E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 14/20

  1. The Internet is drowning in COVID-19-related malware and phishing scams [Dan Goodin, Ars Technica / Condé Nast]
    - see also: Fighting Coronavirus-Themed Ransomware and Malware
    - Phishing Attack Says You’re Exposed to Coronavirus, Spreads Malware
    - Fake Corona Antivirus Software Used to Install Backdoor Malware
    - CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware
    - coronavirus-covid-19-SARS-CoV-2-IoCs
  2. Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps [Lawrence Abrams, Bleeping Computer]
  3. Free Cyber Safety Resources during COVID-19 [Guest Authors, Tripwire]
    - see also: Stay Healthy, Stay Secure
  4. Hackers Take Advantage of Zoom’s Popularity to Push Malware [Sergiu Gatlan, Bleeping Computer]
    - see also: Zoom Cancels All Work On New Features After Latest Security Alerts
    - and: Zoom, the video conferencing app everyone is using, faces questions over privacy
    - Who’s Zooming Who? Guidelines on How to Use Zoom Safely
  5. FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic [Kristen Setera, FBI Boston]
  6. Security and Microsoft Teams – Addressing Threats to Teams Meetings [Microsoft]
  7. Public health vs. personal privacy: Choose only one? [Tony Anscombe, WeLiveSecurity / ESET]
  8. Unauthorised Data Access Alert [University of Utah Health]
  9. Integrating Cybersecurity and Enterprise Risk Management (ERM) [draft] [NIST]
    - see also: Untangling Third-Party Risk
    - and: Quantifying Cyber Risk: Why You Must & Where to Start
  10. Three More Ransomware Families Create Sites to Leak Stolen Data [Lawrence Abrams, Bleeping Computer]
  11. Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant [Eric Saraga, Varonis]
  12. This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits [FireEye]

Infosec bits for week 12/20

  1. 6 ways attackers are exploiting the COVID-19 crisis [Dan Swinhoe, CSO / IDG Communications]
  2. SANS Security Awareness Work-from-Home Deployment Kit [SANS Institute]
    - see also: Working from Home during COVID-19? What You and Your Organization Need to Consider
  3. COVID-19: With everyone working from home, VPN security has now become paramount [Catalin Cimpanu, Zero Day / CBS Interactive]
    - see also: Alert (AA20-073A) – Enterprise VPN Security
  4. Preventing Eavesdropping and Protecting Privacy on Virtual Meetings [Jeff Greene, NIST NCCoE]
    - see also: List of Free Software and Services During Coronavirus Outbreak
  5. How coronavirus COVID-19 is accelerating the future of work [Larry Dignan, Zero Day / CBS Interactive]
  6. They Come in the Night: Ransomware Deployment Trends [Kelli Vanderlee, FireEye]
    - see also: Human-operated ransomware attacks: A preventable disaster
  7. There Are Plenty of Phish in the Sea [Alastair Paterson, SecurityWeek / Wired Business Media]
    - see also: Phishing Victims From a CDN’s Point of View
  8. RiskSense Spotlight Report Finds WordPress and Apache are Most Weaponized Web and Application Frameworks [RiskSense]
    - see also: WordPress to add auto-update feature for themes and plugins
  9. Shadowserver 2020 Urgent Need – Just The Summary [Shadowserver]
  10. Making the case for hardware 2FA in the enterprise [J.M. Porup, CSO / IDG Communications]
    - see also: Enroll security keys on more devices
  11. Hacking a network, using an ‘invisibility cloak’ – Is it that simple? [Pierluigi Paganini / Sepio Systems, Security Affairs]
  12. The Biggest Gap in Cybersecurity is Empathy [Jack Danahy, Alert Logic]

