E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 28/20

  1. University of California San Francisco pays ransomware gang $1.14m as BBC publishes ‘dark web negotiations’ [Gareth Corfield, The Register]
  2. Applying the 80-20 Rule to Cybersecurity [Dan Blum, Dark Reading / Informa]
    - see also: Framing the Security Story: The Simplest Threats Are the Most Dangerous
  3. Over 100 Wi-Fi routers fail major security test — protect yourself now [Paul Wagenseil, Tom’s Guide]
    - Full report: www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
  4. Palo Alto Networks patches critical vulnerability in firewall OS [Sergiu Gatlan, Bleeping Computer]
  5. First reported Russian BEC scam gang targets Fortune 500 firms [Ionut Ilascu, Bleeping Computer]
  6. ‘Keeper’ hacking group behind hacks at 570 online stores [Catalin Cimpanu, Zero Day]
    - If you entered card / account details on any of these sites post the dates given, consider your information compromised!
  7. Google open-sources Tsunami vulnerability scanner [Catalin Cimpanu, Zero Day]
  8. Toward trusted sensing for the cloud: Introducing Project Freta [Mike Walker, Microsoft]
  9. Intel Owl Release v1.0.0 [Eshaan Bansal, The Honeynet Project]
  10. AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals [Lindsey O’Donnell, Threatpost]
  11. Redirect auction [Dmitry Kondratyev, Kaspersky]
  12. WastedLocker Goes “Big-Game Hunting” in 2020 [Ben Baker et al, Talos / Cisco]
  13. Ireland launches COVID-19 contact tracing app based on Apple-Google API [Mike Peterson, Apple Insider]
  14. How Police Secretly Took Over a Global Phone Network for Organized Crime [Joseph Cox, Motherboard / Vice]

Infosec bits for week 27/20

  1. Update on IT Security Incident at UCSF [UCSF CISO]
  2. Evil Corp blocked from deploying ransomware on 30 major US firms [Sergiu Gatlan, Bleeping Computer]
  3. New Mac ransomware spreading through piracy [Thomas Reed, Malwarebyte]
    More information:
    1. New Mac Ransomware Is Even More Sinister Than It Appears [Lily Hay Newman, Wired]
  4. Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities [Catalin Cimpanu, ZDNet]
  5. Apple strong-arms entire CA industry into one-year certificate lifespans [Catalin Cimpanu, ZDNet]
  6. Online Learning Platform Exposes Data on One Million Students [Phil Muncaster, Infosecurity Magazine]
  7. Security lapse at South Africa’s LogBox exposed user accounts and medical data [Jake Bright, Techcrunch]
  8. Ransomware Awareness [Lenny Zeltser, SANS]
  9. AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor [US Cert]
  10. Netgear Starts Patching Serious Vulnerabilities Affecting Tens of Products [Eduard Kovacs, Security Week]
  11. Cisco Releases Security Updates for Multiple Products [US Cert]
  12. Serious Vulnerabilities in F5’s BIG-IP Allow Full System Compromise [Eduard Kovacs , Security Week]

Infosec bits for week 26/20

  1. Commencement of certain sections of the Protection of Personal Information Act, 2013 [The Presidency]
    - see also: GDPR vs POPIA
  2. Largest Ever Recorded Packet Per Second-Based DDoS Attack Mitigated by Akamai [Tom Emmons, Akamai]
  3. List of Ripple20 vulnerability advisories, patches, and updates [Ionut Ilascu, Bleeping Computer]
  4. Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it [Lorenzo Franceschi-Bicchierai, Motherboard / Vice Media]
  5. Defending Exchange servers under attack [Microsoft Defender ATP Research Team]
  6. Turn on MFA Before Crooks Do It For You [Brian Krebs]
  7. Australian PM says nation under serious state-run ‘cyber attack’ – Microsoft, Citrix, Telerik UI bugs ‘exploited’ [Simon Sharwood, The Register]
    - official advisory here
  8. Glupteba – the malware that gets secret messages from the Bitcoin blockchain [Paul Ducklin, Naked Security / Sophos]
  9. Adobe Flash Player EOL General Information Page [Adobe] – and everyone in infosec rejoices :) [now we just need that pesky Java to EOL ;)]
  10. If a Cyber Security Report Falls in a Forest, Is Anyone Listening? [Ian Trump, HackRead]
  11. To evade detection, hackers are requiring targets to complete CAPTCHAs [Dan Goodin, Ars Technica]
  12. New technique protects consumers from voice spoofing attacks [Help Net Security]
  13. Academics studied DDoS takedowns and said they’re ineffective, recommend patching vulnerable servers [Catalin Cimpanu, Zero Day]
  14. Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider [Karim Lalji and Johannes Ullrich, SANS ISC]
  15. Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It [Rokas Laurinavičius and Ilona Baliūnaitė, Bored Panda]
  16. My Adventures Hacking the iParcelBox [Sam Quinn, McAfee]

