting provider infected by ransomware [Catalin Cimpanu, Zero Day]
  4. Who Do You Believe? Conflicting Stories About Pemex Ransomware Attack Impacts [Bruce Sussman, SecureWorld / Seguro Group]
    - see also: Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
  5. Google Enlists Outside Help to Clean Up Android’s Malware Mess [Lily Hay Newman, WIRED / Condé Nast]
    - see also: The App Defense Alliance: Bringing the security industry together to fight bad apps
  6. Microsoft vows to ‘honor’ California’s sweeping privacy law across entire US [Makena Kelly, The Verge / Vox Media]
  7. Amazon fixes Ring Video Doorbell wi-fi security vulnerability [Danny Palmer, Zero Day]
  8. Trend Micro hit with insider attack [Doug Olenick, SC Magazine / CyberRisk Alliance]
  9. Google: You can trust us with the medical data you didn’t know we already had [Updated] [Jon Brodkin, Ars Technica / Condé Nast]
  10. OUCH! Newsletter: Shopping Online Securely [Lenny Zeltser (guest editor), SANS Security Awareness]
  11. The Way America Votes Is Broken. In One Rural County, a Nonprofit Showed a Way Forward. [Jessica Huseman, ProPublica]

Infosec bits for week 45/19

Roderick Mooi

  1. Over 500 US schools were hit by ransomware in 2019 [Catalin Cimpanu, Zero Day]
    - see also: At least 13 managed service providers were used to push ransomware this year
  2. Utah renewables company was hit by rare cyberattack in March [Sean Lyngaas, Scoop News Group]
  3. Office 365 Users Targeted by Voicemail Scam Pages [Oliver Devane and Rafael Pena, McAfee]
  4. Thousands of QNAP NAS devices have been infected with the QSnatch malware [Catalin Cimpanu, Zero Day]
  5. First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild [Mohit Kumar, The Hacker News]
  6. Google promises to replace Home devices bricked by flawed firmware update [Charlie Osborne, Zero Day]
  7. Episode 165: Oh, Canada! Independent Security Researchers Feel the Chill Up North [Paul Roberts, The Security Ledger]
  8. Five months after returning rental car, man still has remote control [Dan Goodin, Ars Technica / Condé Nast]
    - see also: The perils of security and how I finally resolved my Amazon fraud
  9. MESSAGETAP: Who’s Reading Your Text Messages? [Raymond Leong, Dan Perez and Tyler Dean, FireEye Mandiant]
  10. The Ransomware Superhero of Normal, Illinois [Benjamin Marra, ProPublica]

Infosec bits for week 44/19

Roderick Mooi

  1. City of Joburg shuts down all systems after cyber attack demanding bitcoin ransom [Riaan Grobler, News24]
    - see also: City of Johannesburg held for ransom by hacker gang
  2. Liquid Telecom fights off massive DDoS attack — over 100Gbps [Jan Vermeulen, MyBroadband]
    - see also: South African banks hit by massive DDoS attack
  3. EDUCAUSE 2019: In OmniSOC, Colleges Build a Stronger Defense, Together [Amy Burroughs, EdTech Magazine]
  4. German Automation Giant Still Down After Ransomware Attack [Phil Muncaster, Infosecurity Magazine]
    - see also: Italians Rocked by Ransomware
  5. DNS Security: Threat Modeling DNSSEC, DoT, and DoH [JSchauma, Netmeister]
  6. Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone [BBC News]
    - see also: Samsung will begin patching fingerprint scanner security flaw within 24 hours
  7. “BriansClub” Hack Rescues 26M Stolen Cards [Brian Krebs, Krebs on Security]
  8. Cyber War Between Iran and United States Could Have Far-Reaching Implications [Nicole Lindsey, CPO Magazine]
  9. Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs [Kelly Sheridan, Dark Reading]
  10. Your Supply Chain Doesn’t End At Receiving: How Do You Decommission Network Equipment? [Johannes B. Ullrich, SANS ISC]
  11. The US nuclear forces’ Dr. Strangelove-era messaging system finally got rid of its floppy disks [Valerie Insinna, C4ISRNET]