54BD 783A 27D2 85C1 C46D 5A02 3651 ADE3 E402 9FC2

  1. NIST releases revised strong password recommendations
    - The new guidelines recommend passphrases over shorter passwords with special characters, and changing them only if there is evidence of compromise.
    www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118 (sign-in required)
    Choosing strong passwords
    Generating Rememberable Passwords
  2. Implementing the NIST Security Framework? Consider looking at these.
    - The Australian “Essential Eight” or Critical Security Controls “Top 5” will help to prioritise your first actions.
  3. Phishing
    - From SANS NewsBites Vol. 19 Num. 064: “Both the 2016 and 2017 SANS Threat Landscape Surveys found phishing, including spearphishing and whaling, was the top way threats enter organizations. While the most common response to reduce the risk is enhanced user training, technical countermeasures are also needed. Google added anti-phishing features to Gmail earlier this year and are now extending them to the mobile user…” – Neely
  4. Windows Search Bug worth watching, and squashing
    - Apply the patch now for a critical Windows Search privilege escalation and RCE vulnerability (or disable the WSearch service)
  5. Outlook Web Access based attacks
    - Multi-factor authentication can help
  6. Checking for Breached Passwords in Active Directory
    - Utility using lists from HaveIBeenPwned to verify whether passwords have been breached
  7. Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List
    - Microsoft to remove WoSign and StartCom certificates in Windows 10
  8. Compromise On Checkout – Vulnerabilities in SCM Tools
    - RCE utilising ssh:// links in Git, SVN and Mercurial
  9. The Good Phishing Email
    - Proper email headers for phishing awareness exercises
  10. Beware of Security by Press Release
    - On “smoke and mirrors” vulnerabilities…