F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Infosec bits for week 47/19

Roderick Mooi

  1. Give Me Security, Give Me Convenience, or Give Me Both! [Joe Galanek, EDUCAUSE]
    - see also: Education before Regulation: Empowering Students to Question Their Data Privacy
  2. Ransomware forces New Mexico school district to scrub 30,000 devices [Colin Wood, Scoop News Group]
  3. Major ASP.NET hosting provider infected by ransomware [Catalin Cimpanu, Zero Day]
  4. Who Do You Believe? Conflicting Stories About Pemex Ransomware Attack Impacts [Bruce Sussman, SecureWorld / Seguro Group]
    - see also: Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
  5. Google Enlists Outside Help to Clean Up Android’s Malware Mess [Lily Hay Newman, WIRED / Condé Nast]
    - see also: The App Defense Alliance: Bringing the security industry together to fight bad apps
  6. Microsoft vows to ‘honor’ California’s sweeping privacy law across entire US [Makena Kelly, The Verge / Vox Media]
  7. Amazon fixes Ring Video Doorbell wi-fi security vulnerability [Danny Palmer, Zero Day]
  8. Trend Micro hit with insider attack [Doug Olenick, SC Magazine / CyberRisk Alliance]
  9. Google: You can trust us with the medical data you didn’t know we already had [Updated] [Jon Brodkin, Ars Technica / Condé Nast]
  10. OUCH! Newsletter: Shopping Online Securely [Lenny Zeltser (guest editor), SANS Security Awareness]
  11. The Way America Votes Is Broken. In One Rural County, a Nonprofit Showed a Way Forward. [Jessica Huseman, ProPublica]

Infosec bits for week 45/19

Roderick Mooi

  1. Over 500 US schools were hit by ransomware in 2019 [Catalin Cimpanu, Zero Day]
    - see also: At least 13 managed service providers were used to push ransomware this year
  2. Utah renewables company was hit by rare cyberattack in March [Sean Lyngaas, Scoop News Group]
  3. Office 365 Users Targeted by Voicemail Scam Pages [Oliver Devane and Rafael Pena, McAfee]
  4. Thousands of QNAP NAS devices have been infected with the QSnatch malware [Catalin Cimpanu, Zero Day]
  5. First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild [Mohit Kumar, The Hacker News]
  6. Google promises to replace Home devices bricked by flawed firmware update [Charlie Osborne, Zero Day]
  7. Episode 165: Oh, Canada! Independent Security Researchers Feel the Chill Up North [Paul Roberts, The Security Ledger]
  8. Five months after returning rental car, man still has remote control [Dan Goodin, Ars Technica / Condé Nast]
    - see also: The perils of security and how I finally resolved my Amazon fraud
  9. MESSAGETAP: Who’s Reading Your Text Messages? [Raymond Leong, Dan Perez and Tyler Dean, FireEye Mandiant]
  10. The Ransomware Superhero of Normal, Illinois [Benjamin Marra, ProPublica]

Infosec bits for week 44/19

Roderick Mooi

  1. City of Joburg shuts down all systems after cyber attack demanding bitcoin ransom [Riaan Grobler, News24]
    - see also: City of Johannesburg held for ransom by hacker gang
  2. Liquid Telecom fights off massive DDoS attack — over 100Gbps [Jan Vermeulen, MyBroadband]
    - see also: South African banks hit by massive DDoS attack
  3. EDUCAUSE 2019: In OmniSOC, Colleges Build a Stronger Defense, Together [Amy Burroughs, EdTech Magazine]
  4. German Automation Giant Still Down After Ransomware Attack [Phil Muncaster, Infosecurity Magazine]
    - see also: Italians Rocked by Ransomware
  5. DNS Security: Threat Modeling DNSSEC, DoT, and DoH [JSchauma, Netmeister]
  6. Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone [BBC News]
    - see also: Samsung will begin patching fingerprint scanner security flaw within 24 hours
  7. “BriansClub” Hack Rescues 26M Stolen Cards [Brian Krebs, Krebs on Security]
  8. Cyber War Between Iran and United States Could Have Far-Reaching Implications [Nicole Lindsey, CPO Magazine]
  9. Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs [Kelly Sheridan, Dark Reading]
  10. Your Supply Chain Doesn’t End At Receiving: How Do You Decommission Network Equipment? [Johannes B. Ullrich, SANS ISC]
  11. The US nuclear forces’ Dr. Strangelove-era messaging system finally got rid of its floppy disks [Valerie Insinna, C4ISRNET]

