Weekly Update 126

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one. That’s why I’m a day late this week having finally arrived home late last night.

Cloud migration: Not so fast!

In recent years, analysts and visionaries have been talking nonstop about digital transformation, viewing migration to a public cloud as an integral part of it. On the whole, they are likely to be right. But from our point of view, the idea that by 2020 everyone will have migrated most of their workloads to the cloud looks rather optimistic. The process is undoubtedly underway, but it is going much slower than enthusiasts like to think.

Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme

On February 15th, 2019, Anomali Labs researchers found an active phishing page masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The illegitimate portal <hxxps://www[.]txdot[.]gov[.]us.e-bid.sync.auth.moovindancestudio[.]com/secure/user-login/login[.]php> is being hosted on a suspected compromised server used by a North Carolina-based dance studio group.  The server resolves to a France-based IP address 62.210.201[.]8, which has been observed hosting multiple phishing sites in the past 30 days. The TLS certificate was issued by cPanel, Inc. Certification Authority on February 1st 2019 with a validity of 3 months. This could be a possible indication that the phishing campaign has been active since at least the beginning of February.

Deploy the space harpoon

Watch out, starwhales. There’s a new weapon for the interstellar dwellers whom you threaten with your planet-crushing gigaflippers, undergoing testing as we speak. This small-scale version may only be good for removing dangerous orbital debris, but in time it will pierce your hypercarbon hides and irredeemable sun-hearts.

How to Build Comprehensive Security Processes With Threat Intelligence

As children, many of us played with the classic assortment of blocks, columns, and other shapes known as Lincoln Logs. I spent hours in my bedroom as a young boy, creating fortresses and buildings, section by section, log by log. Like that time spent as a child, you can build a robust and comprehensive security approach piece by piece, while knowing that it can take just one mistake or accident to have it all come crumbling down.

On The 2019 HIMSS Cybersecurity Survey

The Healthcare Information and Management Systems Society (HIMSS) recently published a report from the 2019 HIMSS Cybersecurity Survey. The findings show that malicious actors are successfully leveraging phishing attacks to initially gain access to networks across healthcare organisations in the US.

DEFCON, Windows 10, & Linux vs Mac – Paul’s Security Weekly #594

Why it’s way too easy to sell counterfeit goods on amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a windows 95 emulator for Windows 10, Linux, or MAC, DEF CON goes to Washington, and InfoSec institutes top podcasts that take your computer skills to the next level!