E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 20/20

Roderick Mooi

  1. Ruhr University Bochum shuts down servers after ransomware attack [Sergiu Gatlan, Bleeping Computer]
  2. Pandemic Could Accelerate Passwordless Authentication [Steve Zurier, Dark Reading / Informa]
    - see also: 5 common password mistakes you should avoid
    - and: Protect your accounts with smarter ways to sign in on World Passwordless Day
  3. Apple, Google push makers of coronavirus apps not to record user location [David Ingram, NBC News]
  4. Zoom acquires Keybase to beef up encryption, ease security questions [Jeff Stone, Cyberscoop / Scoop News Group]
  5. Cyber Subterfuge and Curious Sharks Threaten the World’s Subsea Fiber-Optic Cables [Alison Diana, Dark Reading / Informa]
  6. Maze Ransomware and its Various Campaigns Continue to Threaten the Cyber World – E Hacking News [Rootdaemon]
    - see also: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
  7. Microsoft and Intel project converts malware into images before analyzing it [Catalin Cimpanu, Zero Day]
  8. GitHub Code Scanning aims to prevent vulnerabilities in open source software [Zeljka Zorz, Help Net Security]
  9. 6 common container security mistakes to avoid [Bob Violino, CSO / IDG Communications]
  10. Build a Culture of Holistic Risk Awareness Throughout Your Workforce [Michelle Greenlee, Security Intelligence / IBM]
  11. The 4 Stages to a Successful Vulnerability Management Program [Mitch Parker, Tripwire]
  12. For 8 years, a hacker operated a massive IoT botnet just to download Anime videos [Catalin Cimpanu, Zero Day]

Infosec bits for week 19/20

Roderick Mooi

  1. Resource Guide for Cybersecurity During the COVID-19 Pandemic [Center for Internet Security]
    - see also: Privacy Preserving Protocols to Trace Covid19 Exposure
    - and: Cyber volunteers release blocklists for 26,000 COVID-19 threats
  2. Learning from Home While School’s Out: Cybersecurity Education for Kids [Greg Herbold and Kim Yohannan, Palo Alto Networks]
    - see also: Cybersecurity Lab – highly recommended for kids Gr8-12
    - PBS Kids Cyberchase – for the younger ones
    - Cyber School – Free to attend, live & online cyber security school for school pupils around the world
    - KnowBe4 Children’s Interactive Cybersecurity Activity Kit – offline activity books
  3. Nearly a Million WP Sites Targeted in Large-Scale Attacks [Ram Gall , Wordfence]
    - see also: Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
  4. Convincing Office 365 phishing uses fake Microsoft Teams alerts [Sergiu Gatlan, Bleeping Computer]
    - original report: Abnormal Attack Stories: Microsoft Teams Impersonation
  5. Cisco Webex phishing uses fake cert errors to steal credentials [Sergiu Gatlan, Bleeping Computer]
  6. LockBit, the new ransomware for hire: A sad and cautionary tale [Dan Goodin, Ars Technica / Condé Nast]
  7. Hackers exploit Salt RCE bugs in widespread attacks, PoCs public [Ionut Ilascu, Bleeping Computer]
    - see also: Search provider Algolia discloses security incident due to Salt vulnerability
  8. What to do when you receive an extortion email [Thomas Reed, Malwarebytes]
  9. Can you trust attachments with unfamiliar extensions? [Zeljka Zorz, Help Net Security]
  10. Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use [Thomas Brewster, Forbes]
  11. Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 [Catalin Cimpanu, Zero Day]
  12. Windows 7 end-of-life security mitigation [John Zage, Trusted CI]
  13. The Shadowserver Foundation Threat Report: A Spotlight on Africa [Shadowserver]
  14. Mobile as Attack Vector Using MDM [Aviran Hazum et al, Check Point Research]
  15. Honeysploit: Exploiting the Exploiters [Curtis Brazzell, Medium]
    - see also: Professional data leakage: How did that security vendor get my personal data?

