Happy New Year and best wishes for 2019, CoSoNauts! #CoSoScience #CoSoSec

Cyberattack from outside the U.S. hits newspapers across the country, preventing distribution, source says

https://www.latimes.com/local/lanow/la-me-ln-times-delivery-breakdown-20181229-story.html

#CoSoSec

US-CERT: Vulnerability Summary for the Week of May 14, 2018

https://www.us-cert.gov/ncas/bulletins/SB18-141

#CoSoSec

U.S. CERT: Vulnerability Summary for the Week of April 30, 2018

https://www.us-cert.gov/ncas/current-activity/2018/05/07/FTC-Releases-Alert-Exposed-Twitter-Passwords

#CoSoSec

US-CERT: Vulnerability Summary for the Week of April 23, 2018

https://www.us-cert.gov/ncas/bulletins/SB18-120

#CoSoSec

Note the 7zip vulnerability.

#CoSoSec

US-CERT: Vulnerability Summary for the Week of April 16, 2018

https://www.us-cert.gov/ncas/bulletins/SB18-113

#CoSoSec

SunTrust says a former employee may have tried to print information on about 1.5 million customers and share it with a "criminal third party."

http://money.cnn.com/2018/04/20/news/companies/suntrust-bank/index.html

#CoSoSec

https://counter.social/media/EAtNJEWrqASP-Bi9iBE

Even though soho/commodity routers often see no firmware updates, the biggest problem continues to be simply a configuration issue.

If you leave devices with default settings (e.g. default passwords, telnet administration enabled, etc.) then hackers barely have to work to own your network. Even automated attacks will do the job.

Russia Steps Up Hacking, Spurring U.S.-U.K. Warning on Risk

https://www.bloomberg.com/news/articles/2018-04-16/u-s-and-u-k-issue-joint-alert-warning-of-russian-cyber-attacks

#CoSoSec

https://twitter.com/ASLuhn/status/986218853469446144

https://counter.social/media/-vFsurLXKJ2qeKE9lQA

#CoSoSec

@JWilliams it's also the reason I'm in the process of swapping D-Link switches out for Ubiquiti equipment. Nothing is perfect, but I'll take actively supported and updated equipment over the "buy and forget" stuff from most vendors any day.

#CoSoSec

@JWilliams this point:
"ISPs do not replace equipment on a customer’s property when that equipment is no longer supported by the manufacturer or vendor."

...was a big reason why I went from using a Linux-based Actiontec FIOS router that hadn't seen any available updates in years to using OpenBSD-based firewalls and routers at the network border.

#CoSoSec

US-CERT: Alert (TA18-106A)
Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

https://www.us-cert.gov/ncas/alerts/TA18-106A

#CoSoSec

US-CERT: Vulnerability Summary for the Week of April 9, 2018

https://www.us-cert.gov/ncas/bulletins/SB18-106

#CoSoSec

Thousands of compromised websites spreading malware via fake updates

https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/thousands-compromised-websites-spreading-malware-via-fake-updates/

#CoSoSec

https://counter.social/media/xv_O99rTaMi9RPk3_ik

Federal Agency Data Under Siege

https://www.darkreading.com/attacks-breaches/federal-agency-data-under-siege/a/d-id/1331467

#CoSoSec

https://counter.social/media/xTShG-O9A1DOba2XG4c

Avoiding the Ransomware Mistakes that Crippled Atlanta

https://www.darkreading.com/partner-perspectives/iboss/avoiding-the-ransomware-mistakes-that-crippled-atlanta/a/d-id/1331518

#CoSoSec

https://counter.social/media/IIBiNk1B8dW89KbRrcA

Q1 Cyber-Attacks on UK Firms Jump 27%

https://www.infosecurity-magazine.com/news/cyberattacks-on-uk-firms-jump-27/

#CoSoSec

Russian court blocks Telegram messaging app in privacy row

https://phys.org/news/2018-04-russian-court-blocks-telegram-messaging.html

#CoSoSec

https://counter.social/media/lUmO0OgCL2wcKEckrmQ

Uber's 2016 Breach Affected More Than 20 Million U.S. Users

https://www.bloomberg.com/news/articles/2018-04-12/uber-breach-exposed-names-emails-of-more-than-20-million-users

#CoSoSec