9283 8B4A 87FE DC6E C327 EF05 70A8 B78D 1623 3FB5

Infosec bits for week 41/18

Roderick Mooi

  1. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies [Bloomberg]
    - so for the story of the week, which side do you choose? Theory, truth or conspiracy?
    - AWS
    - Apple
    - see also: Supply Chain Security Speculation and Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?
    - and if you can’t get enough: hn.algolia.com/?query=supermicro
  2. Facebook Could Be Fined $1.63 Billion by European Privacy Regulators Over Latest Data Breach, Report Says [FORTUNE]
    - Security Update
    - Hope I don’t have one of those 50m accounts :-/
  3. Google+ Is Shutting Down After a Security Bug Exposed User Info [MotherBoard]
    - Google+ Breach — What Happened, Who Was Impacted And How To Delete Your Account [Forbes]
    - and if you have a WSJ subscription
    - Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+ [Google]
  4. Microsoft Has Pulled the Windows 10 October 2018 Update [Bleeping Computer]
    - Microsoft update
  5. Get Cyber Skilled [ECSM]
    - see also: IT security top tips
    and PDF guide
  6. How to turn your people into your best defence [TEISS] – which links to: Free ESET Cybersecurity Awareness Training (might be cool?)
  7. 945 data breaches led to compromise of 4.5 billion data records in first half of 2018 [Help Net Security]
    - get the report here
    - see also: Why 31% of data breaches lead to employees getting fired [TechRepublic]
    - and: Heathrow fined for USB stick data breach
  8. APT38: Details on New North Korean Regime-Backed Threat Group [FireEye]
  9. Four critical KPIs for securing your IT environment [Help Net Security]
  10. SIEM, UBA, UEBA… If you’re suffering netsec acronym overload, then here’s our handy guide [The Register]
  11. It’s 2018, and network middleware still can’t handle TLS without breaking encryption [Zero Day]
  12. Spectre and Meltdown Hardware Protection Added to Intel’s 9th Gen CPUs [Bleeping Computer]
  13. Intel ME Manufacturing Mode: obscured dangers and their relationship to Apple MacBook vulnerability CVE-2018-4251 [Positive Technologies]
  14. Identifying a phisher [SANS ISC]

Infosec bits for week 39/18

Roderick Mooi

  1. Infinite Campus DDoS attack impedes access to student data [Zero Day]
  2. Education Department warns that students on financial aid are being targeted in phishing attacks [The Washington Post]
    - see also: ifap.ed.gov/eannouncements/083118ActivePhishingCampaignTargetStudentEmailAccount.html
  3. One Way Office 365 Phishing Attacks Are Getting Sneakier [Redmond Magazine]
    - see also: www.avanan.com/resources/phishpoint-attack
    - and: healthitsecurity.com/news/phishing-attacks-that-impersonate-trusted-individuals-on-the-rise
  4. Dutch expelled Russians over alleged novichok lab hacking plot [The Guardian]
    - see also: arstechnica.com/information-technology/2018/09/russians-tried-to-hack-swiss-lab-testing-samples-from-skripal-attack/
    - and: www.bloomberg.com/view/articles/2018-09-18/russian-hackers-aren-t-the-only-ones-to-worry-about
  5. Newegg users’ credit card info was exposed to hackers for a month [The Verge]
    - see also: www.volexity.com/blog/2018/09/19/magecart-strikes-again-newegg/
    - and: www.riskiq.com/blog/labs/magecart-newegg/
  6. Think Like An Attacker: How a Red Team Operate [Dark Reading]
  7. Microsoft offers completely passwordless authentication for online apps [Ars Technica]
    - see also: www.zdnet.com/article/microsoft-heres-why-were-declaring-end-of-password-era/
    - and: cloudblogs.microsoft.com/microsoftsecure/2018/09/24/delivering-security-innovation-that-puts-microsofts-experience-to-work-for-you/
    - and: www.wired.com/story/yubikey-series-5-fido2-passwordless/
  8. Internet Organised Crime Threat Assessment 2018 [Europol]
    - see also: www.helpnetsecurity.com/2018/09/26/mcafee-labs-threats-report-september-2018/
    - and: www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
  9. Monero bug could have allowed hackers to steal massive amounts of cryptocurrency [Zero Day]
    - see also: fortune.com/2018/09/20/cryptocurrency-exchange-hack-zaif-japan-60-million/
  10. Equifax IT staff had to rerun hackers’ database queries to work out what was nicked – audit [The Register]
  11. Expanding DNSSEC Adoption [Cloudflare]
  12. Why I’m done with Chrome [Matthew Green]
    - see also: threatpost.com/googles-forced-sign-in-to-chrome-raises-privacy-red-flags/137651/
    - and: www.zdnet.com/article/backlash-sees-change-in-chrome-login-and-google-account-behaviour/

