E6F5 4D49 5B3F 4783 DEF1 1494 6199 BFDA 457D 1C5F

Infosec bits for week 03/21

Roderick Mooi

2021-01-15 10:09

Patch
- Microsoft Patch Tuesday, January 2021 Edition [Brian Krebs]
- Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content [Lindsey O’Donnell, Threatpost]
- Cisco Security Advisories [Cisco]
  - See also: Over 70 Vulnerabilities Will Remain Unpatched in EOL Cisco Routers
- Juniper Security Advisories [Juniper Networks]
- A vulnerability in Zyxel Firewall and AP Controllers Could Allow for Administrative Access [MS-ISAC / Center for Internet Security]
- Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking [Tom Spring, Threatpost]
Defend
- How to set up CSIRT and SOC [ENISA]
- Microsoft Sysmon adds support for detecting Process Herpaderping attacks [Catalin Cimpanu, Zero Day]
- Microsoft Defender for Linux now has endpoint detection and response security [Steven J. Vaughan-Nichols, Zero Day]
- Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments [CISA]
Attacks / Breaches
- Third malware strain discovered in SolarWinds supply chain attack [Catalin Cimpanu, Zero Day]
- Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack [Tara Seals, Threatpost]
- FBI Warns of Egregor Attacks on Businesses Worldwide [Elizabeth Montalbano, Threatpost]
- Ubiquiti tells customers to change passwords after security breach [Catalin Cimpanu, Zero Day]
- Google reveals sophisticated Windows and Android hacking operation [Catalin Cimpanu, Zero Day]
- Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments [CISA]
Other news
- US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security [Seth Rosenblatt, Dark Reading / Informa]
  - See also: Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?
- How I stole the data in millions of people’s Google accounts [Ethan Elshyeb, Noteworthy / Medium]
- Backstory Of The World’s First Chief Information Security Officer [Steve Morgan, Cybercrime Magazine]
- Uganda Shuts Down the Internet Ahead of its Election [Matthew Gault, Motherboard / VICE Media Group]

Infosec bits for week 01/21

Schalk Peach

2021-01-08 14:47

Vulnerabilities
- Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks [Eduard Kovacs, Security Week]
- Zend Framework disputes RCE vulnerability, issues patch [Ax Sharma, Bleeping Computer]
Crying Wolf
- Bug? No, Telegram exposing its users’ precise location is a feature working as ‘expected’ [Tim Anderson, The Register]
Policy
- NIST SP 800-128 – Because Patching May Never Fix Your Hidden Flaws [Bob Covello, Tripwire]
- 10 Benefits of Running Cybersecurity Exercises [Steve Durbin, Dark Reading]
Ransomware
- Babuk Locker is the first new enterprise ransomware of 2021 [Lawrence Abrams, Bleeping Computer]
SolarWinds Things
- SolarWinds hackers accessed Microsoft source code [Catalin Cimpanu, ZDNet]
- Shields Up – How to Tackle Supply Chain Risk Hazards [Torsten George, Security Week]
- SolarWinds – The more we learn, the worse it looks [Steven J. Vaughan-Nichols, ZDNet]
- SolarWinds Hit With Class-Action Lawsuit Following Orion Breach [Dark Reading]
- CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise [US CERT]
- FBI probe of major hack includes project-management software from JetBrains [Joseph Menn and Jack Stubbs, Reuters]
Breaches and Bugs
- A Google Docs Bug Could Have Allowed Hackers See Your Private Documents [Ravie Lakshmanan, The Hacker News]
- Hackers phish 615,000 login credentials by using Facebook ads [Sudais Asif, HackRead]
2020 InfoSec in Review
- The strangest cybersecurity events of 2020 [David Ruiz, Malware Bytes]
- The Coolest Hacks of 2020 [Kelly Jackson Higgins, Dark Reading]
- The most enticing cyberattacks of 2020 [David Ruiz, Malware Bytes]
- A Review of Ransomware in 2020 [TripWire]

