Monthly newsletters launched
This is the inaugural monthly newsletter. For now this is an experiment to see if this is a useful format to provide people with a digest of what has been posted on the site in the last month, noteworthy news stories from around the web and any announcements of new site features.
Stories from the web
Twitter Hack: Twitter suffered a hack that came out of a a compromise of a number of insider accounts that had admin privileges. The initial attack appears to be a Bitcoin scam, but later emerged that a number of high profile accounts had a number of messages read and downloaded. A prime example of why you need to limit access to privileged accounts.
Garmin suffer a Ransomware attack: In the past week Garmin, a major provider of fitness trackers, was hacked and their network crippled with ransomware. This affects all online services and their call centres. This is particularly serious since this service will hold a lot of highly personal fitness and location data. while I haven’t seen any disclosure of this data yet, this is becoming a typical attack vector if the firm refuse to pay the ransom.
Emotet botnet is now heavily spreading QakBot malware: Emotet is a botnet that has been dormant for a while now that came back to life in the past few weeks. It was known for spreading Banking Trojans, but is now delivering other malware payloads.
EU-US Privacy Shield for data struck down by court: This was an agreement put in place between the EU and the US to underpin transatlantic data transfers and underpins a lot of EU/US trade. It was recently challenged by a privacy activist.
7 VPN Services were found to be leaking logs that they claimed they didn’t retain. If you are choosing a VN this is a feature that is probably in the top 5 you need. However, free VPN’s are always suspect for this kind of behaviour.
Common Android Apps Targeted: A new form of the LokiBot Trojan has been discovered that is targeting common android apps (not just banking and financial apps) called BlackRock.
This is just a few of the stories we tweeted about on our Twitter account @JMBUSSEC. This is our primary threat intelligence vehicle.
Site development news
All the usual updates on our blogs and guidance sections. We have also:
- Added monthly newsletters via Mail Chimp – this is experimental and will provide additional monthly news and stories from our Twitter Feed.
- Added a number of updates to our glossaries
- Broken up the Glossary of Terms in to 4 alphabetic segments with individual jump lists (the original page was getting too big to download and maintain)
- We have also completed the first phase of providing links to other sections in the glossary to aid the lookup of additional and related terms
- Published a list of blogs we are working on for the next half of 2020 and added it to our site menu under News.
Over the coming months, we are working on improving the navigation and content on our site.
Join our newsletter mailing list
Sign-up for regular news by joining our newsletter mailing list. This is separate to following our blog on this site.