F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Infosec bits for week 29/19

Roderick Mooi

  1. Monroe College hacked, $2 million in Bitcoin demanded as ransom [Rocco Parascandola (interesting name!) and Thomas Tracy, New York Daily News ]
    - see also: Monroe College Hit With Ransomware, $2 Million Demanded – with interesting note that “The United States Conference of Mayors to make a non-binding agreement to not pay ransomware demands going forward”
  2. Microsoft Office 365: Banned in German schools over privacy fears [Cathrin Schaer, Zero Day]
    - see also: Increasing transparency and customer control over data
    - see also: Microsoft Office brings you new privacy controls
  3. British Airways faces record £183m fine for data breach [BBC News]
  4. HTTP Security Headers – A Complete Guide [Carlie Belmer, Null Sweep]
  5. GnuPG 2.2.17 released to mitigate attacks on keyservers [Werner Koch, GnuPG] – with ref from last week: SKS Keyserver Network Under Attack
  6. Samba Project tells us “What’s New” – SMBv1 Disabled by Default [Rob VandenBrink, SANS Internet Storm Center]
  7. How to securely erase the data off your iPhone or iPad, Android device, Windows PC, hard drives, SSDs, and flash drives [Adrian Kingsley-Hughes, Zero Day]
  8. Adventures building a Self Driving RC Car [Rahul]
    - I know, not directly security-related but it’s cool (and we’re allowed to end our list with something a bit off-topic ;))

Infosec bits for week 28/19

Roderick Mooi

  1. I was 7 words away from being spear-phished [Robert Heaton]
  2. Introducing Elastic SIEM [Mike Paquette, Elasticsearch B.V.]
  3. SKS Keyserver Network Under Attack [Robert J. Hansen]
    - OpenPGP users take note
  4. Women in Security [Various, SC Magazine]
  5. Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers [Brian Krebs]
  6. Florida city fires IT employee after paying ransom demand last week [Catalin Cimpanu, Zero Day]
  7. Virtual Private Networks (VPNs) – Ouch! Newsletter [Phil Johnsey, Palm Beach County]
  8. Deconstructing Apple Card: A Hacker’s Perspective [Ryan McKamie and Swapnil Deshmukh, Certus Cybersecurity Solutions LLC]

Infosec bits for week 26/19

Roderick Mooi

  1. Security Operations Center (SOC) Case Study [Higher Education Information Security Council (HEISC)]
  2. Evidence obtained unlawfully from Facebook – Does it infringe the right to privacy? [Brian Kahn Inc Attorneys, Go Legal]
  3. Awesome Web Security [@qazbnm456] – Curated list of Web Security materials and resources
  4. The Clouds Are Out to Get Me! [John Strand, SANS Pen Test HackFest Summit 2018]
  5. Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework [NIST CSRC]
  6. How spammers use Google services [Maria Vergelis, Kaspersky Daily]
  7. Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds [Catalin Cimpanu, Zero Day]
    - Primary advisory: Update Regarding Vulnerability Recently Discovered In Komodo’s Agama Wallet
  8. Google open sources Private Join and Compute, a tool for sharing confidential data sets [Natalie Gagliordi, Zero Day]
  9. Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness [Mark Simos, Kristina Laidler and John Dellinger; Microsoft Security]
  10. Microsoft warns about email spam campaign abusing Office vulnerability [Catalin Cimpanu, Zero Day]
  11. TCP SACK PANIC – Kernel vulnerabilities – CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 [Red Hat]
    - CVE-2019-11477
  12. The catch-22 that broke the Internet [Brian Barrett, Wired]

Infosec bits for week 24/19

Roderick Mooi

  1. Australian National University hit by huge data breach [Lisa Martin, The Guardian]
  2. Creating a Cybersecurity Strategy for Higher Education [Donald Welch, EDUCAUSE]
  3. Large European Routing Leak Sends Traffic Through China Telecom [Doug Madory, ORACLE]
  4. Sign in with Apple makes privacy a centerpiece [Dennis Fisher, Decipher]
    - see also: Is ‘Sign in with Apple’ Marketing Spin or Privacy Magic? Experts Weigh In
  5. Apple and WhatsApp fight proposal to let spies tap encrypted comms [Liam Tung, Zero Day]
  6. Huge scope of Australia’s new national security laws reveals itself [Stilgherrian, Zero Day]
  7. Corporate Surveillance in Everyday Life [Wolfie Christl, Cracked Labs]
  8. Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware [Krebs on Security]
  9. GitHub brings automated fixes with Dependabot [Fahmida Y. Rashid, Decipher]
  10. Identifying Vulnerabilities in Phishing Kits [Larry Cashdollar, Akamai]

