Things I hearted this week, 22 March 2019

March 22, 2019 | Javvad Malik

RSA has come and gone, and things are settling down into a normal routine. I did write a post-RSA blog which covered the highlights and trends I observed.

Because of RSA and the subsequent week of getting through the backlog of emails and work, the news list has piled up with over 141 separate news items lined up in my list. But don’t worry, I’ll only share the ones I truly hearted.

Device and account security checklist

Bob Lord has put together a great resource to help people and companies better secure themselves and their organisations. Even if you’re a security expert, it’s worth checking out and sharing the checklist with friends and family.

The Citrix data breach

On March 6, 2019, the FBI contacted Citrix with the news that international cyber criminals had likely gained access to the internal Citrix network. The firm says in a statement that it has taken action to contain this incident. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” says Stan Black, Citrix CISO.

Related

New phishing campaigns target real estate agents

Actors have been launching phishing campaigns that abuse several brands of well-known real estate franchises with the intent of capturing targeted real estate agents' email credentials. While this type of targeting in the real estate sector is not new, this post highlights the in-depth tactics, techniques, and procedures (TTPs) used. The TTPs and imagery used in the PDF are used to lure people in. Credential harvesting websites can be used for situational awareness to defend against these attacks.

Pros-for-hire no better at writing secure code than compsci beginners

Freelance developers hired to implement password-based security systems do so about as effectively as computer science students, which is to say not very well at all.

Boffins at the University of Bonn in Germany set out to expand on research in 2017 and 2018 that found computer science students asked to implement a user registration system didn't do so securely unless asked, and even then didn't always get it right.

Do a good deed, get met by lawyers

SEDC is an Atlanta-based company that provides back-ends for utility companies; a security researcher discovered that the company stored his password in the clear. The company's products have more than 15,000,000 users, whose logins and passwords are potentially also stored in plaintext. When the researcher alerted the company about this, the company ignored them, then denied that there was any problem, then demanded that the researcher not communicate about this except to SEDC's general counsel.

Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites

The FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (booters) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year.

Along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks.

PewDiePie fans keep making junk ransomware

For some misguided reason, PewDiePie fans seem to believe that making and releasing ransomware is a proper and acceptable method of supporting their idol.

Other stories I hearted

Javvad Malik

About the Author: Javvad Malik

The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial