|
Device and Account Security Checklist
Bob Lord has put together a great resource to help people and companies better secure themselves and their organisations. Even if you’re a security expert, it’s worth checking out and sharing the checklist with friends and family.
The Citrix Data Breach
On March 6, 2019, the FBI contacted Citrix with the news that international cyber criminals had likely gained access to the internal Citrix network. The firm says in a statement that it has taken action to contain this incident. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” says Stan Black, Citrix CSIO.
Related
New phishing campaigns target real estate agents
Actors have been launching phishing campaigns that abuse several brands of well-known real estate franchises with the intent of capturing targeted real estate agent’s email credentials. While this type of targeting in the real estate sector is not new, this post highlights the in-depth tactics, techniques, and procedures (TTPs) used. The TTPs and imagery used in PDF lures and credential harvesting websites can be used for situational awareness to defend against these attacks.
Pros-for-hire no better at writing secure code than compsci beginners
Freelance developers hired to implement password-based security systems do so about as effectively as computer science students, which is to say not very well at all.
Boffins at the University of Bonn in Germany set out to expand on research in 2017 and 2018 that found computer science students asked to implement a user registration system didn't do so securely unless asked, and even then didn't always get it right.
Do a good deed, get met by lawyers
SEDC is an Atlanta-based company that provides back-ends for utility companies; a security researcher discovered that the company stored his password in the clear. The company's products have more than 15,000,000 users, whose logins and passwords are potentially also stored in plaintext. When the researcher alerted the company about this, the company ignored them, then denied that there was any problem, then demanded that the researcher not communicate about this except to SEDC's general counsel.
Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites
The FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (booters) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year.
Along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks.
PewDiePie fans keep making junk ransomware
For some misguided reason, PewDiePie fans seem to believe that making and releasing ransomware is a proper and acceptable method of supporting their idol.
Other stories I hearted
|
