15 Bullet Friday – The Best Security News of the Week – 2020.01.10
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. We Talked to Experts About Iran’s Cyberwar Capabilities (VICE, Jan 03 2020) Iran lacks the overall cyber capabilities of Russia, China, or the U.S., but its hackers can still do damage. 2. Microsoft Shuts Down 50 Domains Used by North Korean Hacking […]
15 Bullet Friday – The Best Security News of the Week – 2020.01.03
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. Chinese Hackers Bypassing Two-Factor Authentication (Schneier on Security, Dec 26 2019) On December 18th, DeepInstinct put out a great article outlining the latest Legion Loader campaign. Whether a parent, or organization, this served as a great example to demonstrate the effectiveness of […]
15 Bullet Friday – The Best Security News of the Week – 2019.12.27
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers (Wired, Dec 18 2019) Thirty years ago, Cliff Stoll published The Cuckoo’s Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far […]
15 Bullet Friday – The Best Security News of the Week – 2019.12.20
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. Hackers Can Mess With Voltages to Steal Intel Chips’ Secrets (Wired, Dec 10 2019) A new attack called Plundervolt gives attackers access to the sensitive data stored in a processor’s secure enclave. 2. This password-stealing hacking campaign is targeting governments around the […]
15 Bullet Friday – The Best Security News of the Week – 2019.12.13
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. Vulnerabilities Discovered in VPN Used by NASA, Shell, and BT (Infosecurity Magazine, Dec 06 2019) Weaknesses in the Aviatrix VPN were detected by Immersive Labs researcher and content engineer Alex Seymour on October 7, 2019. The multiple local privilege escalation vulnerabilities Seymour […]
15 Bullet Friday – The Best Security News of the Week – 2019.12.06
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. SQL Injection Errors No Longer the Top Software Security Issue (Dark Reading, Nov 27 2019) In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth. [1] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer [2] CWE-79 […]
15 Bullet Friday – The Best Security News of the Week – 2019.11.29
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. French Hotel Giant Leaks 1TB+ of Client Data (Infosecurity Magazine, Nov 22 2019) Unsecured Elasticsearch database once again to blame 2. Web Skimmers Use Phishing Tactics to Steal Data (Infosecurity Magazine, Nov 25 2019) “This skimmer is interesting because it looks like […]
15 Bullet Friday – The Best Security News of the Week – 2019.11.22
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. Attack tools and techniques used by major ransomware families (Help Net Security, Nov 15 2019) Ransomware is typically distributed in one of three ways: as a cryptoworm, which replicates itself rapidly to other computers for maximum impact (for example, WannaCry); as ransomware-as-a-service […]
15 Bullet Friday – The Best Security News of the Week – 2019.11.15
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. BlueKeep exploitation activity seen in the wild (Kevin Beaumont, Nov 11 2019) Back in May 2019, Microsoft released at patch for CVE-2019–0708, a Remote Desktop vulnerability I nicknamed BlueKeep — as exploitation… 2. Mac users warned that disabling all Office macros doesn’t actually disable […]
15 Bullet Friday – The Best Security News of the Week – 2019.11.08
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. As Phishing Kits Evolve, Their Lifespans Shorten (Dark Reading, Oct 30 2019) Most phishing kits last less than 20 days, a sign defenders are keeping up in the race against cybercrime. 2. The First BlueKeep Mass Hacking Is Finally Here—but Don’t Panic […]