Infosec bits for week 42/19

Roderick Mooi

  1. Free Resources for National Cybersecurity Awareness Month 2019 [Infosec Institute]
  2. Security Education Companion [Electronic Frontier Foundation]
  3. Higher Education Community Vendor Assessment Toolkit [Higher Education Information Security Council (HEISC), Community]
  4. National Student Clearinghouse Playbooks [National Student Clearinghouse]
    - includes a DDoS and Ransomware incident response playbook
  5. Never Trust a Platform to Put Privacy Ahead of Profit [Lily Hay Newman, WIRED]
    - see also: Twitter Uses Phone Numbers, Emails to Sell Ads
  6. The broken record: Why Barr’s call against end-to-end encryption is nuts [Sean Gallagher, Ars Technica]
  7. Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move [Sergiu Gatlan, Bleeping Computer]
    - see also: DNS-over-HTTPS causes more problems than it solves, experts say
  8. AIG says its cyber insurance plans don’t cover criminal acts; wants lawsuit tossed [Jeff Stone, Cyberscoop]
  9. Vulnerabilities exploited in VPN products used worldwide [National Cyber Security Centre UK]
  10. State of Ransomware in the U.S.: 2019 Report for Q1 to Q3 [Emsisoft Malware Lab]
  11. Linux to get kernel ‘lockdown’ feature [Catalin Cimpanu, Zero Day]
  12. Report reveals play-by-play of first U.S. grid cyberattack [Blake Sobczak, E&E News]

Infosec bits for week 39/19

Roderick Mooi

  1. Wind, Trees, and Security Awareness [Ben Woelk]
  2. Ransomware Strikes 49 School Districts & Colleges in 2019 [Kelly Sheridan, Dark Reading]
  3. Rica has been declared unlawful [Kaunda Selisho, The Citizen]
  4. 2019 CWE Top 25 Most Dangerous Software Errors (updated 18 September) [MITRE]
  5. Microsoft releases out-of-band security update to fix IE zero-day & Defender bug [Catalin Cimpanu, Zero Day]
  6. High-severity vulnerability in vBulletin is being actively exploited [Dan Goodin, Ars Technica]
  7. Iowa officials claim confusion over scope led to arrest of pen-testers [Sean Gallagher, Ars Technica]
  8. Emotet Trojan Evolves Since Being Reawakend, Here is What We Know [Lawrence Abrams, Bleeping Computer]
    - see also: Emotet malspam is back
  9. Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices [Hooman Mohajeri Moghaddam et. al.]
    - full paper
    - see also: Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach
  10. The NSA Is Running a Satellite Hacking Experiment [Patrick Ducker, Defense One]

Infosec bits for week 37/19

Roderick Mooi

  1. Who’ll benefit from the Regis University cyberattack? The Denver school’s cybersecurity students. [Elizabeth Hernandez, The Denver Post]
  2. Ransomware shuts down classes, childcare centers in Flagstaff, Arizona [Colin Wood, Scoop News Group]
    - see also: Back to school: With latest attack, ransomware cancels classes in Flagstaff
  3. More than 99% of cyberattacks rely on human interaction [Help Net Security]
  4. Cyber-security incident at US power grid entity linked to unpatched firewalls [Catalin Cimpanu, Zero Day]
  5. MANRS Observatory: Monitoring the State of Internet Routing Security [Andrei Robachevsky, Internet Society]
    - find it here: observatory.manrs.org/
  6. BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks [Mohit Kumar, Teh Hacker News]
  7. Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks [Mohit Kumar, Teh Hacker News]
  8. Security hole opens a billion Android users to advanced SMS phishing attacks [Help Net Security]
  9. Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation [Andrea Fortuna]
  10. Twitter disables SMS-to-tweet feature after its CEO got hacked last week [Catalin Cimpanu, Zero Day]
  11. Why 5G requires new approaches to cybersecurity [Tom Wheeler and David Simpson, The Brookings Institution]

Infosec bits for week 36/19

Roderick Mooi

  1. Every Computer Science Degree Should Require a Course in Cybersecurity [Jack Cable, Harvard Business Publishing]
  2. FinCEN Issues Advisory on Business Email Compromise Schemes and Names Colleges and Universities among Top Targets [Katie Branson, EDUCAUSE]
    - see also: Cyber Claims: GDPR and business email compromise drive greater frequencies
  3. When Ransomware Cripples a City, Who’s to Blame? This I.T. Chief Is Fighting Back [Frances Robles, New York Times]
    - see also: Rockville Center School District pays $88,000 ransom
  4. South Africa’s mass surveillance revealed [Tefo Mohapi, iAfrikan]
    - see also: South African authorities admit to mass surveillance (comments)
  5. Bitcoin Warning As Serious Security Vulnerabilities Uncovered [Billy Bambrough, Forbes]
    - see also: China In the Process of Rolling Out State-Backed Cryptocurrency
  6. Open Redirect: A Small But Very Common Vulnerability [Jan Kopriva, SANS ISC]
  7. Putting an end to Retadup: A malicious worm that infected hundreds of thousands [Jan Vojtěšek, Avast Software]

