F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

Infosec bits for the week 37/19

  1. Who’ll benefit from the Regis University cyberattack? The Denver school’s cybersecurity students. [Elizabeth Hernandez, The Denver Post]
  2. Ransomware shuts down classes, childcare centers in Flagstaff, Arizona [Colin Wood, Scoop News Group]
    - see also: Back to school: With latest attack, ransomware cancels classes in Flagstaff
  3. More than 99% of cyberattacks rely on human interaction [Help Net Security]
  4. Cyber-security incident at US power grid entity linked to unpatched firewalls [Catalin Cimpanu, Zero Day]
  5. MANRS Observatory: Monitoring the State of Internet Routing Security [Andrei Robachevsky, Internet Society]
    - find it here: observatory.manrs.org/
  6. BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks [Mohit Kumar, Teh Hacker News]
  7. Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks [Mohit Kumar, Teh Hacker News]
  8. Security hole opens a billion Android users to advanced SMS phishing attacks [Help Net Security]
  9. Simjacker: a brand new mobile vulnerability exploited by surveillance companies for espionage operation [Andrea Fortuna]
  10. Twitter disables SMS-to-tweet feature after its CEO got hacked last week [Catalin Cimpanu, Zero Day]
  11. Why 5G requires new approaches to cybersecurity [Tom Wheeler and David Simpson, The Brookings Institution]

Infosec bits for week 36/19

  1. Every Computer Science Degree Should Require a Course in Cybersecurity [Jack Cable, Harvard Business Publishing]
  2. FinCEN Issues Advisory on Business Email Compromise Schemes and Names Colleges and Universities among Top Targets [Katie Branson, EDUCAUSE]
    - see also: Cyber Claims: GDPR and business email compromise drive greater frequencies
  3. When Ransomware Cripples a City, Who’s to Blame? This I.T. Chief Is Fighting Back [Frances Robles, New York Times]
    - see also: Rockville Center School District pays $88,000 ransom
  4. South Africa’s mass surveillance revealed [Tefo Mohapi, iAfrikan]
    - see also: South African authorities admit to mass surveillance (comments)
  5. Bitcoin Warning As Serious Security Vulnerabilities Uncovered [Billy Bambrough, Forbes]
    - see also: China In the Process of Rolling Out State-Backed Cryptocurrency
  6. Open Redirect: A Small But Very Common Vulnerability [Jan Kopriva, SANS ISC]
  7. Putting an end to Retadup: A malicious worm that infected hundreds of thousands [Jan Vojtěšek, Avast Software]

Infosec bits for week 35/19

  1. The Higher Ed Model for Cybersecurity Compliance [Colleen Johnson, EDUCAUSE Review]
  2. New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks [Ionut Ilascu, Bleeping Computer]
  3. Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs [Catalin Cimpanu, Zero Day]
  4. Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks [Jovi Umawing, Malwarebytes Labs]
    - see also: knobattack.com/
  5. The Difference Between Red, Blue, and Purple Teams [Daniel Miessler]
  6. FNB backs down on password decision after backlash [Duncan Mcleod, NewsCentral Media]
  7. Is this Crown Sterling press release from another planet? [Josh Bernoff]
  8. Employees connect nuclear plant to the internet so they can mine cryptocurrency [Catalin Cimpanu, Zero Day]

Infosec bits for week 33/19

  1. Cyberattack forces Houston County schools to postpone opening day [Doug Olenick, Haymarket Media]
  2. Fraudster Brought Back from Kenya to Face Jail Time for Stealing Almost $750,000 from UCSD through a Spear Phishing Campaign [Alexandra F. Foster, US DOJ]
  3. A Campus Culture of Cybersecurity [Julianne Basinger, The Chronicle of Higher Education]
  4. Windows Defender Gets Perfect Scores in Antivirus Test [Nathaniel Mott, Tom’s Hardware]
  5. Apple halts practice of contractors listening in to users on Siri [Alex Hern, The Guardian]
    - see also: Google: More information about our processes to safeguard speech data
  6. I Always Feel Like Somebody’s Watching Listening to Me (click on link to 29 July article) [Jacob Baines, Tenable TechBlog]
  7. Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V [Mohit Kumar, The Hacker News]
  8. Boffins hacked Siemens Simatic S7, most secure controllers in the industry [Pierluigi Paganini, SecurityAffairs]
  9. Extended Validation Certificates are (Really, Really) Dead [Troy Hunt]
  10. Clever Vanity License Plate Backfires On Man, Winds Up With Tons Of Tickets [Dave Basner, iHeartRadio]

