F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Infosec bits for week 19/19

Roderick Mooi

  1. Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018 [SC Media]
  2. Cybersecurity Stars: In a field dominated by men, female researchers take the lead at CMU [Carnegie Mellon University]
  3. In a first, Israel responds to Hamas hackers with an air strike [Zero Day]
  4. Tracking Phones, Google Is a Dragnet for the Police [New York Times]
  5. Apple and Google battle for the future of privacy [Zero Day]
    - see also: What do tech giants know about you? A new tool shows you just how much
  6. Microsoft recommends using a separate device for administrative tasks [Zero Day]
    - see also: 3 investments Microsoft is making to improve identity management
  7. Amazon can’t yet completely delete Alexa voice transcriptions [Zero Day]
  8. Oh dear. Secret Huawei enterprise router snoop ‘backdoor’ was Telnet service, sighs Vodafone [The Register]
  9. Cryptojacking in the post-Coinhive era [Malwarebytes Labs]
  10. Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak [Ars Technica]
    - see also: Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
  11. Johnny-You-Are-Fired

Infosec bits for week 17/19

Roderick Mooi

  1. The EDUCAUSE Information Security Almanac 2019
    - “This two-page, easy-to-scan almanac shares the most important EDUCAUSE data regarding the state of information security, privacy, and identity management in higher education.”
    - see also: Campus MFA Practices
  2. SANS Top New Attacks and Threat Report
    - “There is no shortage of media coverage of breaches and outages, and there are many places to find backward-looking statistics about how many attacks were launched in cyberspace. What is harder to find is expert analysis of the areas security managers should prioritize in order to increase effectiveness and efficiency in dealing with known threats while also minimizing the risk from emerging attacks. For the past 13 years, the SANS “Five Most Dangerous Attacks” expert panel at the annual RSA Conference has filled that gap. This SANS whitepaper begins with a baseline of statistics from two of the most reliable sources of breach and malware data, then summarizes the expert advice from the SANS instructors on the RSA panel, detailing the emerging threats to look out for in 2019 and beyond.”
  3. McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all [Ars Technica]
  4. IT Security Guidelines for Transport Layer Security [NCSC]
    - “These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS)…These guidelines are technical in nature. They help an organisation choose between all possible configurations of TLS to arrive at a secure configuration. An administrator or supplier then applies this configuration.”
  5. Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent [Business Insider]
    - see also: Facebook security notice announces millions of Instagram users had their passwords stored in plaintext
  6. DNS Hijacking Abuses Trust In Core Internet Service [Talos]
  7. Popular jQuery JavaScript library impacted by prototype pollution flaw [Zero Day]
  8. Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks [@GelosSnake]
  9. How Not to Acknowledge a Data Breach [Krebs on Security]
  10. Dragonblood – Analysing WPA3’s Dragonfly Handshake
  11. Security BSides San Francisco – incl. BSidesSF 2019 videos
  12. Darknet Diaries Ep 36: Jeremy from Marketing (PG L)
    - “A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned.”
    - (podcast account of threader.app/thread/1063423110513418240)

Infosec bits for week 15/19

Roderick Mooi

  1. 3 Ways Universities Can Keep Their Data Safe [EdTech Magazine]
  2. Hackers beat university cyber-defences in two hours [BBC News]
  3. Georgia Tech Data Breach Exposed 1.3 Million Records [Latest Hacking News]
  4. CyberStart: Finding the Best Candidates for Student Cybersecurity Positions…and Beyond! [EDUCAUSE review]
  5. Hacker group has been hijacking DNS traffic on D-Link routers for three months [Zero Day Net]
    - see also: Rapidly multiplying IoT cyber attacks use well-known weaknesses
  6. The Windows 10 security guide: How to safeguard your business [Zero Day Net]
  7. Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print [Threatpost]
  8. Google’s Making It Easier to Safeguard Sensitive Data Troves [WIRED]
  9. Vulnerability in Xiaomi Pre-Installed Security App [Check Point Research]
  10. Making Passwords Simple [SANS OUCH! Newsletter]
  11. A few Ghidra tips for IDA users, part 1 – the decompiler/unreachable code [SANS ISC InfoSec Forums]
  12. Hardenize
    - “With so many security features to deploy and services to configure, we all need help to understand what our networks look like, if they’re configured correctly, and if they’re protected using appropriate security standards. Things break and certificates expire. Our discovery and continuous monitoring services keep an eye on your infrastructure, prevent breakage, and enable you to have exactly the security you want.”
  13. Thumb drive carried by Mar-a-Lago intruder immediately installed files on a PC [Ars Technica]
    - see also: Mar-a-Lago’s Security Problems Go Way Beyond a Thumb Drive

