Threat Hunting with JARM
SANS comes through with an article on using JARM to hunt threats; this is an area I have started getting interested in given the increased threat landscape we find ourselves in.
If you know code is vulnerable, would you ship it?
Dark Reading goes into some detail on the critical factors why vulnerable code is shipped in the first place.
COVID-19 Drives Infosec in 2020 and beyond
Coronavirus has attacked every aspect of our lives, it’s changed they way we work and the way we engage with the world around us; this is unlikely to change in 2021 so prepare now.
Bandook Resurrected from the dead
Bandook has seemingly returned from the dead and used to target numerous industries; this is interesting as it shows that old tools once presumed dead can be used in new and creative theatres.
DNS Spoofing “uncommon” but on the rise
DNS Spoofing doesn’t happen that often, but when it does it can be very damaging; The Register points out that twice nearly nothing is still nearly nothing.
Shipping related phishing
Phishing isn’t new; however attacking shipping related messages is starting to become a significant problem. This is an area where suppliers need to innovate and move away from inherently vulnerable platforms such as SMS for delivery shipping notifications.
- Where's the package I'm expecting? Watch out for shipping and delivery-related phishing emails that…
Cayman Islands investment fund data breach (Azure)
Yikes! glad I don’t have any cash stored in the Cayman Islands as they just accidentally left them out in the open in an unsecured Azure Blob Storage account; obviously they have been ignoring those pesky Azure Security Centre warnings.
So you’ve paid up, you think your clear; but are you? If you pay a ransom do you have any guarantees that your data has been destroyed. It’s not exactly like your dealing with a reputable thief here.
Pre-filled PayPal MageCart attack
Retail scams aren’t going away any time soon; they are going to gain more “finesse” though — here is a good example of pre-filling a form which increases “conversions” and thus hacked accounts.
Computer Fraud and Misuse Act supreme court test case
We should find out soon how enforceable various computer fraud acts really are soon; this is valuable test case data for all common law countries as it’s only when you try these cases in court we find out if they are actually enforceable.
Attacks on Unprotected Docker Servers
Another tip for DevOps and Sys. Admins alike sometimes what you think is safe, is really the beach head an attacker needs.
Using DNS Filtering to protect against Malware and Phishing
DNS filtering is a blunt tool; however it can be very effective when you have limited control over the operating system.
Assessing your own Cyber Security Risk
Cyber Security is everyone’s problem; and now there is an app for that…
Apple Over-the-air Denial of Service Fixed in iOS 13.5
This was the big post of the week; a researcher successfully demonstrated that it was possible to takeover unpatched iPhones using some simple (but hard to control) components.
Risk Based Cyber Security
As we mature as an industry, we need to start considering how we mature our approach; taking a risk adaptive approach and truly understanding threat models is part of that process.