RSA has come and gone, and things are settling down into a normal routine. I did write a post-RSA blog which covered the highlights and trends I observed.
Because of RSA and the subsequent week of getting through the backlog of emails and work, the news list has piled up with over 141 separate news items lined up in my list. But don’t worry, I’ll only share the ones I truly hearted.
Device and account security checklist
Bob Lord has put together a great resource to help people and companies better secure themselves and their organisations. Even if you’re a security expert, it’s worth checking out and sharing the checklist with friends and family.
Device and Account Security Checklist 2.0 | Medium, Bob Lord
The Citrix data breach
On March 6, 2019, the FBI contacted Citrix with the news that international cyber criminals had likely gained access to the internal Citrix network. The firm says in a statement that it has taken action to contain this incident. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” says Stan Black, Citrix CISO.
- Citrix breach once again highlights password weaknesses | ComputerWeekly
- Why The Citrix Breach Matters -- And What To Do Next | Forbes
- Ad Network Sizmek Probes Account Breach | Krebs on Security
New phishing campaigns target real estate agents
Actors have been launching phishing campaigns that abuse several brands of well-known real estate franchises with the intent of capturing targeted real estate agents' email credentials. While this type of targeting in the real estate sector is not new, this post highlights the in-depth tactics, techniques, and procedures (TTPs) used. The TTPs and imagery used in the PDF are used to lure people in. Credential harvesting websites can be used for situational awareness to defend against these attacks.
Pros-for-hire no better at writing secure code than compsci beginners
Freelance developers hired to implement password-based security systems do so about as effectively as computer science students, which is to say not very well at all.
Boffins at the University of Bonn in Germany set out to expand on research in 2017 and 2018 that found computer science students asked to implement a user registration system didn't do so securely unless asked, and even then didn't always get it right.
- Freelance devs: Oh, you wanted the app to be secure? The job spec didn't mention that | The Register
Do a good deed, get met by lawyers
SEDC is an Atlanta-based company that provides back-ends for utility companies; a security researcher discovered that the company stored his password in the clear. The company's products have more than 15,000,000 users, whose logins and passwords are potentially also stored in plaintext. When the researcher alerted the company about this, the company ignored them, then denied that there was any problem, then demanded that the researcher not communicate about this except to SEDC's general counsel.
- Security researcher warns of power company customers' passwords being stored in the clear, software provider responds with lawyer-letter | BoingBoing
Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites
The FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (booters) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year.
Along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks.
- Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites | HelpNetSecurity
PewDiePie fans keep making junk ransomware
For some misguided reason, PewDiePie fans seem to believe that making and releasing ransomware is a proper and acceptable method of supporting their idol.
Other stories I hearted
- The NYPD is using a new pattern recognition system to help solve crimes | The Verge
- How to Quit Your Job in 837 Easy Steps | Medium, Jessica Powell
- 7 Things You Need To Stop Doing To Be More Productive, Backed By Science | Medium, CamMi Pham