E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 39/20

Roderick Mooi

2020-09-23 14:40

Surge in DDoS attacks targeting education and academic sector [Ionut Ilascu, Bleeping Computer]
German investigators treating ransomware attack as negligent homicide, reports say [Sean Lyngaas, Cybersccop / Scoop News Group]
Cyber insurer’s security scans reduced ransomware claims by 65% [Lawrence Abrams, Bleeping Computer]
New and improved Security Update Guide! [Microsoft Security Response Center]
A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads [Dan Goodin, Ars Technica]
Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [Catalin Cimpanu, Zero Day]
Cybersecurity Skills Gap Threatens Job Effectiveness Amidst Global Talent Shortage [Cybrary]

Infosec bits for week 38/20

Schalk Peach

2020-09-18 08:59

Tracking Attacks on Critical Infrastructure
- Critical Infrastructure Ransomware Attacks [CARE Lab, Temple University]
- University Project Tracks Ransomware Attacks on Critical Infrastructure [Eduard Kovacs, Security Week]
Latest Data Leaks
- Razer data leak exposes personal information of gamers [Lawrence Abrams, Bleeping Computer]
- Leaky server exposes users of dating site network [Catalin Cimpanu, ZDNet]
- Over 1 Million Patients and Donors Impacted by Inova Health System Data Breach [Alina Bizga, Bitdefender]
- Research Finds Nearly 800,000 Access Keys Exposed Online [Dark Reading]
- Personal data from Experian on 40% of South Africa’s population has been bundled onto a file-sharing website [Gareth Corfield, The Register]
- US Court Documents Published in Ransomware Attack [Sarah Coble, Infosecurity Magazine]
- US staffing firm Artech discloses ransomware attack, data breach [Sergiu Gatlan, Bleeping Computer]
Attack on Academia
- Computer Attack Disables California School District’s System [Associated Press, Republished by Security Week]
- Not for higher education: cybercriminals target academic & research institutions across the world [Check Point Blog]
- Cyber security alert issued following rising attacks on UK academia [NCSC UK]
- Alert: Targeted ransomware attacks on the UK education sector by cyber criminals [NCSC UK]
- GCHQ agency ‘strongly urges’ Brit universities, colleges to protect themselves after spike in ransomware infections [Gareth Corfield, The Register]
- Universities Face Increase in Ransomware Attacks as Students Return [Dan Raywood, Infosecurity Group]
- Leeds-based college group hit by cyber attack [BBC News]
Malware and Ransomware Extortion on the Rise
- SunCrypt ransomware operators leak data of University Hospital New Jersey [Pierluigi Paganini, Security Affairs]
- LockBit ransomware launches data leak site to double-extort victims [Lawrence Abrams, Bleeping Computer]
- New MrbMiner malware has infected thousands of MSSQL databases [Catalin Cimpanu, ZDNet]
General
- Four ways network traffic analysis benefits security teams [Nadeem Zahid, Helpnet Security]
- More Cyberattacks in the First Half of 2020 Than in All of 2019 [Jai Vijayan, Dark Reading]
- Back to Basics: Creating a Culture of Cybersecurity at Work [George Platsis, Security Intelligence]

