Real or fake?
In the news
- Email Provider VFEmail Suffers ‘Catastrophic’ Hack. Live data and back ups were destroyed. A reminder that backups should include offline copies.
- Nearly 20 millions accounts from photography site EyeEm have been stolen including emails and hashed passwords.
In the wild
- A Facebook credential attack that uses html to produce visually perfect phishing page complete with SSL indicators and legitimate URL.
- Dunkin Donuts has suffered a credential stuffing attack.
Research, reports, opinions
- A functional prototype of a USB cable with an inbuilt WiFi transmitter has been demonstrated. In the demo video the creator remotely controls a computer using the USB cable as a receiver.
- Cisco has released their 2019 Threat Report which focusses on five key threats on the past year that they see as being relevant for 2019. If you are not yet aware of “modular malware” then it is worth a read.
- ProofPoint has released their Quarterly Threat Report. One key takeaway, “the pendulum of malware delivery mechanisms in email continued to swing towards URLs; malicious URLs outnumbered attachments like macro-laden documents by over 370%”.
- A US Government report has been released on the Equifax data breach that impacted 143 million customers. If your IT security function reports into the Legal department then you may want to read about the operational impact this had at Equifax.
- An interesting perspective on Blockchain, “Blockchain solutions are often much worse than what they replace”.
- Microsoft has released updates for February. There are various advisories that accompany the updates for Adobe Flash, Active Directory, Exchange, and Windows Servicing Stack.
- Cisco Network Assurance Engine CLI Access with Default Password Vulnerability
- Security vulnerabilities fixed in Thunderbird 60.5.1
- VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime
- Mozilla has released security updates for Firefox.
UK industry events
- 12-13 Feb 2019, London, The European Information Security Summit
- 7-8 March 2019, London, Identity and Access Management Summit
- 12-13 March 2019, London, Cloud and Cyber Security Expo
- 27-28 March 2019, London, The World Cyber Security Congress
- 14 March 2019, London, CRESTCon
- 24-25 April 2019, Glasgow, CYBERUK
- 25-26 April 2019, London, Cyber Security and Cloud Expo
- 9 May 2019, London, GovSec
- 4-6 June 2019, London, Infosecurity Europe
- June 2019, London, Security BSides
- 9 July, London, The Cyber Security Summit
- 23-24 September, Windsor, Information Security Network
- 9-10 October, London, Cyber Security Europe (part of IP Expo)
- October 2019, London, FT Cyber Security Summit Europe
- 20 November 2019, London, Cyber Security Summit