CISA provides guidelines to safeguard K-12 groups from cyber threats
CISA releases Protecting Our Future, which aims to support K-12 organizations with guidelines to prioritize their fight against cybersecurity risks.
ISC StormCast for Wednesday, February 1st, 2023
DShield Honeypot Setup with pfSense
https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490
Threat Actors Abusing Microsoft’s “Verified Publisher” Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
PoS Malware Can Block Contactless Payments
https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/
Detecting Files Exempt from Anti Malware Scans
https://github.com/bananabr/TimeException
New safety protocols for Northeastern’s Oakland campus
Following a shooting close to Northeastern’s Oakland campus, administration wrote a letter outlining safety measures to protect its students.
Fighting security fatigue with proper training reduces cyber risks
As cyberattacks and data breaches increase, employees must be capable of identifying and preventing cyberattacks. The right kind of training can help.
ISC StormCast for Tuesday, January 31st, 2023
Decoding DNS over HTTP(s) Requests
https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488
Action Needed for GitHub Desktop and Atom Users
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
GitHub Checksum Mismatches for .tar.gz Files
https://github.com/orgs/community/discussions/45830
Facebook 2FA Bypass
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
Fortinet Exploit
https://wzt.ac.cn/2022/12/15/CVE-2022-42475/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-23-01
Secure code training ruled better investment than code scanning tools
EMA’s Secure Coding Practices survey of 129 software development professionals found that code scanning tools were less effective than developers.
ISC StormCast for Monday, January 30th, 2023
Microsoft Tips to Patch Your Exchange Servers
https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
FCC Treatens to Take Action Against Twilio over Robocalls
https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners
PlugX Variant Spreads via USB
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
Adware in Google Play Store
https://news.drweb.com/show/review/?lng=en&i=14652
Tails 5.9 Update
https://tails.boum.org/news/version_5.9/index.de.html
5 strategies for hotel & casino worker safety
Hospitality security leaders should focus on emergency plans, incident reporting and employee communication when looking to improve worker safety.
Better security in business districts requires communication & funding
Three security experts share their thoughts on how to improve security within Business Improvement Districts (BIDS) to improve local trade.