Infosec bits for week 31/19

  1. Louisiana declares emergency over cyberattacks targeting schools [Benjamin Freed, Scoop News Group]
    - see also: Louisiana governor declares state emergency after local ransomware outbreak
    - and: Syracuse cyber attack: Experts say schools easy prey for ransomware
  2. Ed Dept: Hackers created thousands of fake student profiles [Natalie Schwartz, Industry Dive]
    - see also: Ellucian Banner System Vulnerability Update
    - and note: “Attackers are utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals. Ellucian recommends adding reCAPTCHA capabilities to the admission process to reduce the likelihood of experiencing fraudulent applications for admissions, even if institutions are not currently experiencing this issue.”
  3. Student data systems compromised in Hawaii, Tennessee [Ryan Johnston, Scoop News Group]
  4. Most City Power IT systems, networks restored following cyber attack [Alex Mitchley, 24.com]
    - see also: Ransomware incident leaves some Johannesburg residents without electricity
  5. Steps to Safeguard Against Ransomware Attacks [The Cybersecurity and Infrastructure Security Agency (CISA)]
  6. A BEAST and a POODLE celebrating SWEET32 [Bojan Zdrnja]
    - Overview: “In last couple of years we have witnessed many SSL/TLS vulnerabilities with various acronyms: POODLE, BEAST, BREACH, CRIME, DROWN, FREAK and SWEET32 – to name some. Almost every time, a snazzy logo and a lot of panic around the vulnerability made us believe that this is the end of secure communication on the Internet. However, we are yet to see any real hacks that actually exploited one of the above mentioned vulnerabilities. This presentation will explain how these vulnerabilities work and will comment on their viability for web, mobile and fat client applications. We will try to identify the SSL/TLS vulnerabilities who cried wolf, so we can concentrate on those that pose a serious threat (if such exist, that is).”
    - See also: Verifying SSL/TLS configuration
  7. Password Managers [Higher Education Information Security Council (HEISC)]
  8. Teenage hackers are offered a second chance under European experiment [Jeff Stone, Scoop News Group]
  9. The Encryption Debate Is Over – Dead At The Hands Of Facebook [Kalev Leetaru, Forbes Media LLC]
  10. How Cyber Weapons Are Changing the Landscape of Modern Warfare [Sue Halpern, The New Yorker]
    - see also: U.S. Cyber Command simulated a seaport cyberattack to test digital readiness

Infosec bits for week 29/19

  1. Monroe College hacked, $2 million in Bitcoin demanded as ransom [Rocco Parascandola (interesting name!) and Thomas Tracy, New York Daily News ]
    - see also: Monroe College Hit With Ransomware, $2 Million Demanded – with interesting note that “The United States Conference of Mayors to make a non-binding agreement to not pay ransomware demands going forward”
  2. Microsoft Office 365: Banned in German schools over privacy fears [Cathrin Schaer, Zero Day]
    - see also: Increasing transparency and customer control over data
    - see also: Microsoft Office brings you new privacy controls
  3. British Airways faces record £183m fine for data breach [BBC News]
  4. HTTP Security Headers – A Complete Guide [Carlie Belmer, Null Sweep]
  5. GnuPG 2.2.17 released to mitigate attacks on keyservers [Werner Koch, GnuPG]
    - with ref from last week: SKS Keyserver Network Under Attack
  6. Samba Project tells us “What’s New” – SMBv1 Disabled by Default [Rob VandenBrink, SANS Internet Storm Center]
  7. How to securely erase the data off your iPhone or iPad, Android device, Windows PC, hard drives, SSDs, and flash drives [Adrian Kingsley-Hughes, Zero Day]
  8. Adventures building a Self Driving RC Car [Rahul]
    - I know, not directly security-related but it’s cool (and we’re allowed to end our list with something a bit off-topic ;))