Infosec bits for week 37/20

Roderick Mooi

2020-09-11 15:22

Top of the news/attacks:
- Northumbria Uni Campus Closed After Serious Cyber-Attack [Phil Muncaster, Infosecurity Magazine]
- DoppelPaymer ransomware hits Newcastle University, leaks data [Sergiu Gatlan, Bleeping Computer]
- Equinix data center giant hit by Netwalker Ransomware, $4.5M ransom [Lawrence Abrams, Bleeping Computer]
- MAZE Claims Attack on US School System [Sarah Coble, Infosecurity Magazine]
- Stefanutti Stocks shuts down IT systems after cyber attack [Admire Moyo, ITWeb]
Patch time:
- Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities [Catalin Cimpanu, Zero Day]
- Intel fixes critical flaw in corporate remote management platform [Sergiu Gatlan, Bleeping Computer]
- Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls [Help Net Security]
Awareness/general:
- Jisc security conference 2020 [free and open to R&E] [Jisc]
- Client privacy and security (Operational network security) – new for 2020 – virtual learning with experts [Irina Matthews, GÉANT Learning and Development]
- BEC Scam Losses Surge as the Number of Attacks Diminish [Chinmay Rautmare, Bank Info Security / Information Security Media Group]
- Digital Education: The cyberrisks of the online classroom [Kaspersky]
- WhatsApp Discloses 6 Bugs via Dedicated Security Site [Elizabeth Montalbano, Threatpost]
- Botnets: A cheat sheet for business users and security admins [Brandon Vigliarolo, TechRepublic]
- 99 Ransomware Problems – and a Decryptor Ain’t One [Mathew J. Schwartz, Bank Info Security]
Interesting reading:
- Most cyber-security reports only focus on the cool threats [Catalin Cimpanu, Zero Day]
- Data Confidentiality Issues and Solutions in Academic Research Computing [Trusted CI]
- A look inside the hacker community that’s vandalizing the web [Paul Bischoff, Comparitech]
- MIT scientists unveil cybersecurity aggregation platform to gauge effective measures [Jonathan Greig, TechRepublic / CBS Interactive]

Infosec bits for week 36/20

Schalk Peach

2020-09-04 09:30

Updates on the Experian Data Leak
- Data from SA’s massive info breach is ‘on the internet’, Experian now admits [Business Insider SA]
- Data from Experian breach dumped on the Internet [Admire Moyot, ITWeb]
- Data breach: Experian identifies files, criminal case under investigation [Ernest Mabuza, Times Live]
More Revelations Regarding Alleged Airtime Theft
- MTN security flaw allows “secret” airtime theft – Industry insider [MyBroadband]
- Big development in Vodacom airtime theft case [MyBroadband]
An Insightful Article Regarding the State of South African Cyber Attacks
- Insight into the cyber threat landscape in South Africa [Accenture]
Other Data Breaches and Leaks
- Unknown commercial entity blamed for NSW driver’s licence data breach [Rootdaemon]
- Details of millions of U.S. Voters leaked to Russia’s Dark Web forum [Pierluigi Paganini, Security Affairs]
- AusCERT says alleged DoE hack came from a third-party [Catalin Cimpanu, ZDNet]
The Snowden Leaks Revisited
- NSA call records collection ruled illegal by US appeals court [Zack Whittaker, TechCrunch]
The 2 Types of Insider Threat
- Are employees the weakest link in your security strategy? Train them! [Joyce Huang, TrendMicro]
- Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts [Lindsey O’Donnell, ThreatPost]
Apple Notarized Malware
- Apple Signs Shlayer, Legitimizes Malware [Dark Reading]
- Apple-notarized malware foils macOS defenses [Zeljka Zorz, Help Net Security]
Exploits in the Wild
- Hackers actively exploiting severe bug in over 300K WordPress sites [Sergiu Gatlan, Bleeping Computer]
- Hackers are backdooring QNAP NAS devices with 3-year old RCE bug [Sergiu Gatlan, Bleeping Computer]
- Attackers abuse Google DNS over HTTPS to download malware [Ax Sharma, Bleeping Computer]
- Cisco fixes critical code execution bug in Jabber for Windows [Sergiu Gatlan, Bleeping Computer]
- Microsoft Warns of New ‘Anubis’ Info-Stealer Distributed in the Wild [Eduard Kovacs, Security Week]
- Cetus: Cryptojacking Worm Targeting Docker Daemons [Aviv Sasson, Palo Alto Networks]
Other (General)
- Can Vulnerability Scanning Replace Penetration Testing? [Waqas, HackRead]
- Hypothesis: Cyber Attackers Are After Your Scientific Research [Curtis Franklin Jr, Dark Reading]
- The Life Cycle of a Compromised (Cloud) Server [Bob McArdle, TrendMicro]
- Safe domain: How to protect your enterprise from DNS hijacking [Vincent D’Angelo, HelpNet Security]