Infosec bits for week 25/20

  1. Phishing Attacks:
    1. Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com [Krebs on Security]
  2. Breaches:
    1. South African bank to replace 12m cards after employees stole master key [Catalin Cimpanu, ZDNet]
  3. Developments in Video Conferencing Systems Security:
    1. New Cisco Webex Meetings flaw lets attackers steal auth tokens [Sergiu Gatlan, Bleeping Computer]
    2. End-to-End Encryption Update [Zoom] [Eric S. Yuan, Zoom]
  4. Ransomware:
    1. City of Knoxville shuts down network after ransomware attack [Sergiu Gatlan, Bleeping Computer]
  5. General Security Interest:
    1. After a breach, users rarely change their passwords, and when they do, they’re often weaker [Daniel Tkacik, Tech Xplore]
    2. The Impending Doom of Expiring Root CAs and Legacy Clients [Scott Helme]
    3. FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy [Krebs on Security]
  6. New Vulnerabilities:
    1. Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack [Zeljka Zorz, Help Net Security]
      - List of known vulnerable vendors/devices: Overview- Ripple20
    2. SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost [ZecOps Blog]
  7. Vulnerabilities in Home Routers:
    1. WFH Alert: Critical Bug Found in Old D-Link Router Models [Tom Spring, Threat Post]
    2. Unpatched vulnerability identified in 79 Netgear router models [Catalin Cimpanu, ZDNet]

Infosec bits for week 24/20

  1. South Africa’s Life Healthcare hit by cyber attack [Aniruddha Ghosh, Reuters]
    - see also: Hackers strike at Life Healthcare, extent of data breach yet to be assessed
  2. Ransomware attackers threaten to leak Telkom client database [Jan Vermeulen, MyBroadband]
  3. Exploit code for wormable flaw on unpatched Windows devices published online [Dan Goodin, Ars Technica]
    - see also: SMBleed could allow a remote attacker to leak kernel memory
  4. 3 phishing trends organizations should watch out for [Kacey C, Digital Shadows]
    - see also: Abnormal Attack Stories: COVID-19 Relief Phishing Through Dropbox Transfer
  5. OUCH! Newsletter: Creating a Cyber Secure Home [Randy Marchany, Virginia Tech / SANS]
  6. The Hitchhiker’s Guide to Web App Pen Testing [Vanessa Sauter, Dark Reading]
  7. How Threat Actors Are Adapting to the Cloud [Charles DeBeck, IBM Security Intelligence]
  8. Email threat types: Conversation hijacking [Christine Barry, Barracuda]
  9. New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs [The Hacker News]
  10. uBlock Origin ad blocker now blocks port scans on most sites [Lawrence Abrams, Bleeping Computer]
  11. VPNs are dead. Long Live Identity-Aware Proxies [Sat G, Medium]
  12. Another Intel Speculative Execution Vulnerability [Bruce Schneier]
  13. When Your Biggest Security and Privacy Threats Come From the Ones You Love [Ericka Chickowski, Dark Reading]

