From Security Weekly Wiki
Revision as of 21:41, 2 January 2020 by Paul Asadoorian (talk | contribs)
Jump to navigationJump to search
  1. InfoSec Handlers Diary Blog - Here is a sample that I spotted two days ago. It’s an interesting one because it’s a malware that implements ransomware features developed in Node.js[1]! The stage one is not obfuscated and I suspect the script to be a prototype or a test…
  2. Hacking Git Directories - First, make sure your build process is not deploying this folder. Second, configure your web server not to serve files from the .git directory, ever. Do both, then build a test to make sure someone has not opened this exposure. This is a well-known and basic security hygiene thing.
  3. Critical Citrix Bug Puts 80,000 Corporate LANs at Risk - No details yey, but: Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.
  4. The Coolest Hacks of 2019 - My favorite from this list: Researcher Matthew Wixey calls them acoustic cyber weapons: the PWC UK researcher wrote custom malicious code that forces Bluetooth and Wi-Fi-connected embedded speakers to emit painfully high-volume sound or even high intensity and inaudible frequency sounds that can possibly produce destructive sound levels to the speakers - and to the ear.
  5. 2020 Cybersecurity Trends to Watch - I hate slide shows in posts. This article is not all that useful. What are we watching? What is a trend?
  6. 7 Tips for Maximizing Your SOC - Perhaps the best advice: Analysts and managers make a hard job harder when they conceal operational failures, fail to disclose known vulnerabilities or create a dishonest organizational culture. Instead, make your SOC a place where employees can be honest about what they find without worrying about getting fired. And incorporating automation and security analysis software into places in your SOC where human failures commonly occur can greatly improve its overall operational efficiency and effectiveness.
  7. The Most Dangerous People on the Internet This Decade - This is mostly a political post. I worry about dangerous people on the Internet who are smart enough not to be on anyone's list.
  8. Ethics and Encryption
  9. Mysterious Drones are Flying over Colorado - Schneier on Security
  10. Critical Vulnerabilities Impact Ruckus Wi-Fi Routers | SecurityWeek.Com
  11. Cisco DCNM Users Warned of Serious Vulnerabilities | SecurityWeek.Com