Infosec bits for week 22/19

Roderick Mooi

  1. What Colorado learned from treating a cyberattack like a disaster [Benjamin Freed, Scoop News]
  2. Intense scanning activity detected for BlueKeep RDP flaw [Catalin Cimpanu, Zero Day]
    - MS article: Prevent a worm by updating Remote Desktop Services
    - see also: An Update on the Microsoft Windows RDP “Bluekeep” Vulnerability (CVE-2019-0708) [now with pcaps]
  3. Infected by ransomware? – don’t forget the ‘No More Ransom!’ project (new decryptors available)
  4. Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable [Tara Seals, Threatpost]
    - Cisco advisory: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
  5. Notifying administrators about unhashed password storage [Suzanne Frey, Google]
  6. Senators propose bill requiring warrants to search devices at the border [James Martin, CNET]
    - see also: We Got U.S. Border Officials to Testify Under Oath. Here’s What We Found Out.
  7. 0day “In the Wild” [Ben Hawkes, Project Zero]
  8. Fun With Custom URI Schemes [Dominik Penner]
  9. Video: nmap Service Detection Customization [Didier Stevens, Internet Storm Center]
  10. The winner in the war on Huawei is Samsung [Chris Duckett, Zero Day]

Infosec bits for week 19/19

Roderick Mooi

  1. Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018 [SC Media]
  2. Cybersecurity Stars: In a field dominated by men, female researchers take the lead at CMU [Carnegie Mellon University]
  3. In a first, Israel responds to Hamas hackers with an air strike [Zero Day]
  4. Tracking Phones, Google Is a Dragnet for the Police [New York Times]
  5. Apple and Google battle for the future of privacy [Zero Day]
    - see also: What do tech giants know about you? A new tool shows you just how much
  6. Microsoft recommends using a separate device for administrative tasks [Zero Day]
    - see also: 3 investments Microsoft is making to improve identity management
  7. Amazon can’t yet completely delete Alexa voice transcriptions [Zero Day]
  8. Oh dear. Secret Huawei enterprise router snoop ‘backdoor’ was Telnet service, sighs Vodafone [The Register]
  9. Cryptojacking in the post-Coinhive era [Malwarebytes Labs]
  10. Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak [Ars Technica]
    - see also: Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
  11. Johnny-You-Are-Fired

Infosec bits for week 17/19

Roderick Mooi

  1. The EDUCAUSE Information Security Almanac 2019
    - “This two-page, easy-to-scan almanac shares the most important EDUCAUSE data regarding the state of information security, privacy, and identity management in higher education.”
    - see also: Campus MFA Practices
  2. SANS Top New Attacks and Threat Report
    - “There is no shortage of media coverage of breaches and outages, and there are many places to find backward-looking statistics about how many attacks were launched in cyberspace. What is harder to find is expert analysis of the areas security managers should prioritize in order to increase effectiveness and efficiency in dealing with known threats while also minimizing the risk from emerging attacks. For the past 13 years, the SANS “Five Most Dangerous Attacks” expert panel at the annual RSA Conference has filled that gap. This SANS whitepaper begins with a baseline of statistics from two of the most reliable sources of breach and malware data, then summarizes the expert advice from the SANS instructors on the RSA panel, detailing the emerging threats to look out for in 2019 and beyond.”
  3. McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all [Ars Technica]
  4. IT Security Guidelines for Transport Layer Security [NCSC]
    - “These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS)…These guidelines are technical in nature. They help an organisation choose between all possible configurations of TLS to arrive at a secure configuration. An administrator or supplier then applies this configuration.”
  5. Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent [Business Insider]
    - see also: Facebook security notice announces millions of Instagram users had their passwords stored in plaintext
  6. DNS Hijacking Abuses Trust In Core Internet Service [Talos]
  7. Popular jQuery JavaScript library impacted by prototype pollution flaw [Zero Day]
  8. Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks [@GelosSnake]
  9. How Not to Acknowledge a Data Breach [Krebs on Security]
  10. Dragonblood – Analysing WPA3’s Dragonfly Handshake
  11. Security BSides San Francisco – incl. BSidesSF 2019 videos
  12. Darknet Diaries Ep 36: Jeremy from Marketing (PG L)
    - “A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned.”
    - (podcast account of threader.app/thread/1063423110513418240)