Infosec bits for week 51/20

Roderick Mooi

2020-12-18 13:38

SolarWinds Orion updates
- SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack [Jake Williams, SANS]
- SolarWinds Security Advisory [SolwarWinds]
- Alert (AA20-352A): Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations [CISA]
- SolarWinds hackers have a clever way to bypass multi-factor authentication [Dan Goodin, Ars Technica]
- SUPERNOVA: SolarStorm’s Novel .NET Webshell [Palo Alto Networks]
Education sector
- Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data [CISA]
Learning
- Operational network security – training sessions Aug 2020 to Feb 2021 (new DNS security modules added) [GÉANT / DFN / DFN-CERT]
  - Slides
  - YouTube Playlist
Web application security
- Web Security Testing Guide v4.2 Released [Victoria Drake, OWASP]
  - Get it at https://github.com/OWASP/wstg/
General interest
- Migration delays prevent AD-centric zero trust security framework adoption [Help Net Security]
- Emulated mobile devices used to steal millions from US, EU banks [Sergiu Gatlan, Bleeping Computer]
- Inherently Vulnerable By Design [Defense in Depth (podcast)]
- I am the Chief Security Officer at Akamai and I make the internet suck less. Ask me anything!

Infosec bits for week 50/20

Schalk Peach

2020-12-11 10:11

#LocalLeaks (ie Do we still have such a thing as personal information in SA?)
1. SABC confirms that its website was hacked [Jamie McKane, MyBroadband]
Why email security matters
1. Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame? [Bradley Barth, SC Magazine]
2. How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain [The Hacker News]
US CERT Advisories
1. It is very advisable to add Alerts and Tips > Current Activity to your RSS feed
2. Apache Releases Security Advisory for Apache Tomcat [US CERT]
3. Microsoft Releases December 2020 Security Updates [US CERT]
4. SAP Releases December 2020 Security Updates [US CERT]
5. OpenSSL Releases Security Update [US CERT]
6. Theft of FireEye Red Team Tools [US CERT]
7. NSA Releases Advisory on Malicious Cyber Actors Exploiting CVE-2020-4006 [US CERT]
Bugs, bugs everywhere (insert Buzz Lightyear meme…)
1. NSA: Hackers exploit new VMware vulnerability to steal data [Sergui Gatlan, Bleeping Computer]
2. The patch that wasn’t: Cisco emits fresh fixes for NTLM hash-spilling vuln and XSS-RCE combo in Jabber app [Gareth Corfield, The Register]
3. Cisco fixes Security Manager vulnerabilities with public exploits [Sergiu Gatlan, Bleeping Computer]
4. 4 major browsers are getting hit in widespread malware attacks [Dan Goodin, Ars Technica]
5. High-Severity Chrome Bugs Allow Browser Hacks [Tom Spring, Threat Post]
New things in ransomware
1. Hackers are selling more than 85,000 MySQL databases on a dark web portal [Catalin Cimpanu, ZDNet]
2. Ransomware gangs are now cold-calling victims if they restore from backups without paying [Catalin Cimpanu, ZDNet]
3. RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report [Elizabeth Montalbano, Threat Post]
Farewell Flash
1. Adobe just released the last Flash update ever [Adi Robertson, The Verge]
2. But do not despair, you can still get some Alien Homonid, Yeti Sports, and Strong Bad at The Internet Archive Do not click, time wasters…

Infosec bits for week 49/20

Schalk Peach

2020-12-04 08:34

ABSA Data Leak
1. Absa bank embroiled in data leak, rogue employee accused of theft [Charlie Osborne, ZDNet]
2. Absa data leak update: ID numbers, vehicle details among stolen info [Business Insider]
3. Details about person behind Absa data breach emerge [MyBroadband]
Cybercrimess Bill Passed
1. Parliament passes Cybercrimes Bill [MyBroadband via BusinessTech]
Exploitable Vulnerabilities
1. iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever [Dan Goodin, Ars Technica]
2. FortiNet: Update Regarding CVE-2018-13379 [Carl Windsor, Fortinet]
3. Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW [Ravie Lakshmanan, The Hacker News]
4. VMWare VMSA-2020-0027.2 Update [VMWare]
5. Multiple vulnerabilities in WebKit [Jon Munshaw, Talos Intelligence]
Education and Academia
1. Ransomware halts classes for 115,000 Baltimore pupils [BBC News]
2. University of Vermont Medical Center has yet to fully recover from October cyber attack [Pierluigi Paganini, Security Affairs]
3. Alabama school district shut down by ransomware attack [Lawrence Abrams, Bleeping Computer]
Hacker Techniques
1. How attackers exploit Window Active Directory and Group Policy [Susan Bradley, CSO Online]
Container Security
1. A scan of 4 Million Docker images reveals 51% have critical flaws [Perluigi Paganini, Security Affairs]
2. Half of all Docker Hub images have at least one critical vulnerability [Lucian Constantin, CSO Online]
3. Misconfigured Docker Servers Under Attack by Xanthe Malware [Lindsey O’Donnell, Threat Post]
Governance and the Year in Review
1. Notable Enhancements to the New Version of NIST SP 800-53 [Steven Tipton, Tripwire]
2. The NCSC Annual Review 2020 [NCSC]
3. The biggest hacks, data breaches of 2020 [Charlie Osborne, ZDNet]