Advisories for week 12/19

Roderick Mooi

  1. Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers [Bleeping Computer]
  2. Cisco Patches Critical ‘Default Password’ Bug [Threatpost]
    - Look out for all the NX-OS vulns as well
  3. Intel Advisories
    - Updated Firmware available for: CSME, Server Platform Services, Trusted Execution Engine and Intel® Active Management Technology
    - Check for system firmware updates from your manufacturer
    - Update Intel® Graphics Driver for Windows
  4. *Microsoft March Patch Tuesday comes with fixes for two Windows zero-days [Zero Day]

Infosec bits for week 12/19

Roderick Mooi

  1. Hackers breach admissions files at three private colleges [The Washington Post]
  2. Fighting cybercrime in the research & education sector [In The Field]
  3. The Five Most Dangerous New Attack Techniques and How to Counter Them [RSA Conference]
  4. Google: Chrome zero-day was used together with a Windows 7 zero-day [Zero Day]
    - Patches available from Microsoft
  5. Google reveals “high severity” flaw in macOS kernel [Neowin]
  6. NSA’s Ghidra Reverse Engineering Framework Stirs Up Malware Researchers [Bleeping Computer]
  7. Marriott CEO shares post-mortem on last year’s hack [Zero Day]
  8. Dutch Data Protection Authority chips away at ‘cookie walls,’ declaring they violate GDPR [SC Media]
    - see also: Dispelling GDPR Myths: Avoid the Compliance Trap, Make Real Security/Privacy Gains
  9. Gone in six seconds? Exploiting car alarms [Pen Test Partners]
  10. Facebook’s Data Deals Are Under Criminal Investigation [The New York Times]
    - Facebook in the news again, not surprising :/
     When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security
    - But, When Facebook Goes Down, Don’t Blame Hackers
    - See also: Facebook exploit – Confirm website visitor identities
    - Are you sure you really still want that Facebook account? ;)
  11. W3C approves WebAuthn as the web standard for password-free logins [Venture Beat]
  12. Introducing Firefox Send, Providing Free File Transfers while Keeping your Personal Information Private [Mozilla]
  13. Researchers break digital signatures for most desktop PDF viewers [Zero Day]
  14. Meet the New ‘Public-Interest Cybersecurity Technologist’ [Dark Reading]
  15. StackStorm – From Originull to RCECVE-2019-9580 [Barak Tawily]

Infosec bits for week 08/19

Roderick Mooi

  1. Power Company Has Security Breach Due to Downloaded Game [Bleeping Computer]
    - as if load shedding’s not enough :-/
  2. The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey [SANS]
  3. Facebook broad data collection ruled illegal by German anti-trust office [ZDNet]
  4. What Happens If Russia Cuts Itself Off From the Internet [Wired]
  5. Selecting the Right SOC Model for Your Organization [Gartner]
    - see also: The CIS Critical Security Controls for Effective Cyber Defense
  6. The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme [CNBC]
    - see also: Where’s the Equifax Data? Does It Matter?
  7. Ransomware Attacks Target MSPs to Mass-Infect Customers [Bleeping Computer]
  8. BOV [Bank of Valletta] goes dark after hackers go after €13m [Times of Malta]
  9. Mitigations against Mimikatz Style Attacks [SANS ISC]
  10. How to Test Bro-Sysmon [Salesforce Engineering]
  11. Are airlines putting your data at risk? [Wandera]
  12. Many popular iPhone apps secretly record your screen without asking [Tech Crunch]
  13. Android Phones Can Get Hacked Just by Looking at a PNG Image [The Hacker News]
  14. Spying on Safari in Mojave [Jeff Johnson]

Advisories for week 06/19

Roderick Mooi

  1. Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
    - MS advisory
  2. Google Chrome update contains 58 security fixes
  3. Firefox 65 Released with Updated Content Blocking, MSI Installers, and More
    - but: www.zdnet.com/article/windows-firefox-65-rollout-halted-by-mozilla-av-clash-stopped-users-browsing/
  4. Update for Windows Defender antimalware platform
    - oh wait, Windows 10 might not boot afterwards and the workarounds… hmm, really :-/

