F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Advisories for week 12/19

Roderick Mooi

  1. Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers [Bleeping Computer]
  2. Cisco Patches Critical ‘Default Password’ Bug [Threatpost]
    - Look out for all the NX-OS vulns as well
  3. Intel Advisories
    - Updated Firmware available for: CSME, Server Platform Services, Trusted Execution Engine and Intel® Active Management Technology
    - Check for system firmware updates from your manufacturer
    - Update Intel® Graphics Driver for Windows
  4. *Microsoft March Patch Tuesday comes with fixes for two Windows zero-days [Zero Day]

Infosec bits for week 12/19

Roderick Mooi

  1. Hackers breach admissions files at three private colleges [The Washington Post]
  2. Fighting cybercrime in the research & education sector [In The Field]
  3. The Five Most Dangerous New Attack Techniques and How to Counter Them [RSA Conference]
  4. Google: Chrome zero-day was used together with a Windows 7 zero-day [Zero Day]
    - Patches available from Microsoft
  5. Google reveals “high severity” flaw in macOS kernel [Neowin]
  6. NSA’s Ghidra Reverse Engineering Framework Stirs Up Malware Researchers [Bleeping Computer]
  7. Marriott CEO shares post-mortem on last year’s hack [Zero Day]
  8. Dutch Data Protection Authority chips away at ‘cookie walls,’ declaring they violate GDPR [SC Media]
    - see also: Dispelling GDPR Myths: Avoid the Compliance Trap, Make Real Security/Privacy Gains
  9. Gone in six seconds? Exploiting car alarms [Pen Test Partners]
  10. Facebook’s Data Deals Are Under Criminal Investigation [The New York Times]
    - Facebook in the news again, not surprising :/
     When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security
    - But, When Facebook Goes Down, Don’t Blame Hackers
    - See also: Facebook exploit – Confirm website visitor identities
    - Are you sure you really still want that Facebook account? ;)
  11. W3C approves WebAuthn as the web standard for password-free logins [Venture Beat]
  12. Introducing Firefox Send, Providing Free File Transfers while Keeping your Personal Information Private [Mozilla]
  13. Researchers break digital signatures for most desktop PDF viewers [Zero Day]
  14. Meet the New ‘Public-Interest Cybersecurity Technologist’ [Dark Reading]
  15. StackStorm – From Originull to RCECVE-2019-9580 [Barak Tawily]

Infosec bits for week 08/19

Roderick Mooi

  1. Power Company Has Security Breach Due to Downloaded Game [Bleeping Computer]
    - as if load shedding’s not enough :-/
  2. The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey [SANS]
  3. Facebook broad data collection ruled illegal by German anti-trust office [ZDNet]
  4. What Happens If Russia Cuts Itself Off From the Internet [Wired]
  5. Selecting the Right SOC Model for Your Organization [Gartner]
    - see also: The CIS Critical Security Controls for Effective Cyber Defense
  6. The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme [CNBC]
    - see also: Where’s the Equifax Data? Does It Matter?
  7. Ransomware Attacks Target MSPs to Mass-Infect Customers [Bleeping Computer]
  8. BOV [Bank of Valletta] goes dark after hackers go after €13m [Times of Malta]
  9. Mitigations against Mimikatz Style Attacks [SANS ISC]
  10. How to Test Bro-Sysmon [Salesforce Engineering]
  11. Are airlines putting your data at risk? [Wandera]
  12. Many popular iPhone apps secretly record your screen without asking [Tech Crunch]
  13. Android Phones Can Get Hacked Just by Looking at a PNG Image [The Hacker News]
  14. Spying on Safari in Mojave [Jeff Johnson]

Advisories for week 06/19

Roderick Mooi

  1. Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
    - MS advisory
  2. Google Chrome update contains 58 security fixes
  3. Firefox 65 Released with Updated Content Blocking, MSI Installers, and More
    - but: www.zdnet.com/article/windows-firefox-65-rollout-halted-by-mozilla-av-clash-stopped-users-browsing/
  4. Update for Windows Defender antimalware platform
    - oh wait, Windows 10 might not boot afterwards and the workarounds… hmm, really :-/

