C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 13/18

- Roderick Mooi

  1. Iranian Hackers Charged For Spree Of Attacks On Hundreds Of Universities
    - www.wired.com/story/iran-cyberattacks-us-universities-indictment/
    - Iranian Hackers Charged Last Week Were Actually Pretty Damn Good Phishers
  2. Facebook and Cambridge Analytica – What’s Happened So Far
    - How Cambridge Analytica used your Facebook data to help elect Trump* – the lesson here is what’s important – your convenience / privacy…
    - What lies beneath: The things Facebook knows go beyond user data
    - Facebook denies it collects call and SMS data from phones without permission
    - The Facebook Privacy Setting That Doesn’t Do Anything at All
    - Mozilla’s new Firefox extension keeps your Facebook data isolated to the social network itself
    - The Complete Guide to Facebook Privacy [or how to properly delete your account ;)]
  3. Facebook CISO Alex Stamos May Be Leaving the Company Later This Year
    - Here’s the key takeaway: “[Editor Comments] [Paller] I know of no other conflict that has caused as many CISOs to leave or be terminated than the question of how much to disclose in the aftermath of a breach. The only survival strategy we have seen is to find a way to keep the lawyer (and sometimes the communications director) out of the meetings. If that is possible, the CISO’s key job is to encourage senior executives to understand how little chance there is that the company will be able to keep a lid on the information and how much worse late disclosure is than early disclosure.”
  4. AMD Acknowledges Vulnerabilities, Will Roll Out Patches In Coming Weeks
    - community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
  5. Administrator’s Password Bad Practice [something to pass on to your admins] – note tips at end
  6. Automatic Hunting for Malicious Files Crossing your Network – featuring useful tools like MISP, Bro, Splunk and TheHive
  7. Hackers Infect Linux Servers With Monero Miner via 5-Year-Old [Cacti] Vulnerability
  8. Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors
  9. DMARC 2.0? New BIMI standard will help fight spoofing and phishing
    - Universities Lag in DMARC Adoption sadly
  10. With cryptojacking rising, exploit kits rapidly decline
    - Monero cryptocurrency: Malware’s rising star
  11. And if you made it this far, you deserve something special – 780 Days in the Life of a Computer Worm