Infosec bits for week 06/19

Roderick Mooi

  1. Team America tries to crash Little Rocket Man’s Joanap botnet from within, warns owners of infected boxes [The Register]
  2. Abusing Exchange: One API call away from Domain Admin [dirkjanm.io]
    - see also: You’re an admin! You’re an admin! You’re all admins, thanks to this Microsoft Exchange zero-day and exploit
    - and: Relaying Exchange’s NTLM authentication to domain admin
  3. Facebook pays teens to install VPN that spies on them [TechCrunch]
    - see also: Facebook Has Just Been Caught Spying On Users’ Private Messages And Data — Again
    - and: Why Facebook’s Banned ‘Research’ App Was So Invasive
    - lastly: Apple blocks Facebook from running its internal iOS apps
  4. FaceTime bug lets callers eavesdrop on recipients [SC Magazine]
    - see also: Apple says iOS fix for Group FaceTime bug now coming next week, issues apology
  5. ENISA: Updated network forensics training material [ENISA]
  6. The Cybersecurity Workforce Gap [CSIS]
  7. SpeakUp Linux Backdoor Sets Up for Major Attack [Threatpost]
  8. Unlocking God Mode on x86 Processors [Hackaday]
  9. Understanding Ubiquiti Discovery Service Exposures [Rapid7]
  10. Over 9,000 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653 [Bad Packets Report]
  11. Net neutrality: Federal judges had tough questions for the FCC [The Washington Post]
  12. I used to be a dull John Doe. Thanks to Huawei, I’m now James Bond! [The Register]

Infosec bits for week 04/19

Roderick Mooi

  1. Universities cyber attack each other to test defences [UKAuthority]
    - see also: “It is unrealistic to expect the education system to tighten their security and it will never be hacked again, it is more a case of being one step ahead of the hacker and realising how they will hack this information and then securing it so that they cannot. Using ‘white hackers’ in this situation is a smart idea as they know all the techniques that the hackers will use to creep their way in to this sensitive information. Security is always changing, so it is vital we keep up with it.” – www.itproportal.com/features/education-industry-not-making-the-grade-for-cybersecurity/
  2. Mass email hacker targets Glasgow Caledonian University as students warned to ‘stay vigilant’ amid security fears [The Scottish Sun]
  3. How Universities Can Mitigate IoT Risk on Campus [EdTech]
    - see also: Security refresh teaches James Cook University the value of better visibility
  4. Data breaches, cyberattacks are top global risks alongside natural disasters and climate change [Zero Day Net]
    - Report available at www.weforum.org/reports/the-global-risks-report-2019
    - see also: South African cybersecurity trends for 2019
  5. Collection 1 data breach leaks 773 million records [MyBroadband]
    - Note that this is allegedly a combination of previous breached datasets. Worthwhile reminder though to check whether your information has been involved in a publicised leak(s)/breach(es).
  6. ‘It’s like they took a rug and covered it up’: Flight booking web app used by scores of airlines still vuln to attack – claim [The Register]
  7. Microsoft LAPS – Blue Team / Red Team [SANS ISC]
  8. ICASA’s hearings on its cybersecurity role are on 17 & 18 January: here’s a synopsis of submissions received [Lucien Pierce]
  9. Cybersecurity talent: thinking outside the ‘technical proficiency’ box [Networks Asia]
  10. Google Public DNS now supports DNS-over-TLS [Google Security Blog]
  11. mkcert: valid HTTPS certificates for localhost [Filippo.io]
  12. Windows 7 KMS Activation Issues Caused by Microsoft Mistake, Not an Update [Bleeping Computer]
    - Microsoft article: Activation failures and “not genuine” notifications around January 8, 2019, on volume-licensed Windows 7 KMS clients
  13. Global DNS Hijacking Campaign: DNS Record Manipulation at Scale [FireEye]
  14. 2FA codes can be phished by new pentest tool [Naked Security]
  15. Exclusive: How a Russian firm helped catch an alleged NSA data thief [Politico]
  16. Mondelez sues Zurich over $100m cyberhack insurance claim [The Irish Times]
  17. The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC [Commission Nationale de l’Informatique et des Libertés]
  18. ShmooCon 2019 streams [ShmooCon]