Infosec bits for week 37/18

Roderick Mooi

  1. British Airways boss apologises for ‘malicious’ data breach [BBC]
    - see also: BA apologizes after 380,000 customers hit in cyber attack [REUTERS]
    - Juicy, more technical details: Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims [RISKIQ]
  2. How US authorities tracked down the North Korean hacker behind WannaCry [ZDNet]
    - Also: MarkOfTheWeb: How a Forgetful Russian Agent Left a Trail of Breadcrumbs [RISKIQ]
  3. The Adoption of Multi-Factor Authentication in Higher Education [StaySafeOnline]
  4. The Equifax Breach One Year Later: 6 Action Items for Security Pros [DARKReading]
    - Of additional interest: Protected Voices – your voice matters, so protect it
    — “But even beyond political campaigns, the cybersecurity information contained in these videos—which ranges from protecting passwords to social engineering threats to what to do if you think you’ve been hacked—will be helpful to anyone who uses a computer.”
  5. Where have all my Certificates gone? [SANS ISC]
    - see also: How to nab a HTTPS cert for a stranger’s website: Step one, shatter those DNS queries… [The Register]
    - and Why do we need HTTPS?
  6. Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure [BLACK HILLS]
  7. The Chilling Reality of Cold Boot Attacks [F-Secure]
  8. Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob [WIRED]
    - Tesla Will Restore Car Firmware/OS When Hacking Goes Wrong [Bleeping Computer]
  9. Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw [threatpost]
    - Technical POC: Apple Safari & Microsoft Edge Browser Address Bar Spoofing – Writeup [Rafay Baloch]
  10. MacOS Security Baseline Script – tips for securing MacOS
  11. Security Management Guide [Praxiom]
    - aiming to make ISO 27001, 27002, 28000, 31000 and 22301 easier to understand and implement
  12. 10 Coolest Jobs in Cybersecurity [SANS]

Infosec bits for week 35/18

Roderick Mooi

  1. Protecting the research & education sector against cyber attacks [in THE FIELD]
  2. Iranian Hackers Charged in March Are Still Actively Phishing Universities [Bleeping Computer]
    - see also (IOCs): Back to School: COBALT DICKENS Targets Universities [Secureworks]
    - and www.cnet.com/google-amp/news/cybersecurity-101-how-universities-are-dealing-with-hackers/
  3. Apache Struts Vulnerability POC Code Found on GitHub [Recorded Future]
    - see also: Another Year, Another Critical Struts Flaw – NB: links to hardening guides in the “You Can’t Install a Patch That Doesn’t Exist” section
    - and Hardening Apache Struts with SELinux [Double Pulsar]
  4. Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface [CERT-CC]
    - Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day [Bleeping Computer]
  5. Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades [Bleeping Computer]
    - see: nvd.nist.gov/vuln/detail/CVE-2018-15473 (user enumeration vulnerability)
  6. Following account hacks, Instagram will finally support third party 2FA apps [Mashable]
    - see also: Instagram’s New Security Tools are a Welcome Step, But Not Enough [Krebs on Security]
  7. The enemy is us: a look at insider threats [Malwarebytes LABS]
  8. Don’t shoot messenger [EFF (the other one again)]
  9. A cryptocurrency exchange hack with a North Korean accent [Kaspersky lab]
  10. Pwned Passwords, Now As NTLM Hashes! [Troy Hunt]
  11. Facebook removes 652 fake accounts and pages meant to influence world politics [The Guardian]
  12. Former NSA, CIA director on cyber, Facebook and hacking back [Fifth Domain]

