C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 19/20

- Roderick Mooi

  1. Resource Guide for Cybersecurity During the COVID-19 Pandemic [Center for Internet Security]
    - see also: Privacy Preserving Protocols to Trace Covid19 Exposure
    - and: Cyber volunteers release blocklists for 26,000 COVID-19 threats
  2. Learning from Home While School’s Out: Cybersecurity Education for Kids [Greg Herbold and Kim Yohannan, Palo Alto Networks]
    - see also: Cybersecurity Lab – highly recommended for kids Gr8-12
    - PBS Kids Cyberchase – for the younger ones
    - Cyber School – Free to attend, live & online cyber security school for school pupils around the world
    - KnowBe4 Children’s Interactive Cybersecurity Activity Kit – offline activity books
  3. Nearly a Million WP Sites Targeted in Large-Scale Attacks [Ram Gall , Wordfence]
    - see also: Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
  4. Convincing Office 365 phishing uses fake Microsoft Teams alerts [Sergiu Gatlan, Bleeping Computer]
    - original report: Abnormal Attack Stories: Microsoft Teams Impersonation
  5. Cisco Webex phishing uses fake cert errors to steal credentials [Sergiu Gatlan, Bleeping Computer]
  6. LockBit, the new ransomware for hire: A sad and cautionary tale [Dan Goodin, Ars Technica / Condé Nast]
  7. Hackers exploit Salt RCE bugs in widespread attacks, PoCs public [Ionut Ilascu, Bleeping Computer]
    - see also: Search provider Algolia discloses security incident due to Salt vulnerability
  8. What to do when you receive an extortion email [Thomas Reed, Malwarebytes]
  9. Can you trust attachments with unfamiliar extensions? [Zeljka Zorz, Help Net Security]
  10. Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use [Thomas Brewster, Forbes]
  11. Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 [Catalin Cimpanu, Zero Day]
  12. Windows 7 end-of-life security mitigation [John Zage, Trusted CI]
  13. The Shadowserver Foundation Threat Report: A Spotlight on Africa [Shadowserver]
  14. Mobile as Attack Vector Using MDM [Aviran Hazum et al, Check Point Research]
  15. Honeysploit: Exploiting the Exploiters [Curtis Brazzell, Medium]
    - see also: Professional data leakage: How did that security vendor get my personal data?