Infosec bits for week 11/20

  1. University of Kentucky Defeats Month-Long Cyber-Attack [Sarah Coble, Infosecurity / Reed Exhibitions]
    - see also: Inside a massive cyber hack that risks compromising leaders across the globe
  2. Top cybersecurity facts, figures and statistics for 2020 [Josh Fruhlinger, CSO / IDG Communications]
  3. Ransomware Attackers Use Your Cloud Backups Against You [Lawrence Abrams, Bleeping Computer]
    - see also: Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft
  4. Coronavirus-themed scams and attacks intensify [Zeljka Zorz, Help Net Security]
    - see also: How Threat Actors are Abusing Coronavirus Uncertainty
  5. How Security Leaders at Starbucks and Microsoft Prepare for Breaches [Kelly Sheridan, Dark Reading / Informa]
  6. How to write an effective information security policy [Mary K. Pratt, CSO / IDG Communications]
  7. Securing Content Management Systems [Australian Cyber Security Centre]
  8. Microsoft: 99.9% of compromised accounts did not use multi-factor authentication [Catalin Cimpanu, Zero Day / CBS Interactive]
  9. Time to Stop Overlooking DNS Security [Mark Fieldhouse, NS1 / Infosecurity / Reed Exhibitions]
  10. The War of Passwords: Compliance vs NIST [Rita Nygren, Tripwire]
  11. Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef [Kieren McCarthy, The Register]

Infosec bits for week 10/20

  1. Personal information of students, faculty at B.C. university exposed in recent data breach [Carly Yoshida-Butryn, CTV News / Bell Media]
    - see also: Names, birthdays, email addresses of thousands potentially exposed in SFU data breach
  2. Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices [Lawrence Abrams, Bleeping Computer]
    - see also: DoppelPaymer Ransomware Launches Site to Post Victim’s Data
    - and: Ransomware victims are paying out millions a month. One particular version has cost them the most
  3. Ransomware Response: Mature Cybersecurity Must Involve Data Analytics [James Stanger, CompTIA]
  4. Hackers are actively exploiting zero-days in several WordPress plugins [Catalin Cimpanu, Zero Day]
    - see also: Critical Bugs in WordPress Plugins Let Hackers Take Over Sites
  5. Hackers Use Windows 10 RDP ActiveX Control to Run TrickBot Dropper [Ionut Ilascu, Bleeping Computer]
  6. ‘Cloud Snooper’ Attack Bypasses Firewall Security Measures [Sergei Shevchenko, Sophos]
  7. Educating Educators: Microsoft’s Tips for Security Awareness Training [Kelly Sheridan, Dark Reading]
  8. CWE list now includes hardware security weaknesses [Zeljka Zorz, Help Net Security]
    - find it here: cwe.mitre.org/
  9. Your phone wakes up. Its assistant starts reading out your text messages. To everyone around. You panic. How? Ultrasonic waves [Katyanna Quach, The Register]
  10. Introducing Dispatch [Kevin Glisson, Marc Vilanova and Forest Monsen, Netflix]
  11. Chrome 80 update cripples top cybercrime marketplace [Catalin Cimpanu, Zero Day]
    - see also: New Deep-Linking Feature in Google Chrome 80 Sparks Privacy Concerns
    - and: Web Browser Privacy: What Do Browsers Say When They Phone Home?
  12. Russian spies are attempting to tap transatlantic undersea cables [Pierluigi Paganini, Security Affairs]
  13. How a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer [Lily Hay Newman, WIRED / Condé Nast]

