InfoSec Reading Weekly Roundup – 13 March 2017

The weekly InfoSec reading roundup is a collection of the most interesting news and articles that I read in the past week. Note that if you are reading this at work, some of the links below might be blocked by the corporate web proxy or gateway. Please don’t try to bypass them. Read them on your phone or at home!

10 ways to ruin a cybercriminal’s day

50 Shades of FIM

7 universal rules of threat intelligence

7 Facts: ‘Vault 7’ CIA Hacking Tool Dump by WikiLeaks

9 popular password manager apps found leaking your secrets

9 Security Tips That Go Outside the Box

 

A Real-Life Look into Responsible Disclosure for Security Vulnerabilities

Abuse of Privileges: Common Barriers to Managing Privileged Accounts

After CIA leak, Intel Security releases detection tool for EFI rootkits

An Insight into Virtual Private Networks and IP Tunneling

Another example of maldoc string obfuscation, with extra bonus: UAC bypass

AntiVirus Evasion Reconstructed – Veil 3.0

Apple pushing two-factor authentication for iOS 10.3 users

Are you ready for a ransomware attack?

ARE WE LEADING BY EXAMPLE?

Attackers using cracked builder to duplicate and spread Betabot

Avoid Lengthy Pit Stops Along the Road to the Data Protection Finish Line

 

Bletchley Park: Training the next generation of cybersecurity codebreakers

Bots: Biggest player on the cybercrime block

Bye Empire, Hello Nebula Exploit Kit.

 

CIA-made malware? Now antivirus vendors can find out

CIA false flag team repurposed Shamoon data wiper, other malware

Commence the drum roll, R80.10 is coming

Covert Channels and Poor Decisions: The Tale of DNSMessenger

 

Digital Privacy at the U.S Border: A New How-To Guide from EFF

DOING THREAT INTEL THE HARD WAY – PART 5: ANALYZE THREAT INTELLIGENCE

Dridex’s Cold War: Enter AtomBombing

 

EFF to Court: Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution

ENISA and national supervisory bodies agree reporting scheme on security incidents for European TSPs

Exclusive – A Close Look at the Largest Credential Harvesting Campaign Via an IoT Botnet

Expanding protection for Chrome users on macOS

 

FAKE EXTORTION DEMANDS AND EMPTY THREATS ON THE RISE

Fears over net neutrality as FCC rules on disclosure eased

‘Filecode’ ransomware attacks your Mac – how to recover for free

Five areas for cybersecurity innovation in 2017

FOIA Uncovers Part of U.K. Shadow Regulation on Search Engines and Copyright

FortiGuard Labs Telemetry – Roundup and Comparison of 2015 and 2016 IoT Threats

Fortinet hires NSA veteran as company’s first CISO

 

GDPR: A nudge we need?

Google Enhances Safe Browsing for Chrome on MacOS

Google Increases Bug Bounty Payouts by 50% and Microsoft Just Doubles It!

Google’s reCAPTCHA turns “invisible,” will separate bots from people without challenges

GootKit Developers Dress It Up With Web Traffic Proxy

Guidelines on Incident Notification for Digital Service Providers

 

HACKERONE OFFERS OPEN SOURCE PROJECTS FREE ACCESS TO PLATFORM

Helpful(?) coding tips from the CIA’s school of hacks

How Smart Watch Data Exposed a Cheating Half-Marathon Runner

How to conduct a cost-benefit analysis and implement a virtual private network

 

Incident Response – Being prepared for the worst-case scenario

Information Security, Cybersecurity, IT Security, Computer Security… What’s the Difference?

IT admin was authorized to trash employer’s network he says

 

Judge denies blanket right to compel fingerprint iPhone unlocking

Journalists: How hacking details matter

 

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Leaked travel advice for spooks from the CIA

 

MAGIC HOUND SNIFFS OUT TROUBLE

 

New FCC Chairman begins attacks on Internet privacy

New Law in New York State Could Shape Cyber Security Across the US

New Study: Companies Aren’t Prepared for Cyber Security Threats

 

Parting advice from Howard Schmidt

Password and password managers problems: Solved in a single update

Phishing Exercises, without the “Ish”

Policy installation, is it taking too long?

Previously unseen malware behind cyberattack against UK’s biggest hospital group

Protecting real trust and truth in a virtual world

Pwn2Own – The Root of Research

 

Ransomware ‘customer support’ chat reveals criminals’ ruthlessness

Ransomware for Dummies: Anyone can do it

Ransomware Onslaught Continues: Old Foes, New Defenses

Researchers link Middle East attacks to new victim in Europe

Resource: Learn all about Windows Defender and Windows Defender Advanced Threat Protection

 

Security engineer among 15 unfilled tech jobs that cost the U.S. billions

Showdown: Prepping Enterprise Security for DDoS Botnets

Skills of the sophisticated hacker

Spammers expose their entire operation through bad backups

Some comments on the Wikileaks CIA/#vault7 leak

Some notes on the RAND 0day report

Stopping ransomware and polymorphic malware

Survey: Most Attackers Need Less Than 12 Hours To Break In

 

Talking Android ransomware extorts victims

The distraction of “who did it”

The IT equipment you can take into battle

The European Parliament votes to reintroduce visas for Americans

The FORCE of STIX & TAXII: Why STIX & TAXII are so Important to Financial Services Companies & EMEA

The National Cyber Incident Response Plan (NCIRP)

Threat Intelligence: Use cases, war stories, and ROI

Trend Micro Report: Ransomware booming

Trump adviser spoke with DNC hacker during the campaign

 

Using the Registry to Discover Unix Systems and Jump Boxes

 

Verifone Investigates Gas Station Hack Attacks

 

Watson Proves a Fast Learner in Cybersecurity Test Run

What’s Behind WikiLeaks’ Release of CIA Hacking Files

What’s the value in attack attribution?

Why We Need To Reinvent How We Catalogue Malware

WikiLeaks CIA cache: Fool me once

 

Zero-Day Facts of Life Revealed in RAND Study

Prithvi Mandava

Prithvi Mandava

Prithvi is an experienced cyber security professional with global experience across 3 continents. He has proven skills and experience on Cisco, Check Point, Fortinet, Juniper and other vendors' products and technologies. He also has a passion for nature and landscape photography and can be seen lugging his camera gear in and around some pretty locations.

A few of the industry credentials he currently holds include CISSP, CISM, CISA, CCNP R&S, CCNA Security, CCNA.

Prithvi Mandava Photography
Original Indian Music