Infosec bits for week 28/19

  1. I was 7 words away from being spear-phished [Robert Heaton]
  2. Introducing Elastic SIEM [Mike Paquette, Elasticsearch B.V.]
  3. SKS Keyserver Network Under Attack [Robert J. Hansen]
    - OpenPGP users take note
  4. Women in Security [Various, SC Magazine]
  5. Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers [Brian Krebs]
  6. Florida city fires IT employee after paying ransom demand last week [Catalin Cimpanu, Zero Day]
  7. Virtual Private Networks (VPNs) – Ouch! Newsletter [Phil Johnsey, Palm Beach County]
  8. Deconstructing Apple Card: A Hacker’s Perspective [Ryan McKamie and Swapnil Deshmukh, Certus Cybersecurity Solutions LLC]

Infosec bits for week 26/19

  1. Security Operations Center (SOC) Case Study [Higher Education Information Security Council (HEISC)]
  2. Evidence obtained unlawfully from Facebook – Does it infringe the right to privacy? [Brian Kahn Inc Attorneys, Go Legal]
  3. Awesome Web Security [@qazbnm456] – Curated list of Web Security materials and resources
  4. The Clouds Are Out to Get Me! [John Strand, SANS Pen Test HackFest Summit 2018]
  5. Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework [NIST CSRC]
  6. How spammers use Google services [Maria Vergelis, Kaspersky Daily]
  7. Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds [Catalin Cimpanu, Zero Day]
    - Primary advisory: Update Regarding Vulnerability Recently Discovered In Komodo’s Agama Wallet
  8. Google open sources Private Join and Compute, a tool for sharing confidential data sets [Natalie Gagliordi, Zero Day]
  9. Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness [Mark Simos, Kristina Laidler and John Dellinger; Microsoft Security]
  10. Microsoft warns about email spam campaign abusing Office vulnerability [Catalin Cimpanu, Zero Day]
  11. TCP SACK PANIC – Kernel vulnerabilities – CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 [Red Hat]
    - CVE-2019-11477
  12. The catch-22 that broke the Internet [Brian Barrett, Wired]

Infosec bits for week 24/19

  1. Australian National University hit by huge data breach [Lisa Martin, The Guardian]
  2. Creating a Cybersecurity Strategy for Higher Education [Donald Welch, EDUCAUSE]
  3. Large European Routing Leak Sends Traffic Through China Telecom [Doug Madory, ORACLE]
  4. Sign in with Apple makes privacy a centerpiece [Dennis Fisher, Decipher]
    - see also: Is ‘Sign in with Apple’ Marketing Spin or Privacy Magic? Experts Weigh In
  5. Apple and WhatsApp fight proposal to let spies tap encrypted comms [Liam Tung, Zero Day]
  6. Huge scope of Australia’s new national security laws reveals itself [Stilgherrian, Zero Day]
  7. Corporate Surveillance in Everyday Life [Wolfie Christl, Cracked Labs]
  8. Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware [Krebs on Security]
  9. GitHub brings automated fixes with Dependabot [Fahmida Y. Rashid, Decipher]
  10. Identifying Vulnerabilities in Phishing Kits [Larry Cashdollar, Akamai]

Infosec bits for week 22/19

  1. What Colorado learned from treating a cyberattack like a disaster [Benjamin Freed, Scoop News]
  2. Intense scanning activity detected for BlueKeep RDP flaw [Catalin Cimpanu, Zero Day]
    - MS article: Prevent a worm by updating Remote Desktop Services
    - see also: An Update on the Microsoft Windows RDP “Bluekeep” Vulnerability (CVE-2019-0708) [now with pcaps]
  3. Infected by ransomware? – don’t forget the ‘No More Ransom!’ project (new decryptors available)
  4. Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable [Tara Seals, Threatpost]
    - Cisco advisory: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
  5. Notifying administrators about unhashed password storage [Suzanne Frey, Google]
  6. Senators propose bill requiring warrants to search devices at the border [James Martin, CNET]
    - see also: We Got U.S. Border Officials to Testify Under Oath. Here’s What We Found Out.
  7. 0day “In the Wild” [Ben Hawkes, Project Zero]
  8. Fun With Custom URI Schemes [Dominik Penner]
  9. Video: nmap Service Detection Customization [Didier Stevens, Internet Storm Center]
  10. The winner in the war on Huawei is Samsung [Chris Duckett, Zero Day]