Infosec bits for week 09/20

  1. Zim hacker granted bail to attend Swiss hackathon [Samuel Mungadze, IT Web]
  2. Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security [Sergiu Gatlan, Bleeping Computer]
    - see also: Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
  3. 8.4 million: Number of DDoS attacks researchers saw last year alone [Help Net Security]
  4. 5 Strategies to Secure Cloud Operations Against Today’s Cyber Threats [Chris Christou and Brad Beaulieu, Dark Reading]
  5. Admins beware! Microsoft gives heads-up for ‘disruptive’ changes to authentication in Office 365 email service [Tim Anderson, The Register]
  6. Are CISOs ready for zero trust architectures? [Vladimir Jirasek, Foresight Cyber / Help Net Security]
    - see also: To Rank or Not to Rank Should Never Be a Question
  7. Top 10 web hacking techniques of 2019 [James Kettle, PortSwigger Research]
  8. Whodat? Enumerating Who “owns” a Workstation for IR [Rob VandenBrink, SANS ISC]
  9. The Ecosystem of Phishing: From Minnows to Marlins [Photon Research Team / Digital Shadows]
  10. Up close and personal with Linux malware [Tomáš Foltýn, WeLiveSecurity / ESET]
    - see also: The Linux Foundation identifies most important open-source software components and their problems
  11. Cybersecurity alliance launches first open source messaging framework for security tools [Charlie Osborne, Zero Day]
  12. New Mozart Malware Gets Commands, Hides Traffic Using DNS [Lawrence Abrams, Bleeping Computer]
  13. Is your phone listening to you? [Jake Moore, WeLiveSecurity / ESET]]
  14. Data Encryption on Android with Jetpack Security [Jon Markoff, Google Security Blog]
  15. Jon Callas: Encryption is a technology that rearranges power [Mirko Zorz, Help Net Security]

Infosec bits for week 08/20

  1. Cyber Fitness Takes More Than a Gym Membership & a Crash Diet [Ryan Weeks (Datto CISO), DarkReading/Informa PLC]
  2. Why you can’t bank on backups to fight ransomware anymore [Sean Gallagher, Ars Technica/Condé Nast]
    - see also: How to Protect Your Networks from Ransomware
  3. Three Italian universities hacked by LulzSec_ITA collective [Pierluigi Paganini (ENISA), Security Affairs]
  4. Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world [Catalin Cimpanu, Zero Day]
  5. Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations [Robert Falcone, Palo Alto Networks]
  6. 37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept [Risk Based Security]
  7. Nedbank says 1.7 million customers impacted by breach at third-party provider [Catalin Cimpanu, Zero Day]
    - see also: The Southern African Fraud Prevention Service (especially if you were impacted)
  8. Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers [Eclypsium]
  9. OpenSSH FIDO/U2F Support (search for: “FIDO/U2F Support”)
  10. Encoding Stolen Credit Card Data on Barcodes [Brian Krebs]
  11. Sale of corp.com can expose corporate data [Fahmida Y. Rashid, Duo Security]
  12. Martin and Dorothie Hellman on Love, Crypto & Saving the World [Sara Peters, Dark Reading / Informa PLC]

Infosec bits for week 07/20

  1. Dutch university paid $220,000 ransom to hackers after Christmas attack [Graham Cluley]
    - see also: TA505 Hackers Behind Maastricht University Ransomware Attack
    - and: Response of Maastricht University to FOX-IT report
  2. Denver’s Regis University paid ransom to “malicious actors” behind campus cyberattack [Elizabeth Hernandez, The Denver Post]
    - and at least one with a slightly more positive spin: A week on from the cyber attack, Dundee and Angus College has made excellent progress in re-establishing business as normal.
  3. Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events [NIST NCCoE]
  4. Battling online coronavirus scams with facts [David Ruiz, Malwarebytes Labs]
  5. Cybersecurity in 2020: From secure code to defense in depth [Eric Knorr, CSO / IDG Communications]
  6. The future of DNS security: From extremes to a new equilibrium [Mirko Zorz, Help Net Security]
  7. Protecting Organizations from Customized Phishing Attacks [Alethe Denis (guest author), Tripwire]
  8. Cisco Patches Critical CDP Flaws Affecting Millions of Devices [Sergiu Gatlan, Bleeping Computer]
  9. Unit 42 CTR: Leaked Code from Docker Registries [Jay Chen, Palo Alto Networks]
  10. RobbinHood – the ransomware that brings its own bug [Paul Ducklin, Sophos]
  11. Safer Internet Day [CISA]
    - see also: Social Robots Teach Cyber Safety
  12. The intelligence coup of the century [Greg Miller, The Washington Post]