Infosec bits for week 18/20

Roderick Mooi

  1. COVID-19 Security Resource Library [Stay Safe Online / NCSA]
    - see also: How to avoid a coronavirus scam
  2. Consumers benefit as video call vendors scramble to revamp security in a COVID-19 world [Charlie Osborne, Zero Day]
  3. Contact-Tracing Apps Must Respect Privacy, Scientists Warn [Mathew J. Schwartz, Information Security Media Group]
  4. Cybersecurity Prep for the 2020s [Dave Meltzer, Dark Reading / Informa Tech]
    - see also: 10 ways to get more from your security budget
    - and: The Key to Successfully Managing Cyber Risk: Speed
  5. Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk [Threat Protection Intelligence Team, Microsoft]
    - see also: Phishing kit prices skyrocketed in 2019 by 149%
  6. The Windows 10 security guide: How to protect your business [Ed Bott, The Ed Bott Report / Zero Day]
  7. The Evolution of AppSec: Past, Present and Future [Veracode / IDG Communications]
  8. Hackers selling 267 million Facebook records on hacker forum [Waqas / HackRead]
  9. Warwick University was hacked and kept breach secret from students and staff [Alexander Martin, Sky News]
  10. The missing MITRE ATT&CK matrix for Linux cloud servers [Intezer]
  11. Taiwan High-Tech Ecosystem Targeted by Foreign APT Group [CyCraft Technology Corp, Medium]
  12. Mastering Communication in Cyber Intelligence Activities: A Concise User Guide [Boris Giannetto and Pierluigi Paganini, Security Affairs]

Infosec bits for week 16/20

Roderick Mooi

  1. 17 New US School Districts and Colleges Compromised by Ransomware, a Total of 94 in the Past 15 Months [Armor]
    - see also: Backup or Disaster Recovery for Protection Against Ransomware?
  2. COVID-19 Exploited by Malicious Cyber Actors [CISA / US DHS]
    - see also: CERT-GIB: Phishers prefer Tesla, top 3 malware strains in COVID-19 phishing campaigns, and pandemic-related dilemmas faced by hacker underground
  3. ZOMG it’s ZOOM [Mick Douglas, SANS Webcasts]
    - see also: The Facts Around Zoom and Encryption for Meetings/Webinars
    - and: Zoom removes meeting IDs from app title bar to improve privacy
  4. New Phishing Campaign Spoofs WebEx to Target Remote Workers [Ashley Tran, Cofense]
  5. Mass school closures in the wake of the coronavirus are driving a new wave of student surveillance [Drew Harwell, The Washington Post]
  6. NASA sees an “exponential” jump in malware attacks as personnel work from home [Dan Goodin, Ars Technica / Condé Nast]
  7. Introducing New SANS 3MinMax Series with Certified Instructor Kevin Ripa [Kevin Ripa, SANS]
  8. Introducing our new book “Building Secure and Reliable Systems” [Royal Hansen, Google]
    - get it here: landing.google.com/sre/books/
  9. A client-side perspective on web security [Edward Amoroso (TAG Cyber) and Aanand Krishnan (Tala Security), Help Net Security]
  10. Microsoft and Google postpone insecure authentication removal [Sergiu Gatlan, Bleeping Computer]
  11. Debunking Myths about Quantum Cryptography [John Prisco, Quantum Xchange / Infosecurity Magazine]
  12. Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations [Lawrence Abrams, Bleeping Computer]

Infosec bits for week 15/20

Roderick Mooi

  1. Brace for more cybercrime as you work from home, experts warn [Carin Smith, fin24]
  2. Distributed disruption: Coronavirus multiplies the risk of severe cyberattacks [Marc Wilczek, Link11 / Help Net Security]
    - see also: Catching the Virus Cybercrime, Disinformation and the COVID-19 Pandemic
  3. Microsoft: How one Emotet infection took out this organization’s entire network [Liam Tung, Zero Day]
    - see also: This Is Not Your Father’s Ransomware
    - and: 5 Ways Enterprises Inadvertently Compromise Their Network Security
  4. Threat actor selling access to a Canadian university’s domain [Howard Solomon, IT World Canada]
    - see also: University of Warwick hiding data security risks from students and staff
  5. This is how you deal with route leaks [Radar by Qrator]
    - see also: Not just another BGP Hijack
    - and: Internet Society Expands Program for Secure Internet Routing Framework
  6. Zoom banned from New York City schools due to privacy and security flaws [Ainsley Harris, Fast Company / Mansueto Ventures]
    - see also: How to block ‘Zoom bombing’ in higher ed
    - and: The internet is now rife with places where you can organize Zoom-bombing raids
    - and Move Fast and Roll Your Own Crypto
    - and: ‘War Dialing’ Tool Exposes Zoom’s Password Problems
  7. Top Email Protections Fail in Latest COVID-19 Phishing Campaign [Elizabeth Montalbano, Threatpost]
    - see also: Threat Actors Evade Proofpoint and Microsoft 365 ATP Protection to Capitalize on COVID-19 Fears
    - and: Why Humans Are Phishing’s Weakest Link
  8. Active Directory Attacks Hit the Mainstream [Jason Crabtree, Dark Reading]
    - see also: Kerberos Tickets on Linux Red Teams
  9. NATO Report Warns of New Authoritarian Chinese Splinternet [Phil Muncaster, Infosecurity Magazine / Reed Exhibitions]
  10. The Zero Trust Learning Curve: Deploying Zero Trust One Step at a Time [John Kindervag, Palo Alto Networks]
    - see also: Implementing a Zero Trust Architecture
    - and: Take the Zero Trust Assessment and see where you are in your journey
  11. Offense and Defense – A Tale of Two Sides: Bypass UAC [Anthony Giandomenico, Fortinet]