Infosec bits for week 15/19

Roderick Mooi

  1. 3 Ways Universities Can Keep Their Data Safe [EdTech Magazine]
  2. Hackers beat university cyber-defences in two hours [BBC News]
  3. Georgia Tech Data Breach Exposed 1.3 Million Records [Latest Hacking News]
  4. CyberStart: Finding the Best Candidates for Student Cybersecurity Positions…and Beyond! [EDUCAUSE review]
  5. Hacker group has been hijacking DNS traffic on D-Link routers for three months [Zero Day Net]
    - see also: Rapidly multiplying IoT cyber attacks use well-known weaknesses
  6. The Windows 10 security guide: How to safeguard your business [Zero Day Net]
  7. Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print [Threatpost]
  8. Google’s Making It Easier to Safeguard Sensitive Data Troves [WIRED]
  9. Vulnerability in Xiaomi Pre-Installed Security App [Check Point Research]
  10. Making Passwords Simple [SANS OUCH! Newsletter]
  11. A few Ghidra tips for IDA users, part 1 – the decompiler/unreachable code [SANS ISC InfoSec Forums]
  12. Hardenize
    - “With so many security features to deploy and services to configure, we all need help to understand what our networks look like, if they’re configured correctly, and if they’re protected using appropriate security standards. Things break and certificates expire. Our discovery and continuous monitoring services keep an eye on your infrastructure, prevent breakage, and enable you to have exactly the security you want.”
  13. Thumb drive carried by Mar-a-Lago intruder immediately installed files on a PC [Ars Technica]
    - see also: Mar-a-Lago’s Security Problems Go Way Beyond a Thumb Drive

Advisories for week 12/19

Roderick Mooi

  1. Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers [Bleeping Computer]
  2. Cisco Patches Critical ‘Default Password’ Bug [Threatpost]
    - Look out for all the NX-OS vulns as well
  3. Intel Advisories
    - Updated Firmware available for: CSME, Server Platform Services, Trusted Execution Engine and Intel® Active Management Technology
    - Check for system firmware updates from your manufacturer
    - Update Intel® Graphics Driver for Windows
  4. *Microsoft March Patch Tuesday comes with fixes for two Windows zero-days [Zero Day]

Infosec bits for week 12/19

Roderick Mooi

  1. Hackers breach admissions files at three private colleges [The Washington Post]
  2. Fighting cybercrime in the research & education sector [In The Field]
  3. The Five Most Dangerous New Attack Techniques and How to Counter Them [RSA Conference]
  4. Google: Chrome zero-day was used together with a Windows 7 zero-day [Zero Day]
    - Patches available from Microsoft
  5. Google reveals “high severity” flaw in macOS kernel [Neowin]
  6. NSA’s Ghidra Reverse Engineering Framework Stirs Up Malware Researchers [Bleeping Computer]
  7. Marriott CEO shares post-mortem on last year’s hack [Zero Day]
  8. Dutch Data Protection Authority chips away at ‘cookie walls,’ declaring they violate GDPR [SC Media]
    - see also: Dispelling GDPR Myths: Avoid the Compliance Trap, Make Real Security/Privacy Gains
  9. Gone in six seconds? Exploiting car alarms [Pen Test Partners]
  10. Facebook’s Data Deals Are Under Criminal Investigation [The New York Times]
    - Facebook in the news again, not surprising :/
     When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security
    - But, When Facebook Goes Down, Don’t Blame Hackers
    - See also: Facebook exploit – Confirm website visitor identities
    - Are you sure you really still want that Facebook account? ;)
  11. W3C approves WebAuthn as the web standard for password-free logins [Venture Beat]
  12. Introducing Firefox Send, Providing Free File Transfers while Keeping your Personal Information Private [Mozilla]
  13. Researchers break digital signatures for most desktop PDF viewers [Zero Day]
  14. Meet the New ‘Public-Interest Cybersecurity Technologist’ [Dark Reading]
  15. StackStorm – From Originull to RCECVE-2019-9580 [Barak Tawily]