Infosec bits for week 06/19

Roderick Mooi

  1. Team America tries to crash Little Rocket Man’s Joanap botnet from within, warns owners of infected boxes [The Register]
  2. Abusing Exchange: One API call away from Domain Admin [dirkjanm.io]
    - see also: You’re an admin! You’re an admin! You’re all admins, thanks to this Microsoft Exchange zero-day and exploit
    - and: Relaying Exchange’s NTLM authentication to domain admin
  3. Facebook pays teens to install VPN that spies on them [TechCrunch]
    - see also: Facebook Has Just Been Caught Spying On Users’ Private Messages And Data — Again
    - and: Why Facebook’s Banned ‘Research’ App Was So Invasive
    - lastly: Apple blocks Facebook from running its internal iOS apps
  4. FaceTime bug lets callers eavesdrop on recipients [SC Magazine]
    - see also: Apple says iOS fix for Group FaceTime bug now coming next week, issues apology
  5. ENISA: Updated network forensics training material [ENISA]
  6. The Cybersecurity Workforce Gap [CSIS]
  7. SpeakUp Linux Backdoor Sets Up for Major Attack [Threatpost]
  8. Unlocking God Mode on x86 Processors [Hackaday]
  9. Understanding Ubiquiti Discovery Service Exposures [Rapid7]
  10. Over 9,000 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653 [Bad Packets Report]
  11. Net neutrality: Federal judges had tough questions for the FCC [The Washington Post]
  12. I used to be a dull John Doe. Thanks to Huawei, I’m now James Bond! [The Register]

Infosec bits for week 04/19

Roderick Mooi

  1. Universities cyber attack each other to test defences [UKAuthority]
    - see also: “It is unrealistic to expect the education system to tighten their security and it will never be hacked again, it is more a case of being one step ahead of the hacker and realising how they will hack this information and then securing it so that they cannot. Using ‘white hackers’ in this situation is a smart idea as they know all the techniques that the hackers will use to creep their way in to this sensitive information. Security is always changing, so it is vital we keep up with it.” – www.itproportal.com/features/education-industry-not-making-the-grade-for-cybersecurity/
  2. Mass email hacker targets Glasgow Caledonian University as students warned to ‘stay vigilant’ amid security fears [The Scottish Sun]
  3. How Universities Can Mitigate IoT Risk on Campus [EdTech]
    - see also: Security refresh teaches James Cook University the value of better visibility
  4. Data breaches, cyberattacks are top global risks alongside natural disasters and climate change [Zero Day Net]
    - Report available at www.weforum.org/reports/the-global-risks-report-2019
    - see also: South African cybersecurity trends for 2019
  5. Collection 1 data breach leaks 773 million records [MyBroadband]
    - Note that this is allegedly a combination of previous breached datasets. Worthwhile reminder though to check whether your information has been involved in a publicised leak(s)/breach(es).
  6. ‘It’s like they took a rug and covered it up’: Flight booking web app used by scores of airlines still vuln to attack – claim [The Register]
  7. Microsoft LAPS – Blue Team / Red Team [SANS ISC]
  8. ICASA’s hearings on its cybersecurity role are on 17 & 18 January: here’s a synopsis of submissions received [Lucien Pierce]
  9. Cybersecurity talent: thinking outside the ‘technical proficiency’ box [Networks Asia]
  10. Google Public DNS now supports DNS-over-TLS [Google Security Blog]
  11. mkcert: valid HTTPS certificates for localhost [Filippo.io]
  12. Windows 7 KMS Activation Issues Caused by Microsoft Mistake, Not an Update [Bleeping Computer]
    - Microsoft article: Activation failures and “not genuine” notifications around January 8, 2019, on volume-licensed Windows 7 KMS clients
  13. Global DNS Hijacking Campaign: DNS Record Manipulation at Scale [FireEye]
  14. 2FA codes can be phished by new pentest tool [Naked Security]
  15. Exclusive: How a Russian firm helped catch an alleged NSA data thief [Politico]
  16. Mondelez sues Zurich over $100m cyberhack insurance claim [The Irish Times]
  17. The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC [Commission Nationale de l’Informatique et des Libertés]
  18. ShmooCon 2019 streams [ShmooCon]