Infosec bits for week 35/20

Roderick Mooi

2020-08-27 14:57

Identify:
- Higher Education CISOs Share COVID-19 Response Stories [Kelly Sheridan, Dark Reading / Informa]
- Digital Attacks on Educational Resources [Daniel Smith, Radware]
- Facebook apologizes to users, businesses for Apple’s monstrous efforts to protect its customers’ privacy [Kieren McCarthy, The Register]
Protect and Detect:
- Under-the-Hoodie: 2020 Research Report [Rapid7]
- Shields Up: A Good Cyber Defense is an Active Defense [MITRE]
- Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme [Catalin Cimpanu, Zero Day]
- CIS Password Policy Guide: Passphrases, Monitoring, and More [CIS (sponsored), CSO / IDG Communications]
- Office 365 now opens attachments in a sandbox to prevent infections [Sergiu Gatlan, Bleeping Computer]
Respond:
- DDoS extortionists target NZX, Moneygram, Braintree, and other financial services [Catalin Cimpanu, Zero Day]
- The State of Exploit Development: 80% of Exploits Publish Faster than CVEs [Jay Chen, Unit42 / Palo Alto]
Recover:
- Most organizations have no Active Directory cyber disaster recovery plan [Help Net Security]
- Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up [Elizabeth Montalbano, Threatpost]
- The Post-Pandemic Future of Cybersecurity [Charles Kapelke, Center for Long-Term Cybersecurity at UC Berkeley]

Infosec bits for week 34/20

Schalk Peach

2020-08-21 08:54

The Experian data leak
- EXPERIAN DATA BREACH [SABRIC]
- Massive data attack exposes personal info of 24 million South Africans [TimesLIVE]
- Experian South Africa discloses data breach impacting 24 million customers [ Catalin Cimpanu, ZDNet]
And Some protection mechanisms against identity fraud and spam SMS
- There’s a new way you can block SMS spam – it takes about 5 seconds and costs up to 50 cents [Business Insider SA]
- SAFPS Protective Registration [South African Fraud Prevention Service]
And more data leaks:
- AI firm exposes 2.5 million sensitive medical records online [Zara Khan, HackRead]
- Updated cryptojacking worm steals AWS credentials [Zeljka Zorz, Help Net Security]
- Maze ransomware gang leaked Canon USA’s stolen files [Pierluigi Paganini, Security Affairs]
- 22-year-old student held for ‘hacking GTU portal, stealing and leaking data’ [The Indian Express]
- 235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak [Davey Winder, Forbes]
- Fearing coronavirus, a Michigan college is tracking its students with a flawed app [Zack Whittaker, Techcrunch]
Malware in the wild
- University of Utah pays $457,000 to ransomware gang [Catalin Cimpanu, ZDNet]
- FritzFrog malware attacks Linux servers over SSH to mine Monero [Ax Sharma, Bleeping Computer]
Other interesting articles:
- WannaRen ransomware author contacts security firm to share decryption key [Catalin Cimpanu, ZDNet]
- 2020 CWE Top 25 Most Dangerous Software Weaknesses [MITRE]
- Ex Tennessee University Employee Sentenced to Over 30 Months for Student Loan Fraud, Aggravated Identity Theft [Alina Bizga, Security Boulevard]
And a remotely exploitable DoS vulnerability in BIND:
- Vulnerability Spotlight: Internet Systems Consortium BIND server DoS [Jon Munshaw, Talos Security]

Infosec bits for week 33/20

Roderick Mooi

2020-08-13 16:03

Higher Ed Attacks / Breaches:
- AAU IT Services – Alert – Information about IT systems after critical IT [security] incident [Aalborg University]
- Hackers publish Australian universities’ ProctorU data [Nina Dillon Britton and Chuyi Wang, Honi Soit]
- Michigan State University discloses credit card theft incident [Sergiu Gatlan, Bleeping Computer]
- IVC Hit With Ransomware Attack; Multiple Systems Impacted and Remain Offline [Richard Montenegro Brown and Jayson Barniske, Calexico Chronicle]
Other Breaches / Leaks:
- Intel investigating breach after 20GB of internal documents leak online [Catalin Cimpanu, Zero Day]
- Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers [Teri Robinson, SC Media]
Awareness / Detection:
- Ransomware: These warning signs could mean you are already under attack [Steve Ranger, Zero Day]
Advisories / Patches:
- Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days [Catalin Cimpanu, Zero Day]
- Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows [Liam Tung, Zero Day]
  - see also: Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
- Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules [Lindsey O’Donnell, Threatpost]
- Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs [Sergiu Gatlan, Bleeping Computer]
- Critical ManageEngine ADSelfService Plus RCE flaw patched [Zeljka Zorz, Help Net Security]
General
- DEF CON 2020 Wrap-Up: Hacking Phones, Cars and Satellites [Eduard Kovacs, Security Week / Wired Business Media]
- Keeping the mysteries of the universe safe from hackers [Indiana University]
- This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height [Shaun Nichols, The Register / Situation Publishing]

