F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Infosec bits for week 04/20

Roderick Mooi

  1. University Hit by Ransomware, Almost All Windows Systems Compromised [Bogdan Popa, SoftNews]
    - see also: Cyber attack – a summary
  2. Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following ‘cyber attack’ [Shaun Nichols, The Register]
    - see also: University of Giessen offline for security reasons
    - and: Open letter of Justus Liebig University Giessen
  3. Proof-of-concept exploits published for the Microsoft-NSA crypto bug [Catalin Cimpanu, Zero Day]
    - see also: Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
    - and: Microsoft Patch Tuesday crypt32.dll Vulnerability Overview
  4. Another reason to hurry with Windows server patches: A new RDP vulnerability [Sean Gallagher, Ars Technica]
  5. Windows 7 end of life: Security risks and what you should do next [Danny Palmer, Zero Day]
    - see also: How To Restrict Internet Access Using Group Policy
  6. Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up [Brian Krebs, Krebs on Security]
    - see also: Sodinokibi Ransomware Publishes Stolen Data for the First Time
  7. From DNS hijacking to domain fronting – SANS security pros offer retrospective on 2019 threat predictions [Emma Woollacott, The Daily Swig/PortSwigger]
  8. Cyber security world first as unique guide is launched [UK NCSC]
    - Get it here: www.cybok.org/resources/
  9. Are universities prepared for cyberattacks? [Study International]
  10. Former Twitter CISO shares his advice for IT security hiring and cybersecurity [Bill Dewiler, Zero Day]
  11. OUT OF CONTROL – How consumers are exploited by the online advertising industry (from: https://www.forbrukerradet.no/out-of-control/) [Forbrukerrådet]

Infosec bits for week 51/19

Roderick Mooi

  1. A decade of hacking: The most notable cyber-security events of the 2010s [Catalin Cimpanu, Zero Day]
  2. The quiet evolution of phishing [Office 365 Threat Research Team, Microsoft]
  3. Latest Microsoft Update Patches New Windows 0-Day Under Active Attack [Swati Khandelwal, The Hacker News]
  4. How South Africa will fight DDoS attacks in 2020 [Jamie McKane, MyBroadband]
  5. The Great $50M African IP Address Heist [Brian Krebs, Krebs on Security]
  6. The VPN is dying, long live zero trust [Neal Weinberg, Network World]
  7. 5 Reasons Why Programmers Should Think like Hackers [The Hacker News]
  8. SQL Murder Mystery [Joon Park, Cathy He and Joe Germuska, Northwestern University Knight Lab]

Infosec bits for week 49/19

Roderick Mooi

  1. Charting Your Course: Cyber Security Governance [National Cyber Security Centre – New Zealand]
    - “The steps outlined in Charting Your Course define the principles of a cyber security programme and help to focus engagement between senior leadership and security practitioners.”
  2. NIST Developing Hardware Security Guidelines for Enterprises [Dennis Fisher, Duo Security] – new draft guidance on supply chain security
    - find it here: Validating the Integrity of Servers and Client Devices
  3. SQL Injection Errors No Longer the Top Software Security Issue [Jai Vijayan, Dark Reading]
    - 2019 CWE Top 25 Most Dangerous Software Errors
    - see also: Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications
  4. OUCH! Newsletter: Messaging / Smishing Attacks [Jen Fox]
  5. Incident Response Casefile – A successful BEC leveraging lookalike domains [Matan Ben David, Check Point Research]
  6. Fundamentals of Cross Domain Solutions [Australian Cyber Security Centre]
  7. Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data [Catalin Cimpanu, Zero Day]
    - see also: Keeping your account safe from malicious activity
  8. Alert (AA19-339A) – Dridex Malware [US Cybersecurity and Infrastructure Security Agency]
  9. New Disney Plus Streaming Service Hit By Credential Stuffing Cyber Attack [Nicole Lindsey, CPO Magazine / Data Privacy Asia]
  10. Avast Online Security and Avast Secure Browser are spying on you [Wladimir Palant]
  11. Lessons learned from playing a willing phish [Jan Kopriva, SANS ISC]

