C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 41/18

- Roderick Mooi

  1. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies [Bloomberg]
    - so for the story of the week, which side do you choose? Theory, truth or conspiracy?
    - AWS
    - Apple
    - see also: Supply Chain Security Speculation and Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?
    - and if you can’t get enough: hn.algolia.com/?query=supermicro
  2. Facebook Could Be Fined $1.63 Billion by European Privacy Regulators Over Latest Data Breach, Report Says [FORTUNE]
    - Security Update
    - Hope I don’t have one of those 50m accounts :-/
  3. Google+ Is Shutting Down After a Security Bug Exposed User Info [MotherBoard]
    - Google+ Breach — What Happened, Who Was Impacted And How To Delete Your Account [Forbes]
    - and if you have a WSJ subscription
    - Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+ [Google]
  4. Microsoft Has Pulled the Windows 10 October 2018 Update [Bleeping Computer]
    - Microsoft update
  5. Get Cyber Skilled [ECSM]
    - see also: IT security top tips
    and PDF guide
  6. How to turn your people into your best defence [TEISS] – which links to: Free ESET Cybersecurity Awareness Training (might be cool?)
  7. 945 data breaches led to compromise of 4.5 billion data records in first half of 2018 [Help Net Security]
    - get the report here
    - see also: Why 31% of data breaches lead to employees getting fired [TechRepublic]
    - and: Heathrow fined for USB stick data breach
  8. APT38: Details on New North Korean Regime-Backed Threat Group [FireEye]
  9. Four critical KPIs for securing your IT environment [Help Net Security]
  10. SIEM, UBA, UEBA… If you’re suffering netsec acronym overload, then here’s our handy guide [The Register]
  11. It’s 2018, and network middleware still can’t handle TLS without breaking encryption [Zero Day]
  12. Spectre and Meltdown Hardware Protection Added to Intel’s 9th Gen CPUs [Bleeping Computer]
  13. Intel ME Manufacturing Mode: obscured dangers and their relationship to Apple MacBook vulnerability CVE-2018-4251 [Positive Technologies]
  14. Identifying a phisher [SANS ISC]