Infosec bits for week 31/20

Schalk Peach

2020-07-31 13:45

‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot [Catalin Cimpanu, ZDNet Zero Day]
BootHole issue allows installing a stealthy and persistent malware [Pierluigi Paganini, Security Affairs]
Zoom bug allowed attackers to crack private meeting passwords [Sergiu Gatlan, Bleeping Computer]
Multiple Tor security issues disclosed, more to come [Catalin Cimpanu, ZDNet Zero Day]
Open source F5 Big-IP exploit detector released [Juha Saarinen, it news]
Expanse Researchers Show More Than 8,000 F5 BIG-IP TMUIs Are Still Exposed on the Internet [Expanse]
CISA: Attackers Are Exploiting F5 BIG-IP Vulnerability [Prajeet Nair, Data Breach Today]
Cisco fixes severe flaws in data center management solution [Sergiu Gatlan, Bleeping Computer]
Patch now: Cisco warns of nasty bug in its data center software [Liam Tung, ZDNet]
If you own one of these 45 Netgear devices, replace it [Gareth Corfield, The Register]
Over Half of Universities Suffered Data Breach in Past Year [Phil Muncaster, Infosecurity Magazine]
Introducing PhishingKitTracker [Marco Ramilli]
Microsoft releases open-source Linux version of Procmon tool [Lawrence Abrams, Bleeping Computer]

Infosec bits for week 30/20

Roderick Mooi

2020-07-23 19:01

University of York discloses [third-party] data breach, staff and student records stolen [Charlie Osborne, Zero Day]
‘Crypto’ Scammers Weren’t the First to Crack Twitter [Mathew J. Schwartz, Information Security Media Group]
- see also: Twitter Hacking for Profit and the LoLs
Details and PoC for critical SharePoint RCE flaw released [Zeljka Zorz, Help Net Security]
- see also: SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
Critical SIGred Windows DNS bug gets micropatch after PoCs released [Ionut Ilascu, Bleeping Computer]
New ‘Meow’ attack has wiped dozens of unsecured databases [Ionut Ilascu, Bleeping Computer]
Data Leaks in Online Education: Almost 1 Million Records Exposed [Chase Williams, WizCase]
TLS 1.0 and 1.1 deprecation for Office 365 [Microsoft]
OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory [Robert Falcone, Unit 42 / Palo Alto Networks]
Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See [vpnMentor]
How to use MITRE ATT&CK [Mark Dufresne, Elastic Security]
Understanding the Benefits of the Capability Maturity Model Integration [Nigel Sampson (guest author) / Tripwire]
Why Cyber Ranges Are Effective To Train Your Teams [Mark Stone, IBM / Security Intelligence]
The InfoSec Barrier to AI [Praful Krishna, Dark Reading]
Europeans Aren’t Really Using COVID-19 Contact-Tracing Apps [Gabriel Geiger, Motherboard / VICE]

Infosec bits for week 29/20

Schalk Peach

2020-07-17 13:22

Zoom fixes zero-day RCE bug affecting Windows 7, more updates soon [Ax Sharma, Bleeping Computer]
VMWare XPC Client validation privilege escalation vulnerability [VMWare]
NIST Password Guidelines: What You Need to Know [Josh Horwitz, Infosecurity Magazine]
DigiCert ICA Replacement [DigiCert]
Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans [Ionut Arghire , Security Week]
The Great Twitter Hack
1. Twitter reveals that its own employee tools contributed to unprecedented hack [ Nick Statt, The Verge]
2. Hackers Convinced Twitter Employee to Help Them Hijack Accounts [Joseph Cox, Vice]
EU Court of Justice Deems Privacy Shield Unlawful [Dan Raywood, Infosecurity Magazine]
Top documentary films about hacking and cybersecurity [Vera Iurcu, Avira]