Infosec bits for week 14/20

Roderick Mooi

  1. The Internet is drowning in COVID-19-related malware and phishing scams [Dan Goodin, Ars Technica / Condé Nast]
    - see also: Fighting Coronavirus-Themed Ransomware and Malware
    - Phishing Attack Says You’re Exposed to Coronavirus, Spreads Malware
    - Fake Corona Antivirus Software Used to Install Backdoor Malware
    - CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware
    - coronavirus-covid-19-SARS-CoV-2-IoCs
  2. Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps [Lawrence Abrams, Bleeping Computer]
  3. Free Cyber Safety Resources during COVID-19 [Guest Authors, Tripwire]
    - see also: Stay Healthy, Stay Secure
  4. Hackers Take Advantage of Zoom’s Popularity to Push Malware [Sergiu Gatlan, Bleeping Computer]
    - see also: Zoom Cancels All Work On New Features After Latest Security Alerts
    - and: Zoom, the video conferencing app everyone is using, faces questions over privacy
    - Who’s Zooming Who? Guidelines on How to Use Zoom Safely
  5. FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic [Kristen Setera, FBI Boston]
  6. Security and Microsoft Teams – Addressing Threats to Teams Meetings [Microsoft]
  7. Public health vs. personal privacy: Choose only one? [Tony Anscombe, WeLiveSecurity / ESET]
  8. Unauthorised Data Access Alert [University of Utah Health]
  9. Integrating Cybersecurity and Enterprise Risk Management (ERM) [draft] [NIST]
    - see also: Untangling Third-Party Risk
    - and: Quantifying Cyber Risk: Why You Must & Where to Start
  10. Three More Ransomware Families Create Sites to Leak Stolen Data [Lawrence Abrams, Bleeping Computer]
  11. Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant [Eric Saraga, Varonis]
  12. This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits [FireEye]

Infosec bits for week 12/20

Roderick Mooi

  1. 6 ways attackers are exploiting the COVID-19 crisis [Dan Swinhoe, CSO / IDG Communications]
  2. SANS Security Awareness Work-from-Home Deployment Kit [SANS Institute]
    - see also: Working from Home during COVID-19? What You and Your Organization Need to Consider
  3. COVID-19: With everyone working from home, VPN security has now become paramount [Catalin Cimpanu, Zero Day / CBS Interactive]
    - see also: Alert (AA20-073A) – Enterprise VPN Security
  4. Preventing Eavesdropping and Protecting Privacy on Virtual Meetings [Jeff Greene, NIST NCCoE]
    - see also: List of Free Software and Services During Coronavirus Outbreak
  5. How coronavirus COVID-19 is accelerating the future of work [Larry Dignan, Zero Day / CBS Interactive]
  6. They Come in the Night: Ransomware Deployment Trends [Kelli Vanderlee, FireEye]
    - see also: Human-operated ransomware attacks: A preventable disaster
  7. There Are Plenty of Phish in the Sea [Alastair Paterson, SecurityWeek / Wired Business Media]
    - see also: Phishing Victims From a CDN’s Point of View
  8. RiskSense Spotlight Report Finds WordPress and Apache are Most Weaponized Web and Application Frameworks [RiskSense]
    - see also: WordPress to add auto-update feature for themes and plugins
  9. Shadowserver 2020 Urgent Need – Just The Summary [Shadowserver]
  10. Making the case for hardware 2FA in the enterprise [J.M. Porup, CSO / IDG Communications]
    - see also: Enroll security keys on more devices
  11. Hacking a network, using an ‘invisibility cloak’ – Is it that simple? [Pierluigi Paganini / Sepio Systems, Security Affairs]
  12. The Biggest Gap in Cybersecurity is Empathy [Jack Danahy, Alert Logic]