Infosec bits for week 02/19

Roderick Mooi

  1. Security Awareness Made Simple: 2019 Security Awareness Campaign Materials [EDUCAUSE]
    - see also: Information Security Guide: Effective Practices and Solutions for Higher Education
  2. ICASA to hold hearings on cybersecurity [MyBroadband]
    - see also: Top IT security stories in 2018
  3. Hacker steals 10 years worth of data from San Diego school district [ZDNet]
    - Official notice
  4. Ransomware suspected in cyberattack that crippled major US newspapers [ZDNet]
    - see also: Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
  5. JungleSec Ransomware Infects Victims Through IPMI Remote Consoles [Bleeping Computer]
    - see also: Linux Servers Appear Most Affected by IPMI Enabled JungleSec Ransomware Attacks
    - and: The Week in Ransomware – January 4th 2019 – IPMI, FilesLocker, and More
  6. Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks [ZDNet]
    - see also: Users report losing Bitcoin in clever hack of Electrum wallets
  7. Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services [US Department of Justice]
  8. Microsoft, Google Use Artificial Intelligence to Fight Hackers [Fortune]
  9. Raspberry Pi VPN Server: Build Your Own Virtual Private Network [Pi My Life Up]
    - and while you’re at it, consider this: Mmm… Pi-hole…
  10. New hardware-agnostic side-channel attack works against Windows and Linux [ZDNet]
  11. Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie [The Hacker News]
  12. India authorizes 10 agencies to intercept, monitor, and decrypt citizens’ data [ZDNet]
  13. Smart Home – Smart Hack
    - Worth watching – esp. if you’re considering using smart IOT devices in your own home

Infosec bits for week 51/18

Roderick Mooi

  1. Defending your university against the top 3 cyber threats [UK National Cyber Security Centre]
    - see also: How to defend your university against top cyber security threats
  2. Super Micro says external security audit found no evidence of backdoor chips [ZDNet]
    - see also: Audit: No Chinese surveillance implants in Supermicro boards found
  3. Signal: We can’t include a backdoor in our app for the Australian government [ZDNet]
    - see also: What’s actually in Australia’s encryption laws? Everything you need to know
  4. Russian disinformation ops were bigger than we thought [cyberscoop]
  5. Amazon S3 Block Public Access – Another Layer of Protection for Your Accounts and Buckets [AWS]
  6. Researchers Created Fake ‘Master’ Fingerprints to Unlock Smartphones [MOTHERBOARD]
  7. Kubernetes’ first major security hole discovered [ZDNet]
    - Official announcement: The Kubernetes privilege escalation flaw: Innovation still needs IT security expertise
  8. Cyber Intrusion Services Casebook 2018 [CrowdStrike]
    - “Stories from the front lines of Incident Response in 2018 and insights that matter for 2019” – some interesting case studies and useful recommendations starting on page 10…
    - see also: Active Directory Kill Chain Attack & Defense (“This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.”)
  9. Adventures in Video Conferencing Part 5: Where Do We Go from Here? [Project Zero]
  10. Humble Book Bundle: Hacking for the Holidays by No Starch Press
    - “Get Serious Cryptography: A Practical Introduction to Modern Encryption, Black Hat Python, Android Security Internals, and more” from as little as $1

Infosec bits for week 47/18

Roderick Mooi

  1. Attempted cyberattack results in network shutdown at St. Francis Xavier University [Global News]
    - see also: Cryptocoin mining forces St. F.X. to disable IT system
    - and: University shuts down network to thwart Bitcoin cryptojacking scheme
  2. Hacking forces MSU to stop SRC polls [Newsday]
  3. Where Does Your Institution Store—and How Does It Secure—Student Data? [EDUCAUSE]
    - “Show your campus registrars and enrollment managers why cybersecurity matters and how they can work together with IT and information security staff to protect student data.”
    - see also: Privacy at St. Thomas University: What’s public, what’s secret?
  4. Embedding Security in the Academy [EDUCAUSE]
    - “What would “security as a strategic business function” look like in a higher education information security program, and how can we get there?”
  5. Hacking for Defense Class Sets Students on Solutions for National Security Problems [DukeTODAY]
    - see also: Fairmont State University, WV, promotes cybersecurity through ‘Iron Falcon’ space program
    - and: Inside CSAW, a Massive Student-Led Cybersecurity Competition
  6. Encryption flaws in solid state drives enable unauthorized data access [SC Magazine]
    - Detail/research: www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
    - Microsoft advisory: ADV180028 | Guidance for configuring BitLocker to enforce software encryption
  7. Apache alerts developers of remote code execution flaw [cyberscoop]
  8. Apple Modernizes Its Hardware Security with T2 [threatpost]
  9. 1 Thing You Can Do To Make Your Internet Safer And Faster [cloudflare]
  10. GPUs are vulnerable to side-channel attacks [NetworkWorld from IDG]
  11. Why cryptojacking malware is a bigger threat to your PC than you realise [ZDNet]
  12. We don’ need no stinkin’ bounties: VirtualBox guest-to-host escape zero-day lands at GitHub [The Register]
  13. Internet Vulnerability Takes Down Google [ThousandEyes]
  14. How 1Password Works – Getting under the hood [David Schuetz]
  15. The Spy Drone In Your Cloud [Check Point]