Infosec bits for week 48/20

Roderick Mooi

2020-11-27 13:13

Higher Education
- ‘I came home and burst into tears’: How Dundee and Angus College boss built back better after cybercriminals demanded entire college bank balance [Peter John Meiklem, The Courier / DC Thomson Media]
Budget
- 3 Steps CISOs Can Take to Convey Strategy for Budget Presentations [Vinay Sridhara, Dark Reading / Informa]
Social Engineering / Awareness
- GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services [Brian Krebs]
- Security Culture: Putting Digital Literacy First in Your Company [Mike Elgan, Security Intelligence / IBM]
Smart cars / IOT
- Tesla Model X key fobs could be hacked to steal cars, fix released [Sergiu Gatlan, Bleeping Computer]
- The smart video doorbells letting hackers into your home [Martin Pratt, Which?]
Webinars and trainings
- Cybersecurity training for open science research [ResearchSOC]
Advisories / Vulnerabilities
- Multiple vulnerabilities in VMware ESXi, Workstation and Fusion [VMWare]
- 2FA bypass discovered in web hosting software cPanel [Catalin Cimpanu, Zero Day ]
DDoS Mitigation
- DDoS Extortionist’s Behaviors [Barry Greene]
General
- Even the world’s freest countries aren’t safe from internet censorship [Help Net Security]
- WordPress Malware Setting Up SEO Shops [Larry Cashdollar, Akamai Technologies]
- Threat Modeling Manifesto
- CIS Videoconferencing Security Guide [Center for Internet Security]
- Stop Thinking of Cybersecurity as a Problem. Think Of It As a Game. [Lou Manousos, RiskIQ]
- When Security Controls Lead to Security Issues [Xavier Mertens, ISC]

Infosec bits for week 46/20

Schalk Peach

2020-11-13 13:35

Patch EveryDay
1. Intel fixes 95 vulnerabilities in November 2020 Platform Update [BleepingComputer, Sergiu Gatlan]
2. Microsoft Exchange Server ExportExchangeCertificate WriteCertiricate File Write Remote Code Execution Vulnerability [SourceIncite]
3. Office November security updates fix remote code execution bugs [BleepingComputer, Sergiu Gatlan]
4. Remote kernel heap overflow in NFSv3 Windows Server [McAfee, Eoin Carroll and Steve Povolny]
5. Microsoft Security Update Guide [Microsoft]
6. Changes to Microsoft Security Bulletins [TripWire, Tyler Reguly]
Attacks
1. DNS cache poisoning, the Internet attack from 2008, is back from the dead [Ars Technica, Dan Goodin]
2. How to get root on Ubuntu 20.04 by pretending nobody’s /home [Kevin Backhouse]
Academia and Research
1. Cyberattack on University of Vermont hospital IT network [CyberScoop, Sean Lyngaas]
2. Price Dropped on Hacked Educational RDP Details [InfoSecurity Magazine, Dan Raywood]
3. Open University Targeted With Over a Million Malicious Email Attacks So Far This Year [InfoSecurity Magazine, James Coker]
4. European weather services hit by storm of malicious email attacks [NewScientist, Adam Vaughan]
Sad News about the Arecibo Observatory
1. Second Cable Fails at Arecibo Observatory – Massive Radio Telescope Used in the Search for Alien Life [SciTechDaily]

