Inside Security | Inside
Inside Security

David Strom's in-depth cybersecurity news and analysis

Today’s premium story is about why you should be including law enforcement in your tabletop security exercises. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account.  

We want to highlight the efforts of our sponsors. Recently, Endgame was recognized at the only Washington DC-area company on the Forbes 2018 Cloud 100 list. This summer we released products to help detect malware from emerging threats to Microsoft Office macros, collaborated with MITRE on their ATT&CK framework, and released several open-source security tools. Check them out here.

-- David Strom


1. A massive DDoS attack on a back office education IT supplier has crippled several of its school district websites last week. Notices went out from the Oklahoma City public schools and another district in Wyoming confirming the attack. The company is Infinite Campus, who supplies parent portals and student information systems for many districts around the country. They are implementing better security measures to prevent this from happening in the future. On their Facebook page, Campus claims the attack is “50 times greater and the duration is already 100 times longer than anything we’ve experienced before.”


2. AdGuard has suffered a major attack that led to the company resetting all of its users passwords. Their telemetry detected major credential stuffing activity. They now detect if a user tries to use an already-exploited password on Troy Hunt’s list and issues a warning. The company hasn’t yet implemented MFA but is moving in that direction. -- ADGUARD


Subscribe to Inside Security


Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 
   
   

Today’s premium story is a review of the new FIDO2 security hardware from both Yubico and Google.  If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account.  

-- David Strom


1. New phishing emails that purport to be from Netflix to “update your payment information” have been circulating. The video service is a frequent target because so many people reuse passwords on other, more valuable accounts. -- ACTION FRAUD NETWORK


2. If you are a Chrome user, it might be time to switch to another browser if you care about your privacy. You might have noticed your image appearing in the top right-hand corner. It is a recent “improvement” by Google to help distinguish activity on your account. This security researcher makes a solid argument as another step away from privacy protection. -- CRYPTOGRAPHY ENGINEERING BLOG


[Developers] Chainkit helps you add blockchain to your app in 5 minutes.

With Chainkit's new API, you don't need to be a blockchain expert to Register() and Verify() data, events, or processes in your applications. Inside readers get early access before they go live on Product Hunt. 

Get Early Access 


3. The Adwind RAT is back with a new toolkit designed to trick antivirus programs into allowing the malware to exploit systems. It is targeting Turkish and German sites. It also contains a new DDE-based attack to compromise Excel spreadsheets. -- CISCO TALOS BLOG


4. Do you still have unpatched Win7 PCs? You might be confused with the way Microsoft has labeled its updates. This post explains what you need to do and why next month’s Patch Tuesday update is important. -- ZDNET


4 ways to improve collaboration on your team today

Our collaboration eBook shows you the four things your team can do right now to improve the way they work together and gives examples of what strong collaborative cultures across industries have in common. You’ll also learn how Dropbox Business can power your team’s best work.

Download now

 


5. Microsoft highlighted a number of security-related activities at yesterday’s Ignite conference. These include using its Authenticator smartphone app for Azure AD logins, a Secure Score dashboard for Office 365 admins, a security service for political campaigns called AccountGuard, and more. -- MICROSOFT CLOUDBLOG


6. Here are six signs that you have been phished. They range from tracking your own apps, to getting mysterious texts, to recognizing dodgy URLs.  -- MALWAREBYTES

7. Here is an open source tool called Danger Zone that can track malicious Internet behavior and consolidate a lot of information into an easy-to-review dashboard. -- HACKERNOON

8. Synchronizing time clocks using NTP has an alternative. Google’s Roughtime protocol is now available from Cloudflare as a service. The post explains why it is useful. -- CLOUDFLARE BLOG

9. The California legislature is considering legislation that would institute stricter IoT password security. If the bill passes, it will require vendors to comply by 2020. -- SLATE

10. During 2Q18, these researchers saw the number of hidden malicious cryptominers double, with an associated increase in Javascript used for this purpose. -- SITELOCK REPORT (reg. req.)


Oops. If you are going to use screenshots, next time be careful what you include in the screen. -- NAKED SECURITY


A recent article in Security Ledger talks about a “tabletop” security exercise in Boston where the objective was to bypass voting machine security to throw a mock election in “Nolandia.” in this premium item, I talk about where you can go to find these exercises and why it is important to include law enforcement members in them. 

Content for premium users only

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).


[Developers] Chainkit helps you add blockchain to your app in 5 minutes.

With Chainkit's new API, you don't need to be a blockchain expert to Register() and Verify() data, events, or processes in your applications. Inside readers get early access before they go live on Product Hunt. 

Get Early Access 


3. The servers for the Isle of Arran-based Scottish beer maker were targeted with ransomware last week. It was caused by an infected PDF that posed as a job seeker’s resume. The brewery didn’t pay the ransom and lost several months’ worth of data. -- THE REGISTER


4. A website for a candidate for one of California’s Congressional seats was subject to four separate DDoS attacks that brought the site down.  Democrat Bryan Caforio lost his primary by a narrow margin. This post analyzes what happened. -- ROLLING STONE


4 ways to improve collaboration on your team today

Our collaboration eBook shows you the four things your team can do right now to improve the way they work together and gives examples of what strong collaborative cultures across industries have in common. You’ll also learn how Dropbox Business can power your team’s best work.

Download now


5. Funding news of the week:

DataGrail landed a $4M A funding round led by Cloud Apps Capital Partners. The firm is based in Silicon Valley and has a personal data privacy service. Daniel Barber is their CEO.

Fidelis Cybersecurity raised $25M in a new funding round from existing investors. The DC-area firm has automated EDR tools and their CEO is Nick Lantuh.


 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

load more stories