Cyber Security Informer

Weekly update 56 (island edition)

Troy Hunt

OCTOBER 13, 2017

After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. In the meantime, here's this week's update: iTunes podcast | Google Play Music podcast | RSS podcast.

Data breaches

Microsoft Patch Tuesday, February 2021 Edition

Krebs on Security

FEBRUARY 9, 2021

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. Windows 10 users should note that while the operating system installs all monthly patch roll-ups in one go, that rollup does not typically include.NET updates, which are installed on their own.

DNS

DNS Backups Software Phishing

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

This story will be updated if any of them respond. The Target intrusion saw Rescator’s cybercrime shops selling roughly 40 million stolen payment cards, and 56 million cards from Home Depot customers. Nikki Haley to head the state’s law enforcement division. state tax database, without naming the state. ” On Oct.

Identity Theft

Identity Theft Banking Cybercrime Hacking

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day

Security Affairs

FEBRUARY 9, 2021

Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. Of these 56 vulnerabilities, 11 have been rated as Critical, 43 as Important, and two as Moderate in severity. Prioritize this update if you depend on Microsoft DNS servers.”

DNS

DNS IoT Backups Mobile

State of API Security: Financial Services and Insurance

Security Boulevard

JULY 19, 2023

Other notable findings include: 42% of respondents have little confidence in understanding which APIs expose PII Merely 13% of respondents consider their API security programs to be advanced 36% of respondents update their APIs at least weekly, but only 10% update their documentation at the same weekly pace Only 42% of respondents identify API security (..)

Financial Services

Financial Services Insurance Digital transformation Banking

National Small Business Week: 10 Best Practices for Small Business Cybersecurity

CyberSecurity Insiders

SEPTEMBER 14, 2021

A recent survey conducted by CNBC and Momentive found that 56% of small business owners are not concerned about being the victim of a cyberattack in the next year and that only 28% of them have a response plan in place in case of a cyberattack. Installing these patches in a timely fashion is important in limiting points of vulnerability.

Small Business

Small Business Cybersecurity Passwords Education

Hurrah – It’s (patch) Tuesday!

IT Security Guru

MAY 10, 2021

It started in 2003, with both security and feature updates on the second, and sometimes further feature updates on the fourth, Tuesday of each month at a time when the software giant would bundle up and issue several patches to fix bugs and security vulnerabilities for its operating systems and applications. First audit.

VPN

VPN Software InfoSec Firmware

Adventures in the land of BumbleBee

Fox IT

APRIL 29, 2022

Considering that BUMBLEBEE is actively being developed on, the operator(s) did not implement a command to update the loader’s binary, resulting the loss of existing infections. 56 108.62.118[.]61 Distribution via OneDrive links. Email thread hijacking with password protected ZIP. 45 103.175.16[.]46 46 104.168.236[.]99

Encryption

Encryption Passwords Malware Software

SOC teams spend nearly a quarter of their day handling suspicious emails

SC Magazine

FEBRUARY 3, 2021

According to the survey, the preventative tasks most commonly performed by SOC teams are updating allow and block lists (79.6% of respondents), updating ATP policies (64.9%) implementing new mail-flow rules (56%), updating sensitivity and confidence settings (44.3%) and updating signature files (28.9%).

Phishing

Phishing Media Network Security

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data

Malwarebytes

APRIL 5, 2023

In 2021, 56 percent of K–12 schools and 64 percent of higher education institutions reported being hit by some type of ransomware. Install, regularly update, and enable real-time detection for antivirus software. And it should come as no surprise that the cyberthreat doing the most damage to education is ransomware.

Education

Education Ransomware Cybersecurity Risk

Announcing the Velocity Update for ShiftLeft CORE

Security Boulevard

FEBRUARY 1, 2022

We are excited to announce the Velocity Update for our application security platform, ShiftLeft CORE! With this update, AppSec and Development teams can fix security issues in source code even more quickly and efficiently. The update adds a number of improvements to the platform that can be found at the end of this post.

Mobile

Mobile Accountability Education Engineering

Why No HTTPS? Here's the World's Largest Websites Not Redirecting Insecure Requests to HTTPS

Troy Hunt

JULY 23, 2018

In total, this meant 12,363 separate domains and only 56 of them redirected to HTTPS. Now mind you, that list of 56 sites represents 0.45% of the 12,363 I scanned so even whilst they're anomalous, they have very little bearing on the overall objective of the project. Data Source.