Infosec bits for week 23/20

  1. Information Security and Privacy Perspectives on the EDUCAUSE 2020 Top 10 IT Issues [Brian Kelly et al, EDUCAUSE]
    - see also: EDUCAUSE COVID-19 QuickPoll Results: Information Security During the Pandemic
  2. Netwalker ransomware continues assault on US colleges, hits UCSF [Lawrence Abrams, Bleeping Computer]
  3. Threat Spotlight: Tycoon Ransomware Targets Education and Software Sectors [BlackBerry & KPMG]
  4. REvil ransomware gang launches auction site to sell stolen data [Catalin Cimpanu, Zero Day]
    - see also: REvil ransomware gang publishes ‘Elexon staff’s passports’ after UK electrical middleman shrugs off attack
  5. CISA releases new Cyber Essentials Toolkit [CISA]
  6. The ransomware that attacks you from inside a virtual machine [Mark Stockley, Naked Security / Sophos]
  7. Securing SSH: What To Do and What Not To Do [Ed Williams, Trustwave]
  8. Why is This Website Port Scanning me? [Charlie Belmer, Null Sweep]
  9. Cisco warns: These Nexus switches have been hit by a serious security flaw [Liam Tung, Zero Day]
  10. Evolution of Excel 4.0 Macro Weaponization [James Haughom and Stefano Ortolani, Lastline]
  11. The mystery of the expiring Sectigo web certificate [Paul Ducklin, Naked Security / Sophos]
  12. G Suite Marketplace primed for a privacy scandal, researchers warn [Catalin Cimpanu, Zero Day]
  13. What is pretexting? Definition, examples and prevention [Josh Fruhlinger, CSO / IDG Communications]
  14. Risk Assessment & the Human Condition [Joshua Goldfarb, Dark Reading]

Infosec bits for week 21/20

  1. Incident Of The Week: Educational Infrastructures At Risk Of Invasive Breaches [Seth Adler, Cyber Security Hub / IQPC]
  2. Sharing Threat Intelligence in Higher Ed [Meg Lloyd, Campus Technology / Ed-Tech Group]
    - see also: Predicting the Future of the SOC Analyst
  3. European supercomputers hacked in mysterious cyberattacks [Ionut Ilascu, Bleeping Computer]
    - see also: Supercomputers hacked across Europe to mine cryptocurrency
  4. The 3 Top Cybersecurity Myths & What You Should Know [Zack Schuler, Dark Reading / Informa Tech]
    - see also: Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
  5. Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019 [Doug Olenick, Bank Info Security / ISMG]
    - see also: 6 ways to be more secure in the cloud
  6. Security News This Week: Hackers Claim to Have ‘Dirty Laundry’ About Donald Trump [Brian Barrett, WIRED / Condé Nast]
    - see also: REvil Ransomware found buyer for Trump data, now targeting Madonna
  7. Microsoft warns of ‘massive’ phishing attack pushing legit RAT [Lawrence Abrams, Bleeping Computer]
    - see also: Response Playbooks » RP0001: Phishing email
  8. Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack [ROOTDAEMON]
  9. Digital Ethics in Higher Education: 2020 [John O’Brien, EDUCAUSE]
  10. Why You May Not Need to Monitor the Dark Web [Idan Aharoni, Security Week / Wired Business Media]
  11. Pingcastle – Active Directory Security Assessment Tool [Vincent Letoux, Darknet]
  12. Enhanced Safe Browsing Protection now available in Chrome [Nathan Parker et al, Google]
  13. This Service Helps Malware Authors Fix Flaws in their Code [Brain Krebs, Krebs on Security]
  14. US officials say they’ve cracked Pensacola shooter’s iPhones, blast Apple [Sean Lyngaas, Cyberscoop, Scoop News Group]
  15. Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App [Foeke Postma, Bellingcat]

Infosec bits for week 20/20

  1. Ruhr University Bochum shuts down servers after ransomware attack [Sergiu Gatlan, Bleeping Computer]
  2. Pandemic Could Accelerate Passwordless Authentication [Steve Zurier, Dark Reading / Informa]
    - see also: 5 common password mistakes you should avoid
    - and: Protect your accounts with smarter ways to sign in on World Passwordless Day
  3. Apple, Google push makers of coronavirus apps not to record user location [David Ingram, NBC News]
  4. Zoom acquires Keybase to beef up encryption, ease security questions [Jeff Stone, Cyberscoop / Scoop News Group]
  5. Cyber Subterfuge and Curious Sharks Threaten the World’s Subsea Fiber-Optic Cables [Alison Diana, Dark Reading / Informa]
  6. Maze Ransomware and its Various Campaigns Continue to Threaten the Cyber World – E Hacking News [Rootdaemon]
    - see also: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
  7. Microsoft and Intel project converts malware into images before analyzing it [Catalin Cimpanu, Zero Day]
  8. GitHub Code Scanning aims to prevent vulnerabilities in open source software [Zeljka Zorz, Help Net Security]
  9. 6 common container security mistakes to avoid [Bob Violino, CSO / IDG Communications]
  10. Build a Culture of Holistic Risk Awareness Throughout Your Workforce [Michelle Greenlee, Security Intelligence / IBM]
  11. The 4 Stages to a Successful Vulnerability Management Program [Mitch Parker, Tripwire]
  12. For 8 years, a hacker operated a massive IoT botnet just to download Anime videos [Catalin Cimpanu, Zero Day]

