C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 28/20

- Roderick Mooi

  1. University of California San Francisco pays ransomware gang $1.14m as BBC publishes ‘dark web negotiations’ [Gareth Corfield, The Register]
  2. Applying the 80-20 Rule to Cybersecurity [Dan Blum, Dark Reading / Informa]
    - see also: Framing the Security Story: The Simplest Threats Are the Most Dangerous
  3. Over 100 Wi-Fi routers fail major security test — protect yourself now [Paul Wagenseil, Tom’s Guide]
    - Full report: www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
  4. Palo Alto Networks patches critical vulnerability in firewall OS [Sergiu Gatlan, Bleeping Computer]
  5. First reported Russian BEC scam gang targets Fortune 500 firms [Ionut Ilascu, Bleeping Computer]
  6. ‘Keeper’ hacking group behind hacks at 570 online stores [Catalin Cimpanu, Zero Day]
    - If you entered card / account details on any of these sites post the dates given, consider your information compromised!
  7. Google open-sources Tsunami vulnerability scanner [Catalin Cimpanu, Zero Day]
  8. Toward trusted sensing for the cloud: Introducing Project Freta [Mike Walker, Microsoft]
  9. Intel Owl Release v1.0.0 [Eshaan Bansal, The Honeynet Project]
  10. AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals [Lindsey O’Donnell, Threatpost]
  11. Redirect auction [Dmitry Kondratyev, Kaspersky]
  12. WastedLocker Goes “Big-Game Hunting” in 2020 [Ben Baker et al, Talos / Cisco]
  13. Ireland launches COVID-19 contact tracing app based on Apple-Google API [Mike Peterson, Apple Insider]
  14. How Police Secretly Took Over a Global Phone Network for Organized Crime [Joseph Cox, Motherboard / Vice]