Government

Government VPN Banking

We're Doing an All New Series on Pluralsight: Creating a Security-centric Culture

Troy Hunt

JANUARY 24, 2018

This was actually inspired by my weekly update videos and we all felt that if I'm going to be talking about culture, a bit more personality would go a long way and that's something that's easier to impart via video.

Education

Education CISO Encryption Passwords

Ten Years Later, New Clues in the Target Breach

Krebs on Security

DECEMBER 14, 2023

Investigators would later determine that a variant of the malware used in the Target breach was used in 2014 to steal 56 million payment cards from Home Depot customers. However, the last update on that profile is from 2018, when Shefel appears to have legally changed his last name. Six of those domains are some variation of FreeFrog.

Cybercrime

Cybercrime Accountability Advertising Computers and Electronics

7 Trends I Spotted When Reviewing 2020 and the Cybersecurity Skills Gap

Jane Frankland

JANUARY 13, 2021

Supply chain attacks are up too and fresh in our minds is December’s SolarWinds breach where threat actors gained access to governments and numerous public and private organisations around the world via trojanized updates to its Orion IT monitoring and management software.

Cybersecurity

Cybersecurity Risk Government Technology

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

In general, here are some of the most frequent best practices to protect against malware: Update all network, application, and device software promptly. The best way to minimize potentially nasty bugs is consistent updates for your software. Using strong passwords that you update regularly can go a long way towards keeping you safe.

Malware

Malware Adware Spyware Antivirus

[0day] [exploit] Advancing exploitation: a scriptless 0day exploit against Linux desktops

Scary Beasts Security

NOVEMBER 21, 2016

The exploit is running against a default install of Fedora 24, except that the gstreamer packages were upgraded to the latest: dnf update gstreamer* (v1.8.3-1.fc24.x86_64). FLX_LC; no-op to set flxdec->size to 56, but it is already 56. The terminal output shows an amusing side effect of the exploit, which we’ll cover later.

Media

Media Engineering Risk Hacking

ISRAELI FIRM ‘BRIGHT DATA’ (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN

Security Affairs

AUGUST 30, 2021

During an attack of this nature, it is difficult to find clear patterns without fast data and log processing and ad-hoc tools but our DNS servers were clearly recording these spikes of DNS updates every time the botnet was renewing IP addresses. 24 (56 IPs) during the attack 10-19th August 2021). 24 55 188.170.75.0/24

DDOS

DDOS DNS Mobile Authentication

Cyber Security Roundup for March 2021

Security Boulevard

FEBRUARY 28, 2021

I wrote a blog post about my concerns given Linux is embedded everywhere, yet many of these systems are rarely, and even never updated with security updates. CD Projekt Red later in the month said it was delaying an update to their Cyberpunk game until late March due to the cyberattack. VULNERABILITIES AND SECURITY UPDATES.

Energy and Utilities

Energy and Utilities Ransomware DDOS Accountability

Cyber Security Informer

Weekly update 56 (island edition)

Microsoft Patch Tuesday, February 2021 Edition

Trending Sources

Who Stole 3.6M Tax Records from South Carolina?

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day

State of API Security: Financial Services and Insurance

National Small Business Week: 10 Best Practices for Small Business Cybersecurity

Hurrah – It’s (patch) Tuesday!

Adventures in the land of BumbleBee

SOC teams spend nearly a quarter of their day handling suspicious emails

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data

Announcing the Velocity Update for ShiftLeft CORE

Why No HTTPS? Here's the World's Largest Websites Not Redirecting Insecure Requests to HTTPS

We're Doing an All New Series on Pluralsight: Creating a Security-centric Culture

Ten Years Later, New Clues in the Target Breach

7 Trends I Spotted When Reviewing 2020 and the Cybersecurity Skills Gap

Types of Malware & Best Malware Protection Practices

[0day] [exploit] Advancing exploitation: a scriptless 0day exploit against Linux desktops

ISRAELI FIRM ‘BRIGHT DATA’ (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN

Cyber Security Roundup for March 2021

Stay Connected