Infosec bits for week 34-18

Roderick Mooi

  1. 10 Steps to Cyber Security [NCSC]
    - sneak preview / useful infographic on the Download tab
  2. Phishing attack on Augusta University Health leads to breach exposing info on 400K persons [SC]
  3. Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution [threatpost]
    - see also: So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks [The Register]
  4. Two DDoS Friendly Bugs Fixed in Linux Kernel [Bleeping Computer]
    - see also: Back to the 90’s: FragmentSmack [SANS ISC]
  5. IPsec VPN Connections Broken Using 20 Year Old Flaw [Latest Hacking News]
  6. Instagram users are reporting the same bizarre hack [Mashable]
  7. New Man-in-the-Disk attack leaves millions of Android phones vulnerable [The Hacker News]
  8. Between You, Me, and Google: Problems With Gmail’s “Confidential Mode” [EFF (the other one)]
  9. Security flaw reported on Gauteng school applications website [MyBroadband]
  10. Melbourne teen hacked into Apple’s secure computer network, court told [The Age]
  11. In ‘Cybertropolis,’ Army begins to move its cyber training exercises into the physical world [Federal News Radio]
    - see also: China Believes Its Cyber Capabilities Lag Behind US: Pentagon [SecurityWeek]
  12. Why burnout happens in Information Security [CSO]
  13. Spliced Wire: How an international hacker network turned stolen press releases into $100 million [The Verge]

Infosec bits for week 33/18

Roderick Mooi

  1. Study: Spam is Still an Effective Way to Infect Computers [SANS NewsBites]
    - “…Beyond hardening of the endpoint and the perimeter, focus on user training which includes recognition for proper reporting.” – Neely
    - see also: threatpost.com/threatlist-spams-revival-is-tied-to-adobe-flashs-demise/134688/ and www.information-age.com/spam-still-first-choice-cyber-crime-according-study-123473840/
  2. Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered [The Hacker News]
    - Intel Reveals New Spectre-Like Vulnerability [DARKReading]
    - Resources and Response to Side Channel L1 Terminal Fault [Intel]
  3. Email Phishers Using New Way to Bypass Microsoft Office 365 Protections [The Hacker News]
  4. The Mouse is Mightier than the Sword [patrick wardle]
  5. Hanging Up on Mobile in the Name of Security [KrebsonSecurity]
  6. DeepLocker: When malware turns artificial intelligence into a weapon[Zero Day]
  7. Windows 10 to get disposable sandboxes for dodgy apps [arsTECHNICA]
  8. Facebook to Banks: Give Us Your Data, We’ll Give You Our Users [THE WALL STREET JOURNAL]
  9. Welcome to the Quiet Skies [The Boston Globe]

Infosec bits for week 32/18

Roderick Mooi

  1. Security Think Tank: Almost all security can be outsourced, but not the risk [ComputerWeekly]
  2. Your online privacy resource center
    - “You are being watched, tracked, and recorded by private and state-sponsored entities whenever you go online. Here you will find the tools and information you need to restore your privacy, secure your devices, and defeat online censorship.”
  3. We had a security incident. Here’s what you need to know. [reddit]
    - More: krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/
    - And: www.darkreading.com/endpoint/authentication/is-sms-2fa-enough-login-protection/d/d-id/1332479
  4. GDPR: What’s really changed so far? [ZDNet]
  5. Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World? [Trustwave]
    - More: nakedsecurity.sophos.com/2018/08/03/routers-turned-into-zombie-cryptojackers-is-yours-one-of-them/
    - And: threatpost.com/huge-cryptomining-attack-on-isp-grade-routers-spreads-globally/134667/
  6. BGP/DNS Hijacks Target Payment Systems [ORACLE+Dyn]
    - More: www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
  7. CCleaner Adds Data Collection Feature With No Way to Opt-Out [The Hacker News]
  8. Multiple Cobalt Personality Disorder [Cisco Talos]
  9. SamSam: The (Almost) Six Million Dollar Ransomware [SOPHOS]
    - TL;DR: thehackernews.com/2018/07/samsam-ransomware-attacks.html