Infosec bits for week 48/19

Roderick Mooi

  1. Cyber Security Challenge 2019: Qualifying Teams [SANReN]
    - Our champions will compete head-to-head at the CHPC conference next week in an attack/defend contest and solving various CTF challenges
  2. Black Friday Shopping: Protect Your Identity [CISA]
  3. PN-G [schools district] pays ransom to regain access to district files [Isaac Windes, Beaumont Enterprise / Hearst Newspapers]
  4. Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak [Tara Seals, Threatpost]
    - see also: Data Enrichment Industry Responsible for a Massive Data Leak Affecting 1.2 Billion Individuals
  5. ICANN races towards regulatory capture: the great .ORG heist [Sam Klein, SJ’s Lingest Now]
  6. Twitter will finally let users disable SMS as default 2FA method [Catalin Cimpanu, Zero Day]
  7. Lights That Warn Planes of Obstacles Were Exposed to Open Internet [Joseph Cox, Motherboard / VICE]
  8. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers [Andy Greenberg (book)]
  9. Russia bans sale of gadgets without Russian-made software [BBC News]
  10. Local Malware Analysis with Malice [Guy Bruneau, SANS]

Infosec bits for week 47/19

Roderick Mooi

  1. Give Me Security, Give Me Convenience, or Give Me Both! [Joe Galanek, EDUCAUSE]
    - see also: Education before Regulation: Empowering Students to Question Their Data Privacy
  2. Ransomware forces New Mexico school district to scrub 30,000 devices [Colin Wood, Scoop News Group]
  3. Major ASP.NET hosting provider infected by ransomware [Catalin Cimpanu, Zero Day]
  4. Who Do You Believe? Conflicting Stories About Pemex Ransomware Attack Impacts [Bruce Sussman, SecureWorld / Seguro Group]
    - see also: Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
  5. Google Enlists Outside Help to Clean Up Android’s Malware Mess [Lily Hay Newman, WIRED / Condé Nast]
    - see also: The App Defense Alliance: Bringing the security industry together to fight bad apps
  6. Microsoft vows to ‘honor’ California’s sweeping privacy law across entire US [Makena Kelly, The Verge / Vox Media]
  7. Amazon fixes Ring Video Doorbell wi-fi security vulnerability [Danny Palmer, Zero Day]
  8. Trend Micro hit with insider attack [Doug Olenick, SC Magazine / CyberRisk Alliance]
  9. Google: You can trust us with the medical data you didn’t know we already had [Updated] [Jon Brodkin, Ars Technica / Condé Nast]
  10. OUCH! Newsletter: Shopping Online Securely [Lenny Zeltser (guest editor), SANS Security Awareness]
  11. The Way America Votes Is Broken. In One Rural County, a Nonprofit Showed a Way Forward. [Jessica Huseman, ProPublica]

Infosec bits for week 45/19

Roderick Mooi

  1. Over 500 US schools were hit by ransomware in 2019 [Catalin Cimpanu, Zero Day]
    - see also: At least 13 managed service providers were used to push ransomware this year
  2. Utah renewables company was hit by rare cyberattack in March [Sean Lyngaas, Scoop News Group]
  3. Office 365 Users Targeted by Voicemail Scam Pages [Oliver Devane and Rafael Pena, McAfee]
  4. Thousands of QNAP NAS devices have been infected with the QSnatch malware [Catalin Cimpanu, Zero Day]
  5. First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild [Mohit Kumar, The Hacker News]
  6. Google promises to replace Home devices bricked by flawed firmware update [Charlie Osborne, Zero Day]
  7. Episode 165: Oh, Canada! Independent Security Researchers Feel the Chill Up North [Paul Roberts, The Security Ledger]
  8. Five months after returning rental car, man still has remote control [Dan Goodin, Ars Technica / Condé Nast]
    - see also: The perils of security and how I finally resolved my Amazon fraud
  9. MESSAGETAP: Who’s Reading Your Text Messages? [Raymond Leong, Dan Perez and Tyler Dean, FireEye Mandiant]
  10. The Ransomware Superhero of Normal, Illinois [Benjamin Marra, ProPublica]

Infosec bits for week 44/19

Roderick Mooi

  1. City of Joburg shuts down all systems after cyber attack demanding bitcoin ransom [Riaan Grobler, News24]
    - see also: City of Johannesburg held for ransom by hacker gang
  2. Liquid Telecom fights off massive DDoS attack — over 100Gbps [Jan Vermeulen, MyBroadband]
    - see also: South African banks hit by massive DDoS attack
  3. EDUCAUSE 2019: In OmniSOC, Colleges Build a Stronger Defense, Together [Amy Burroughs, EdTech Magazine]
  4. German Automation Giant Still Down After Ransomware Attack [Phil Muncaster, Infosecurity Magazine]
    - see also: Italians Rocked by Ransomware
  5. DNS Security: Threat Modeling DNSSEC, DoT, and DoH [JSchauma, Netmeister]
  6. Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone [BBC News]
    - see also: Samsung will begin patching fingerprint scanner security flaw within 24 hours
  7. “BriansClub” Hack Rescues 26M Stolen Cards [Brian Krebs, Krebs on Security]
  8. Cyber War Between Iran and United States Could Have Far-Reaching Implications [Nicole Lindsey, CPO Magazine]
  9. Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs [Kelly Sheridan, Dark Reading]
  10. Your Supply Chain Doesn’t End At Receiving: How Do You Decommission Network Equipment? [Johannes B. Ullrich, SANS ISC]
  11. The US nuclear forces’ Dr. Strangelove-era messaging system finally got rid of its floppy disks [Valerie Insinna, C4ISRNET]

