A quick Saturday digest of cybersecurity news articles from other sources.
TSA Admits Liquid Ban Is Security Theater
The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes:
SharePassengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.
The Insecurity of WordPress and Apache Struts
Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense. The full report is here.
Work-from-Home Security Advice
SANS has made freely available its “Work-from-Home Awareness Kit.”
When I think about how COVID-19’s security measures are affecting organizational networks, I see several interrelated problems: read more…
AA20-106A: Guidance on the North Korean Cyber Threat
Original release date: April 15, 2020
Summary
(Bob’s note: Let’s not forget that during the pandemic our old friends are still engaged with the US in ongoing, daily cyberwar operations.) The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Read more…
US offers up to $5m reward for information on North Korean hackers
UN experts believe the DPRK cyber-steals and launders money, extorts companies and funnels the cash into its nuclear program.
Maze ransomware hits giant US IT services company Cognizant
The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze.
How ransomware attackers are doubling their extortion tactics
Cybercriminals are threatening not only to hold sensitive data hostage but also to release it publicly unless the ransom is paid, says cyber threat intelligence provider Check Point Research. Read more…
Credentials for WHO, CDC, NIH, Gates Foundation Dumped on Dark Web
Note from Bob: This breach means that email account hijacking is easily done, and emails arriving from valid WHO, CDC, and similar organization’s accounts may be spoofed or malicious. Suspect any emails from these groups. The World Health Organization is in the middle of responding to a global pandemic. It is COVID-19 chaos. Lives are at stake. Suddenly, out of nowhere, hackers publish more than 2,000 usernames and passwords for those who are part of the WHO, giving anyone with these credentials access to WHO servers and employee email inboxes. And then comes a plot twist you didn’t see coming: white supremacist and extremist groups are sharing the login credentials with glee, encouraging their members to use them to uncover “the truth” about the coronavirus. This plot is reality according to SITE Intelligence Group, an NGO that tracks online activity… Read more
iPhone zero day – don’t panic! Here’s what you need to know
A mobile phone forensics outfit looking into real-world attacks going back more than two years has uncovered two Apple Mail app bugs.
Password-free database of exercise app Kinomap leaks 42m user records
It’s like a cloud of personal information breathed out in a plume by a database that didn’t bother to wear a mask.
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com