Infosec bits for week 05/20

  1. Ransomware attacks are causing more downtime than ever before [Danny Palmer, Zero Day]
  2. Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events [NIST National Cybersecurity Center of Excellence (NCCoE)]
  3. New web service can notify companies when their employees get phished [Catalin Cimpanu, Zero Day]
  4. How to protect your privacy from Facebook [Steven J. Vaughan-Nichols, Zero Day]
  5. Cybersecurity: A guide for parents to keep kids safe online [Charlie Osborne, Zero Day]
  6. Microsoft discloses security breach of customer support database [Catalin Cimpanu, Zero Day]
  7. Travelex recovering from ransomware, but more firms at risk of VPN exploit [Bradley Barth, SC News / CyberRisk Alliance]
  8. ProtonVPN apps handed to open source community in transparency push [Charlie Osborne, Zero Day]
  9. Self-driving cars: The hunt for security flaws steps up a gear [Daphne Leprince-Ringuet, Zero Day]
  10. Network Security Perspective on Coronavirus Preparedness [Johannes B. Ullrich, SANS ISC]
  11. Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats [Stephen Hilt et al, Trend Micro research]

Infosec bits for week 04/20

  1. University Hit by Ransomware, Almost All Windows Systems Compromised [Bogdan Popa, SoftNews]
    - see also: Cyber attack – a summary
  2. Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following ‘cyber attack’ [Shaun Nichols, The Register]
    - see also: University of Giessen offline for security reasons
    - and: Open letter of Justus Liebig University Giessen
  3. Proof-of-concept exploits published for the Microsoft-NSA crypto bug [Catalin Cimpanu, Zero Day]
    - see also: Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
    - and: Microsoft Patch Tuesday crypt32.dll Vulnerability Overview
  4. Another reason to hurry with Windows server patches: A new RDP vulnerability [Sean Gallagher, Ars Technica]
  5. Windows 7 end of life: Security risks and what you should do next [Danny Palmer, Zero Day]
    - see also: How To Restrict Internet Access Using Group Policy
  6. Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up [Brian Krebs, Krebs on Security]
    - see also: Sodinokibi Ransomware Publishes Stolen Data for the First Time
  7. From DNS hijacking to domain fronting – SANS security pros offer retrospective on 2019 threat predictions [Emma Woollacott, The Daily Swig/PortSwigger]
  8. Cyber security world first as unique guide is launched [UK NCSC]
    - Get it here: www.cybok.org/resources/
  9. Are universities prepared for cyberattacks? [Study International]
  10. Former Twitter CISO shares his advice for IT security hiring and cybersecurity [Bill Dewiler, Zero Day]
  11. OUT OF CONTROL – How consumers are exploited by the online advertising industry (from: https://www.forbrukerradet.no/out-of-control/) [Forbrukerrådet]

Infosec bits for week 51/19

  1. A decade of hacking: The most notable cyber-security events of the 2010s [Catalin Cimpanu, Zero Day]
  2. The quiet evolution of phishing [Office 365 Threat Research Team, Microsoft]
  3. Latest Microsoft Update Patches New Windows 0-Day Under Active Attack [Swati Khandelwal, The Hacker News]
  4. How South Africa will fight DDoS attacks in 2020 [Jamie McKane, MyBroadband]
  5. The Great $50M African IP Address Heist [Brian Krebs, Krebs on Security]
  6. The VPN is dying, long live zero trust [Neal Weinberg, Network World]
  7. 5 Reasons Why Programmers Should Think like Hackers [The Hacker News]
  8. SQL Murder Mystery [Joon Park, Cathy He and Joe Germuska, Northwestern University Knight Lab]