Infosec bits for week 11/20

Roderick Mooi

  1. University of Kentucky Defeats Month-Long Cyber-Attack [Sarah Coble, Infosecurity / Reed Exhibitions]
    - see also: Inside a massive cyber hack that risks compromising leaders across the globe
  2. Top cybersecurity facts, figures and statistics for 2020 [Josh Fruhlinger, CSO / IDG Communications]
  3. Ransomware Attackers Use Your Cloud Backups Against You [Lawrence Abrams, Bleeping Computer]
    - see also: Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft
  4. Coronavirus-themed scams and attacks intensify [Zeljka Zorz, Help Net Security]
    - see also: How Threat Actors are Abusing Coronavirus Uncertainty
  5. How Security Leaders at Starbucks and Microsoft Prepare for Breaches [Kelly Sheridan, Dark Reading / Informa]
  6. How to write an effective information security policy [Mary K. Pratt, CSO / IDG Communications]
  7. Securing Content Management Systems [Australian Cyber Security Centre]
  8. Microsoft: 99.9% of compromised accounts did not use multi-factor authentication [Catalin Cimpanu, Zero Day / CBS Interactive]
  9. Time to Stop Overlooking DNS Security [Mark Fieldhouse, NS1 / Infosecurity / Reed Exhibitions]
  10. The War of Passwords: Compliance vs NIST [Rita Nygren, Tripwire]
  11. Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef [Kieren McCarthy, The Register]

Infosec bits for week 10/20

Roderick Mooi

  1. Personal information of students, faculty at B.C. university exposed in recent data breach [Carly Yoshida-Butryn, CTV News / Bell Media]
    - see also: Names, birthdays, email addresses of thousands potentially exposed in SFU data breach
  2. Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices [Lawrence Abrams, Bleeping Computer]
    - see also: DoppelPaymer Ransomware Launches Site to Post Victim’s Data
    - and: Ransomware victims are paying out millions a month. One particular version has cost them the most
  3. Ransomware Response: Mature Cybersecurity Must Involve Data Analytics [James Stanger, CompTIA]
  4. Hackers are actively exploiting zero-days in several WordPress plugins [Catalin Cimpanu, Zero Day]
    - see also: Critical Bugs in WordPress Plugins Let Hackers Take Over Sites
  5. Hackers Use Windows 10 RDP ActiveX Control to Run TrickBot Dropper [Ionut Ilascu, Bleeping Computer]
  6. ‘Cloud Snooper’ Attack Bypasses Firewall Security Measures [Sergei Shevchenko, Sophos]
  7. Educating Educators: Microsoft’s Tips for Security Awareness Training [Kelly Sheridan, Dark Reading]
  8. CWE list now includes hardware security weaknesses [Zeljka Zorz, Help Net Security]
    - find it here: cwe.mitre.org/
  9. Your phone wakes up. Its assistant starts reading out your text messages. To everyone around. You panic. How? Ultrasonic waves [Katyanna Quach, The Register]
  10. Introducing Dispatch [Kevin Glisson, Marc Vilanova and Forest Monsen, Netflix]
  11. Chrome 80 update cripples top cybercrime marketplace [Catalin Cimpanu, Zero Day]
    - see also: New Deep-Linking Feature in Google Chrome 80 Sparks Privacy Concerns
    - and: Web Browser Privacy: What Do Browsers Say When They Phone Home?
  12. Russian spies are attempting to tap transatlantic undersea cables [Pierluigi Paganini, Security Affairs]
  13. How a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer [Lily Hay Newman, WIRED / Condé Nast]

Infosec bits for week 09/20

Roderick Mooi

  1. Zim hacker granted bail to attend Swiss hackathon [Samuel Mungadze, IT Web]
  2. Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security [Sergiu Gatlan, Bleeping Computer]
    - see also: Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
  3. 8.4 million: Number of DDoS attacks researchers saw last year alone [Help Net Security]
  4. 5 Strategies to Secure Cloud Operations Against Today’s Cyber Threats [Chris Christou and Brad Beaulieu, Dark Reading]
  5. Admins beware! Microsoft gives heads-up for ‘disruptive’ changes to authentication in Office 365 email service [Tim Anderson, The Register]
  6. Are CISOs ready for zero trust architectures? [Vladimir Jirasek, Foresight Cyber / Help Net Security]
    - see also: To Rank or Not to Rank Should Never Be a Question
  7. Top 10 web hacking techniques of 2019 [James Kettle, PortSwigger Research]
  8. Whodat? Enumerating Who “owns” a Workstation for IR [Rob VandenBrink, SANS ISC]
  9. The Ecosystem of Phishing: From Minnows to Marlins [Photon Research Team / Digital Shadows]
  10. Up close and personal with Linux malware [Tomáš Foltýn, WeLiveSecurity / ESET]
    - see also: The Linux Foundation identifies most important open-source software components and their problems
  11. Cybersecurity alliance launches first open source messaging framework for security tools [Charlie Osborne, Zero Day]
  12. New Mozart Malware Gets Commands, Hides Traffic Using DNS [Lawrence Abrams, Bleeping Computer]
  13. Is your phone listening to you? [Jake Moore, WeLiveSecurity / ESET]]
  14. Data Encryption on Android with Jetpack Security [Jon Markoff, Google Security Blog]
  15. Jon Callas: Encryption is a technology that rearranges power [Mirko Zorz, Help Net Security]