Infosec bits for week 35/19

Roderick Mooi

  1. The Higher Ed Model for Cybersecurity Compliance [Colleen Johnson, EDUCAUSE Review]
  2. New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks [Ionut Ilascu, Bleeping Computer]
  3. Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs [Catalin Cimpanu, Zero Day]
  4. Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks [Jovi Umawing, Malwarebytes Labs]
    - see also: knobattack.com/
  5. The Difference Between Red, Blue, and Purple Teams [Daniel Miessler]
  6. FNB backs down on password decision after backlash [Duncan Mcleod, NewsCentral Media]
  7. Is this Crown Sterling press release from another planet? [Josh Bernoff]
  8. Employees connect nuclear plant to the internet so they can mine cryptocurrency [Catalin Cimpanu, Zero Day]

Infosec bits for week 33/19

Roderick Mooi

  1. Cyberattack forces Houston County schools to postpone opening day [Doug Olenick, Haymarket Media]
  2. Fraudster Brought Back from Kenya to Face Jail Time for Stealing Almost $750,000 from UCSD through a Spear Phishing Campaign [Alexandra F. Foster, US DOJ]
  3. A Campus Culture of Cybersecurity [Julianne Basinger, The Chronicle of Higher Education]
  4. Windows Defender Gets Perfect Scores in Antivirus Test [Nathaniel Mott, Tom’s Hardware]
  5. Apple halts practice of contractors listening in to users on Siri [Alex Hern, The Guardian]
    - see also: Google: More information about our processes to safeguard speech data
  6. I Always Feel Like Somebody’s Watching Listening to Me (click on link to 29 July article) [Jacob Baines, Tenable TechBlog]
  7. Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V [Mohit Kumar, The Hacker News]
  8. Boffins hacked Siemens Simatic S7, most secure controllers in the industry [Pierluigi Paganini, SecurityAffairs]
  9. Extended Validation Certificates are (Really, Really) Dead [Troy Hunt]
  10. Clever Vanity License Plate Backfires On Man, Winds Up With Tons Of Tickets [Dave Basner, iHeartRadio]

Infosec bits for week 31/19

Roderick Mooi

  1. Louisiana declares emergency over cyberattacks targeting schools [Benjamin Freed, Scoop News Group]
    - see also: Louisiana governor declares state emergency after local ransomware outbreak
    - and: Syracuse cyber attack: Experts say schools easy prey for ransomware
  2. Ed Dept: Hackers created thousands of fake student profiles [Natalie Schwartz, Industry Dive]
    - see also: Ellucian Banner System Vulnerability Update
    - and note: “Attackers are utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals. Ellucian recommends adding reCAPTCHA capabilities to the admission process to reduce the likelihood of experiencing fraudulent applications for admissions, even if institutions are not currently experiencing this issue.”
  3. Student data systems compromised in Hawaii, Tennessee [Ryan Johnston, Scoop News Group]
  4. Most City Power IT systems, networks restored following cyber attack [Alex Mitchley, 24.com]
    - see also: Ransomware incident leaves some Johannesburg residents without electricity
  5. Steps to Safeguard Against Ransomware Attacks [The Cybersecurity and Infrastructure Security Agency (CISA)]
  6. A BEAST and a POODLE celebrating SWEET32 [Bojan Zdrnja]
    - Overview: “In last couple of years we have witnessed many SSL/TLS vulnerabilities with various acronyms: POODLE, BEAST, BREACH, CRIME, DROWN, FREAK and SWEET32 – to name some. Almost every time, a snazzy logo and a lot of panic around the vulnerability made us believe that this is the end of secure communication on the Internet. However, we are yet to see any real hacks that actually exploited one of the above mentioned vulnerabilities. This presentation will explain how these vulnerabilities work and will comment on their viability for web, mobile and fat client applications. We will try to identify the SSL/TLS vulnerabilities who cried wolf, so we can concentrate on those that pose a serious threat (if such exist, that is).”
    - See also: Verifying SSL/TLS configuration
  7. Password Managers [Higher Education Information Security Council (HEISC)]
  8. Teenage hackers are offered a second chance under European experiment [Jeff Stone, Scoop News Group]
  9. The Encryption Debate Is Over – Dead At The Hands Of Facebook [Kalev Leetaru, Forbes Media LLC]
  10. How Cyber Weapons Are Changing the Landscape of Modern Warfare [Sue Halpern, The New Yorker]
    - see also: U.S. Cyber Command simulated a seaport cyberattack to test digital readiness