F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

  1. The EDUCAUSE Information Security Almanac 2019
    - “This two-page, easy-to-scan almanac shares the most important EDUCAUSE data regarding the state of information security, privacy, and identity management in higher education.”
    - see also: Campus MFA Practices
  2. SANS Top New Attacks and Threat Report
    - “There is no shortage of media coverage of breaches and outages, and there are many places to find backward-looking statistics about how many attacks were launched in cyberspace. What is harder to find is expert analysis of the areas security managers should prioritize in order to increase effectiveness and efficiency in dealing with known threats while also minimizing the risk from emerging attacks. For the past 13 years, the SANS “Five Most Dangerous Attacks” expert panel at the annual RSA Conference has filled that gap. This SANS whitepaper begins with a baseline of statistics from two of the most reliable sources of breach and malware data, then summarizes the expert advice from the SANS instructors on the RSA panel, detailing the emerging threats to look out for in 2019 and beyond.”
  3. McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all [Ars Technica]
  4. IT Security Guidelines for Transport Layer Security [NCSC]
    - “These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS)…These guidelines are technical in nature. They help an organisation choose between all possible configurations of TLS to arrive at a secure configuration. An administrator or supplier then applies this configuration.”
  5. Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent [Business Insider]
    - see also: Facebook security notice announces millions of Instagram users had their passwords stored in plaintext
  6. DNS Hijacking Abuses Trust In Core Internet Service [Talos]
  7. Popular jQuery JavaScript library impacted by prototype pollution flaw [Zero Day]
  8. Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks [@GelosSnake]
  9. How Not to Acknowledge a Data Breach [Krebs on Security]
  10. Dragonblood – Analysing WPA3’s Dragonfly Handshake
  11. Security BSides San Francisco – incl. BSidesSF 2019 videos
  12. Darknet Diaries Ep 36: Jeremy from Marketing (PG L)
    - “A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned.”
    - (podcast account of threader.app/thread/1063423110513418240)