Infosec bits for week 31/18

Roderick Mooi

  1. KnowBe4 Releases Q2 2018 Top-Clicked Phishing Report
    - Security Awareness Update -Watch out for these Common Scams [IRMSAinsight]
    - These are the five ways to avoid phishing scams [South African]
  2. SIEM – A Beginner’s Guide to Security Information and Event Management Tools
    - Critical Capabilities for Security Information and Event Management [Gartner]
  3. Google: Security Keys Neutralized Employee Phishing [KrebsOnSecurity]
  4. NetSpectre – New Remote Spectre Attack Steals Data Over the Network [The Hacker News]
  5. Decade-old Bluetooth flaw lets hackers steal data passing between devices [arsTECHNICA]
    - research paper here: Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack
    - see also: www.kb.cert.org/vuls/id/304725
    - wccftech.com/bluetooth-bug-attackers-snoop/
  6. Presidency silent about website hack [MYBROADBAND]
  7. Attack inception: Compromised supply chain within a supply chain poses new risks [Microsoft]
  8. South African developer finds Pizza Hut security flaw which affected hundreds of websites [MYBROADBAND]
  9. Hackers in Singapore stole the personal information of 1.5 million citizens via the country’s government health database [BBC]
  10. Mobile Device Security for International Travelers – Part 1: How to prepare your phone and tablet for privacy and peace of mind while abroad [April Wright]

Infosec bits for week 30/18

Roderick Mooi

  1. Understanding Data Privacy Issues in Higher Education [EDUCAUSE]
  2. Responding to IT Security Incidents [Microsoft]
  3. Oracle Sets All-Time Record with July Critical Patch Update [threatpost]
    - www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
    - “The Oracle July 2018 Critical Patch Update (CPU) fixes eight (8) Java SE-related vulnerabilities, all of which can be remotely exploited by hackers without user credentials. Five (5) new critical Java vulnerabilities were also fixed in the WebLogic Server, all of which are remotely exploitable without authentication.”
  4. Alert (TA18-201A) – Emotet Malware [US-CERT]
  5. How to Protect Yourself From SIM Swapping Hacks [MOTHERBOARD]
  6. Decent Security. Start somewhere. Start here.
    - some great tips (missing some privacy issues imo but there’s other blogs for that…)
  7. Facebook says it gave companies ‘one-time’ access to user data after restricting information 2015 [CNBC]
    - Russian company had access to Facebook user data through apps [CNN Money]
  8. Hacker Puts Airport’s Security System Access On Dark Web Sale For Just $10 [The Hacker News]
    - make sure you’re implementing the RDP security measures at the end…
  9. Traditional identity systems are the new battleship row [BetaNews]
  10. What the Birds Can Teach Us About Building a Diverse Cybersecurity Team [EC-Council Blog]
  11. Shutting down the BGP Hijack Factory [ORACLE+Dyn]

Infosec bits for week 28/18

Roderick Mooi

  1. The Worst Cybersecurity Breaches of 2018 So Far [Wired]
    - including >300 universities (176 outside the US)
  2. Center for Internet Security 2017 Year in Review [CIS]
    - TL;DR
    — Implement CIS controls
    — Benchmark your systems
    — Use their hardened images
  3. Chinese hackers infiltrate systems at Australian National University [abc.net]
    - www.cyberscoop.com/chinese-linked-hackers-breached-top-australian-defense-university-report/
  4. User-focused Password Guidance from NIST [video]
    - Developers and information security specialists, consult pages.nist.gov/800-63-3/
    - SP 800-63B for example recommends 8+ character length passwords/passphrases with no other complexity requirements and paying attention to how passwords are stored (hashed+salted)
  5. German Court Issues First GDPR Ruling
    - the IPANN vs EPAG case…
  6. Fraud: here’s how scammers get away with it [The Guardian]
  7. Lynis v/2.6.6 is out
    - “Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than many vulnerability scanners.”
  8. Not enough CISOs and business leaders cooperate on a cybersecurity plan and budget [Helpnet Security]
  9. Kids learn about cybersecurity through gaming [LLNL]
  10. The Ultimate Guide to Safe Online Browsing
  11. A curious tale of the priest, the broker, the hacked newswires, and $100m of insider trades [The Register]
  12. BSides Cape Town 1 Dec – ticket sales now open – get yours before they run out…
    - BSides is “an innovative one day information security conference”. Check past events for more info.