C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for week 50/20

- Schalk Peach

  1. #LocalLeaks (ie Do we still have such a thing as personal information in SA?)
    1. SABC confirms that its website was hacked [Jamie McKane, MyBroadband]
  2. Why email security matters
    1. Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame? [Bradley Barth, SC Magazine]
    2. How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain [The Hacker News]
  3. US CERT Advisories
    1. It is very advisable to add Alerts and Tips > Current Activity to your RSS feed
    2. Apache Releases Security Advisory for Apache Tomcat [US CERT]
    3. Microsoft Releases December 2020 Security Updates [US CERT]
    4. SAP Releases December 2020 Security Updates [US CERT]
    5. OpenSSL Releases Security Update [US CERT]
    6. Theft of FireEye Red Team Tools [US CERT]
    7. NSA Releases Advisory on Malicious Cyber Actors Exploiting CVE-2020-4006 [US CERT]
  4. Bugs, bugs everywhere (insert Buzz Lightyear meme…)
    1. NSA: Hackers exploit new VMware vulnerability to steal data [Sergui Gatlan, Bleeping Computer]
    2. The patch that wasn’t: Cisco emits fresh fixes for NTLM hash-spilling vuln and XSS-RCE combo in Jabber app [Gareth Corfield, The Register]
    3. Cisco fixes Security Manager vulnerabilities with public exploits [Sergiu Gatlan, Bleeping Computer]
    4. 4 major browsers are getting hit in widespread malware attacks [Dan Goodin, Ars Technica]
    5. High-Severity Chrome Bugs Allow Browser Hacks [Tom Spring, Threat Post]
  5. New things in ransomware
    1. Hackers are selling more than 85,000 MySQL databases on a dark web portal [Catalin Cimpanu, ZDNet]
    2. Ransomware gangs are now cold-calling victims if they restore from backups without paying [Catalin Cimpanu, ZDNet]
    3. RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report [Elizabeth Montalbano, Threat Post]
  6. Farewell Flash
    1. Adobe just released the last Flash update ever [Adi Robertson, The Verge]
    2. But do not despair, you can still get some Alien Homonid, Yeti Sports, and Strong Bad at The Internet Archive Do not click, time wasters…