Infosec bits for week 19/20

  1. Resource Guide for Cybersecurity During the COVID-19 Pandemic [Center for Internet Security]
    - see also: Privacy Preserving Protocols to Trace Covid19 Exposure
    - and: Cyber volunteers release blocklists for 26,000 COVID-19 threats
  2. Learning from Home While School’s Out: Cybersecurity Education for Kids [Greg Herbold and Kim Yohannan, Palo Alto Networks]
    - see also: Cybersecurity Lab – highly recommended for kids Gr8-12
    - PBS Kids Cyberchase – for the younger ones
    - Cyber School – Free to attend, live & online cyber security school for school pupils around the world
    - KnowBe4 Children’s Interactive Cybersecurity Activity Kit – offline activity books
  3. Nearly a Million WP Sites Targeted in Large-Scale Attacks [Ram Gall , Wordfence]
    - see also: Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
  4. Convincing Office 365 phishing uses fake Microsoft Teams alerts [Sergiu Gatlan, Bleeping Computer]
    - original report: Abnormal Attack Stories: Microsoft Teams Impersonation
  5. Cisco Webex phishing uses fake cert errors to steal credentials [Sergiu Gatlan, Bleeping Computer]
  6. LockBit, the new ransomware for hire: A sad and cautionary tale [Dan Goodin, Ars Technica / Condé Nast]
  7. Hackers exploit Salt RCE bugs in widespread attacks, PoCs public [Ionut Ilascu, Bleeping Computer]
    - see also: Search provider Algolia discloses security incident due to Salt vulnerability
  8. What to do when you receive an extortion email [Thomas Reed, Malwarebytes]
  9. Can you trust attachments with unfamiliar extensions? [Zeljka Zorz, Help Net Security]
  10. Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use [Thomas Brewster, Forbes]
  11. Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 [Catalin Cimpanu, Zero Day]
  12. Windows 7 end-of-life security mitigation [John Zage, Trusted CI]
  13. The Shadowserver Foundation Threat Report: A Spotlight on Africa [Shadowserver]
  14. Mobile as Attack Vector Using MDM [Aviran Hazum et al, Check Point Research]
  15. Honeysploit: Exploiting the Exploiters [Curtis Brazzell, Medium]
    - see also: Professional data leakage: How did that security vendor get my personal data?

Infosec bits for week 18/20

  1. COVID-19 Security Resource Library [Stay Safe Online / NCSA]
    - see also: How to avoid a coronavirus scam
  2. Consumers benefit as video call vendors scramble to revamp security in a COVID-19 world [Charlie Osborne, Zero Day]
  3. Contact-Tracing Apps Must Respect Privacy, Scientists Warn [Mathew J. Schwartz, Information Security Media Group]
  4. Cybersecurity Prep for the 2020s [Dave Meltzer, Dark Reading / Informa Tech]
    - see also: 10 ways to get more from your security budget
    - and: The Key to Successfully Managing Cyber Risk: Speed
  5. Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk [Threat Protection Intelligence Team, Microsoft]
    - see also: Phishing kit prices skyrocketed in 2019 by 149%
  6. The Windows 10 security guide: How to protect your business [Ed Bott, The Ed Bott Report / Zero Day]
  7. The Evolution of AppSec: Past, Present and Future [Veracode / IDG Communications]
  8. Hackers selling 267 million Facebook records on hacker forum [Waqas / HackRead]
  9. Warwick University was hacked and kept breach secret from students and staff [Alexander Martin, Sky News]
  10. The missing MITRE ATT&CK matrix for Linux cloud servers [Intezer]
  11. Taiwan High-Tech Ecosystem Targeted by Foreign APT Group [CyCraft Technology Corp, Medium]
  12. Mastering Communication in Cyber Intelligence Activities: A Concise User Guide [Boris Giannetto and Pierluigi Paganini, Security Affairs]