Infosec bits for week 42/19

Roderick Mooi

  1. Free Resources for National Cybersecurity Awareness Month 2019 [Infosec Institute]
  2. Security Education Companion [Electronic Frontier Foundation]
  3. Higher Education Community Vendor Assessment Toolkit [Higher Education Information Security Council (HEISC), Community]
  4. National Student Clearinghouse Playbooks [National Student Clearinghouse]
    - includes a DDoS and Ransomware incident response playbook
  5. Never Trust a Platform to Put Privacy Ahead of Profit [Lily Hay Newman, WIRED]
    - see also: Twitter Uses Phone Numbers, Emails to Sell Ads
  6. The broken record: Why Barr’s call against end-to-end encryption is nuts [Sean Gallagher, Ars Technica]
  7. Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move [Sergiu Gatlan, Bleeping Computer]
    - see also: DNS-over-HTTPS causes more problems than it solves, experts say
  8. AIG says its cyber insurance plans don’t cover criminal acts; wants lawsuit tossed [Jeff Stone, Cyberscoop]
  9. Vulnerabilities exploited in VPN products used worldwide [National Cyber Security Centre UK]
  10. State of Ransomware in the U.S.: 2019 Report for Q1 to Q3 [Emsisoft Malware Lab]
  11. Linux to get kernel ‘lockdown’ feature [Catalin Cimpanu, Zero Day]
  12. Report reveals play-by-play of first U.S. grid cyberattack [Blake Sobczak, E&E News]

Infosec bits for week 39/19

Roderick Mooi

  1. Wind, Trees, and Security Awareness [Ben Woelk]
  2. Ransomware Strikes 49 School Districts & Colleges in 2019 [Kelly Sheridan, Dark Reading]
  3. Rica has been declared unlawful [Kaunda Selisho, The Citizen]
  4. 2019 CWE Top 25 Most Dangerous Software Errors (updated 18 September) [MITRE]
  5. Microsoft releases out-of-band security update to fix IE zero-day & Defender bug [Catalin Cimpanu, Zero Day]
  6. High-severity vulnerability in vBulletin is being actively exploited [Dan Goodin, Ars Technica]
  7. Iowa officials claim confusion over scope led to arrest of pen-testers [Sean Gallagher, Ars Technica]
  8. Emotet Trojan Evolves Since Being Reawakend, Here is What We Know [Lawrence Abrams, Bleeping Computer]
    - see also: Emotet malspam is back
  9. Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices [Hooman Mohajeri Moghaddam et. al.]
    - full paper
    - see also: Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach
  10. The NSA Is Running a Satellite Hacking Experiment [Patrick Ducker, Defense One]

Infosec bits for week 37/19

Roderick Mooi

  1. Who’ll benefit from the Regis University cyberattack? The Denver school’s cybersecurity students. [Elizabeth Hernandez, The Denver Post]
  2. Ransomware shuts down classes, childcare centers in Flagstaff, Arizona [Colin Wood, Scoop News Group]
    - see also: Back to school: With latest attack, ransomware cancels classes in Flagstaff
  3. More than 99% of cyberattacks rely on human interaction [Help Net Security]
  4. Cyber-security incident at US power grid entity linked to unpatched firewalls [Catalin Cimpanu, Zero Day]
  5. MANRS Observatory: Monitoring the State of Internet Routing Security [Andrei Robachevsky, Internet Society]
    - find it here: observatory.manrs.org/
  6. BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks [Mohit Kumar, Teh Hacker News]
  7. Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks [Mohit Kumar, Teh Hacker News]
  8. Security hole opens a billion Android users to advanced SMS phishing attacks [Help Net Security]
  9. Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation [Andrea Fortuna]
  10. Twitter disables SMS-to-tweet feature after its CEO got hacked last week [Catalin Cimpanu, Zero Day]
  11. Why 5G requires new approaches to cybersecurity [Tom Wheeler and David Simpson, The Brookings Institution]