C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

  1. Protecting the research & education sector against cyber attacks [in THE FIELD]
  2. Iranian Hackers Charged in March Are Still Actively Phishing Universities [Bleeping Computer]
    - see also (IOCs): Back to School: COBALT DICKENS Targets Universities [Secureworks]
    - and www.cnet.com/google-amp/news/cybersecurity-101-how-universities-are-dealing-with-hackers/
  3. Apache Struts Vulnerability POC Code Found on GitHub [Recorded Future]
    - see also: Another Year, Another Critical Struts Flaw – NB: links to hardening guides in the “You Can’t Install a Patch That Doesn’t Exist” section
    - and Hardening Apache Struts with SELinux [Double Pulsar]
  4. Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface [CERT-CC]
    - Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day [Bleeping Computer]
  5. Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades [Bleeping Computer]
    - see: nvd.nist.gov/vuln/detail/CVE-2018-15473 (user enumeration vulnerability)
  6. Following account hacks, Instagram will finally support third party 2FA apps [Mashable]
    - see also: Instagram’s New Security Tools are a Welcome Step, But Not Enough [Krebs on Security]
  7. The enemy is us: a look at insider threats [Malwarebytes LABS]
  8. Don’t shoot messenger [EFF (the other one again)]
  9. A cryptocurrency exchange hack with a North Korean accent [Kaspersky lab]
  10. Pwned Passwords, Now As NTLM Hashes! [Troy Hunt]
  11. Facebook removes 652 fake accounts and pages meant to influence world politics [The Guardian]
  12. Former NSA, CIA director on cyber, Facebook and hacking back [Fifth Domain]