C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 02/18

- Roderick Mooi

  1. Meltdown and Spectre Updates Causing Problems for Some Users
    - Meltdown & Spectre Patches Causing Boot Issues for Ubuntu 16.04 Computers
    - Warning: Microsoft Fix Freezes Some PCs With AMD Chips
    - Important: Windows security updates released January 3, 2018, and antivirus software
    - “We’ll display this in red so it sticks out. Do not run the .reg file unless you’ve confirmed with your AV vendor that they’re compatible with the Meltdown and Spectre patches.”
    - Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs
    - Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too
    - List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates + see the US-CERT advisory
    - How to Protect Your Devices Against Meltdown and Spectre Attacks
    - You could resort to running everything on Raspberry Pi’s ;) jaxenter.com/spectre-meltdown-not-raspberry-pi-140201.html
    - And for the curious… Triple Meltdown: How So Many Researchers Found a 20-Year-Old Chip Flaw At the Same Time
  2. WPA3 announced
    - With WPA3, Wi-Fi security is about to get a lot tougher
    - WPA3 WiFi Standard Announced After Researchers KRACKed WPA2 Three Months Ago
  3. MADIoT – The nightmare after XMAS
  4. The Week in Ransomware – January 5th 2018 – Slow For The Holidays
  5. Monero going after just about everything…
    - New sophisticated Malware campaign Leveraging NSA Exploits to Mine Monero on Windows and Linux Systems
    - Massive Brute-Force Attack Infects WordPress Sites with Monero Miners
    - WebLogic Flaw Used to Install Monero Crypto Coin Miner + Hackers Make Whopping $226K Installing Monero Miners on Oracle WebLogic Servers
    - Miner blacklist
  6. Python-Based Botnet Targets Linux Systems with Exposed SSH Ports
  7. Hundreds of GPS Location Tracking Services Leaving User Data Open to Hackers
  8. Some news from December (worth mentioning):
    1. Stanford University executive leaves job after huge data breach
      - Stanford U. official ousted after keeping quiet about huge exposure of sensitive data
    2. Firewall Bursting: A New Approach to Better Branch Security
    3. Microsoft Word slams the door on DDEAUTO malware attacks
    4. Three More WordPress Plugins Found Hiding a Backdoor
      - www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/