E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 39/20

  1. Surge in DDoS attacks targeting education and academic sector [Ionut Ilascu, Bleeping Computer]
  2. German investigators treating ransomware attack as negligent homicide, reports say [Sean Lyngaas, Cybersccop / Scoop News Group]
  3. Cyber insurer’s security scans reduced ransomware claims by 65% [Lawrence Abrams, Bleeping Computer]
  4. New and improved Security Update Guide! [Microsoft Security Response Center]
  5. A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads [Dan Goodin, Ars Technica]
  6. Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [Catalin Cimpanu, Zero Day]
  7. Cybersecurity Skills Gap Threatens Job Effectiveness Amidst Global Talent Shortage [Cybrary]

Infosec bits for week 38/20

  1. Tracking Attacks on Critical Infrastructure
  2. Latest Data Leaks
  3. Attack on Academia
  4. Malware and Ransomware Extortion on the Rise
  5. General

Infosec bits for week 37/20

  1. Top of the news/attacks:
  2. Patch time:
  3. Awareness/general:
  4. Interesting reading:

Infosec bits for week 36/20

Infosec bits for week 35/20

  1. Identify:
  2. Protect and Detect:
  3. Respond:
  4. Recover:

Infosec bits for week 34/20

  1. The Experian data leak
  2. And Some protection mechanisms against identity fraud and spam SMS
  3. And more data leaks:
  4. Malware in the wild
  5. Other interesting articles:
  6. And a remotely exploitable DoS vulnerability in BIND:

Infosec bits for week 33/20

  1. Higher Ed Attacks / Breaches:
  2. Other Breaches / Leaks:
  3. Awareness / Detection:
  4. Advisories / Patches:
  5. General

Infosec bits for week 31/20

  1. ‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot [Catalin Cimpanu, ZDNet Zero Day]
  2. BootHole issue allows installing a stealthy and persistent malware [Pierluigi Paganini, Security Affairs]
  3. Zoom bug allowed attackers to crack private meeting passwords [Sergiu Gatlan, Bleeping Computer]
  4. Multiple Tor security issues disclosed, more to come [Catalin Cimpanu, ZDNet Zero Day]
  5. Open source F5 Big-IP exploit detector released [Juha Saarinen, it news]
  6. Expanse Researchers Show More Than 8,000 F5 BIG-IP TMUIs Are Still Exposed on the Internet [Expanse]
  7. CISA: Attackers Are Exploiting F5 BIG-IP Vulnerability [Prajeet Nair, Data Breach Today]
  8. Cisco fixes severe flaws in data center management solution [Sergiu Gatlan, Bleeping Computer]
  9. Patch now: Cisco warns of nasty bug in its data center software [Liam Tung, ZDNet]
  10. If you own one of these 45 Netgear devices, replace it [Gareth Corfield, The Register]
  11. Over Half of Universities Suffered Data Breach in Past Year [Phil Muncaster, Infosecurity Magazine]
  12. Introducing PhishingKitTracker [Marco Ramilli]
  13. Microsoft releases open-source Linux version of Procmon tool [Lawrence Abrams, Bleeping Computer]

Infosec bits for week 30/20

  1. University of York discloses [third-party] data breach, staff and student records stolen [Charlie Osborne, Zero Day]
  2. ‘Crypto’ Scammers Weren’t the First to Crack Twitter [Mathew J. Schwartz, Information Security Media Group]
    - see also: Twitter Hacking for Profit and the LoLs
  3. Details and PoC for critical SharePoint RCE flaw released [Zeljka Zorz, Help Net Security]
    - see also: SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
  4. Critical SIGred Windows DNS bug gets micropatch after PoCs released [Ionut Ilascu, Bleeping Computer]
  5. New ‘Meow’ attack has wiped dozens of unsecured databases [Ionut Ilascu, Bleeping Computer]
  6. Data Leaks in Online Education: Almost 1 Million Records Exposed [Chase Williams, WizCase]
  7. TLS 1.0 and 1.1 deprecation for Office 365 [Microsoft]
  8. OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory [Robert Falcone, Unit 42 / Palo Alto Networks]
  9. Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See [vpnMentor]
  10. How to use MITRE ATT&CK [Mark Dufresne, Elastic Security]
  11. Understanding the Benefits of the Capability Maturity Model Integration [Nigel Sampson (guest author) / Tripwire]
  12. Why Cyber Ranges Are Effective To Train Your Teams [Mark Stone, IBM / Security Intelligence]
  13. The InfoSec Barrier to AI [Praful Krishna, Dark Reading]
  14. Europeans Aren’t Really Using COVID-19 Contact-Tracing Apps [Gabriel Geiger, Motherboard / VICE]

Infosec bits for week 29/20

  1. Zoom fixes zero-day RCE bug affecting Windows 7, more updates soon [Ax Sharma, Bleeping Computer]
  2. VMWare XPC Client validation privilege escalation vulnerability [VMWare]
  3. NIST Password Guidelines: What You Need to Know [Josh Horwitz, Infosecurity Magazine]
  4. DigiCert ICA Replacement [DigiCert]
  5. Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans [Ionut Arghire , Security Week]
  6. The Great Twitter Hack
    1. Twitter reveals that its own employee tools contributed to unprecedented hack [ Nick Statt, The Verge]
    2. Hackers Convinced Twitter Employee to Help Them Hijack Accounts [Joseph Cox, Vice]
  7. EU Court of Justice Deems Privacy Shield Unlawful [Dan Raywood, Infosecurity Magazine]
  8. Top documentary films about hacking and cybersecurity [Vera Iurcu, Avira]