Difference between revisions of "Template:PSWPaul633"

From Paul's Security Weekly
Jump to: navigation, search
Line 2: Line 2:
 
#[https://medium.com/swlh/hacking-git-directories-e0e60fa79a36 Hacking Git Directories] - First, make sure your build process is not deploying this folder. Second, configure your web server not to serve files from the .git directory, ever. Do both, then build a test to make sure someone has not opened this exposure. This is a well-known and basic security hygiene thing.
 
#[https://medium.com/swlh/hacking-git-directories-e0e60fa79a36 Hacking Git Directories] - First, make sure your build process is not deploying this folder. Second, configure your web server not to serve files from the .git directory, ever. Do both, then build a test to make sure someone has not opened this exposure. This is a well-known and basic security hygiene thing.
 
#[https://threatpost.com/critical-citrix-bug-80000-corporate-lans-at-risk/151444/ Critical Citrix Bug Puts 80,000 Corporate LANs at Risk] - No details yey, but: ''Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.''
 
#[https://threatpost.com/critical-citrix-bug-80000-corporate-lans-at-risk/151444/ Critical Citrix Bug Puts 80,000 Corporate LANs at Risk] - No details yey, but: ''Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.''
#[https://www.darkreading.com/threat-intelligence/the-coolest-hacks-of-2019/d/d-id/1336682 The Coolest Hacks of 2019]
+
#[https://www.darkreading.com/threat-intelligence/the-coolest-hacks-of-2019/d/d-id/1336682 The Coolest Hacks of 2019] - My favorite from this list: ''Researcher Matthew Wixey calls them acoustic cyber weapons: the PWC UK researcher wrote custom malicious code that forces Bluetooth and Wi-Fi-connected embedded speakers to emit painfully high-volume sound or even high intensity and inaudible frequency sounds that can possibly produce destructive sound levels to the speakers - and to the ear.''
 
#[https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/ 2020 Cybersecurity Trends to Watch]
 
#[https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/ 2020 Cybersecurity Trends to Watch]
 
#[https://threatpost.com/7-tips-maximizing-soc/151398/ 7 Tips for Maximizing Your SOC]
 
#[https://threatpost.com/7-tips-maximizing-soc/151398/ 7 Tips for Maximizing Your SOC]

Revision as of 21:36, 2 January 2020

  1. InfoSec Handlers Diary Blog - Here is a sample that I spotted two days ago. It’s an interesting one because it’s a malware that implements ransomware features developed in Node.js[1]! The stage one is not obfuscated and I suspect the script to be a prototype or a test…
  2. Hacking Git Directories - First, make sure your build process is not deploying this folder. Second, configure your web server not to serve files from the .git directory, ever. Do both, then build a test to make sure someone has not opened this exposure. This is a well-known and basic security hygiene thing.
  3. Critical Citrix Bug Puts 80,000 Corporate LANs at Risk - No details yey, but: Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.
  4. The Coolest Hacks of 2019 - My favorite from this list: Researcher Matthew Wixey calls them acoustic cyber weapons: the PWC UK researcher wrote custom malicious code that forces Bluetooth and Wi-Fi-connected embedded speakers to emit painfully high-volume sound or even high intensity and inaudible frequency sounds that can possibly produce destructive sound levels to the speakers - and to the ear.
  5. 2020 Cybersecurity Trends to Watch
  6. 7 Tips for Maximizing Your SOC
  7. The Most Dangerous People on the Internet This Decade
  8. Ethics and Encryption
  9. Mysterious Drones are Flying over Colorado - Schneier on Security
  10. Critical Vulnerabilities Impact Ruckus Wi-Fi Routers | SecurityWeek.Com
  11. Cisco DCNM Users Warned of Serious Vulnerabilities | SecurityWeek.Com