Infosec bits for week 45/20

Roderick Mooi

2020-11-06 12:51

Operational network security – training sessions Aug 2020 to Feb 2021 [GÉANT/DFN]
Interview: How the University of Duisburg-Essen (UDE) prevented a ransomware attack [Davina Luyten/Marius Mertens]
Privacy Impact Assessment Toolkit [ucisa]
Ransomware Protection and Containment Strategies [MANDIANT]
Active Directory administrative tier model [Microsoft]
OUCH! Newsletter: Social Engineering Attacks [Christian Nicholson]
Cybersecurity as we know it will be ‘a thing of the past in the next decade,’ says Cloudflare’s COO, as security moves towards a ‘water treatment’ model [Rosalie Chan, Business Insider]
Zoom Finally Has End-to-End Encryption. Here’s How to Use It [Brain Barrett, WIRED / Condé Nast]
- see also: End-to-end (E2E) encryption for meetings
Patch for Critical VMware ESXi Vulnerability Incomplete [Eduard Kovacs, SecurityWeek / Wired Business Media]
PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots [Johannes Ullrich, SANS ISC]
- see also: Security Alert CVE-2020-14750 Patch Availability Document for Oracle WebLogic Server
Why Paying to Delete Stolen Data is Bonkers [Krebs on Security]
NAT Slipstreaming [Samy Kamkar]
- see also: news.ycombinator.com/item?id=24955891
Dr. Strangenet—or, how I stopped worrying and embraced the WFH IT apocalypse [Sean Gallagher, Ars Technica / Condé Nast]
‘There’s a whole war going on’: the film tracing a decade of cyber-attacks [Adrian Horton, The Guardian]

Infosec bits for week 44/20

Schalk Peach

2020-10-30 09:41

Vulnerabilities
- HPE fixes maximum severity remote auth bypass bug in SSMC console [Sergiu Gatlan, Bleeping Computer]
- Microsoft warns of ongoing attacks using Windows Zerologon flaw [Sergiu Gatlan, Bleeping Computer]
- Multiple vulnerabilities in Synology SRM [Claudio Bozzato and Jon Munshaw, Cisco Talos]
- If you haven’t patched WebLogic server console flaws in the last eight days ‘assume it has been compromised’ [Iain Thomson, The Register]
- SMBGhost – the critical vulnerability many seem to have forgotten to patch [Jan Kopriva, SANS]
- Attackers finding new ways to exploit and bypass Office 365 defenses [HelpNet Security]
- Easily exploitable RCE in Oracle WebLogic Server under attack [Zeljka Zorz, HelpNet Security]
Academic and Education Sector
- UK colleges face testing times with ageing kit, iffy connectivity, and some IT staff supporting 1k+ users [Richard Speed, The Register]
- New ransomware attack targets K-12 teachers [Christine Barry, Barracuda]
- Fake COVID-19 survey hides ransomware in Canadian university attack [Malware Bytes Labs]
- Community College Continues to Investigate Cyberattack [Security Week]
- Threat Spotlight: Spear-phishing attacks targeting education sector [Mike Flouton, Barracuda]
Botnet News
- Botnet Infects Hundreds of Thousands of Websites [Robert Lemos, DARKReading]
- Katana: a new variant of the Mirai botnet [Avira]
- KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others [Catalin Cimpanu, ZDNet]
- Even in Test Mode, New Mirai Variant Infecting IoT Devices [Doug Olenick, Data Breach Today]
Ransomware News
- CISA Ransomware Guide [CISA]
- Maze Ransomware Gang to Shut Down Operations [David Bisson, Tripwire]
Awareness and Conferences
- SecTorCa Conference Talk Writeups [InfoSecurity Magazine]
- Employee Awareness Recognized as Biggest Lockdown Security Failing [Phil Muncaster, InfoSecurity Magazine]

Infosec bits for week 43/20

Roderick Mooi

2020-10-23 12:12

ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected [ENISA]
Privacy nightmare for Toledo Public Schools: Hackers dumped student and employee data [DISSENT]
Where Do Security Awareness Programs Belong on the Org Chart? [Tonia Dudley, Cofense]
4 Tips For Protecting Intellectual Property In Academia [Mike Chapple, EdTech / CDW]
Hacking Incident Has an Unusual Ending [Marianne Kolbasuk McGee, HealthcareInfoSecurity / ISMG]
- see also: Ransomware gang donates part of ransom demands to charity organizations
Quarterly Update: Ransomware Trends in Q3 [Jamie Hart, Digital Shadows]
Cisco warns of attacks targeting high severity router vulnerability [Sergiu Gatlan, Bleeping Computer]
VMware Security Advisories
Government will force ISPs to crack down on piracy in South Africa [Jan Vermeulen, MyBroadband]
Vodacom and MTN have not notified Information Regulator of location data breach [Jan Vermeulen, MyBroadband]
What is confidential computing? How can you use it? [Mirko Zorz, Help Net Security]
Hackers hijack Telegram, email accounts in SS7 mobile attack [Ionut Ilascu, Bleeping Computer]
Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks [Ravie Lakshmanan, The Hacker News]
Robot’s parents very proud of her for finally passing CAPTCHA test [Mary Gillis, The Beaverton]