It was world backup day yesterday. An ideal moment to reflect on your backup strategy and potentially further improve it. In this short write-up I’ll give some tips to help you.

My latest blog. "How to monitor your data breach exposure". This article contains some tips and tools you can use to stay informed about data breaches involving your accounts.

Good research by Check Point. "Both Microsoft’s client and one of the open-sourced clients, a malicious RDP server can leverage the vulnerabilities in the RDP clients to achieve remote code execution over the client’s computer"

@j_opdenakker Checkpoints writeup can be found here (didn't see it linked from TP). There are some IOC's to check for there as well:

Advanced malware discovered (by
CheckPoint Security) that can target on-premises and cloud-based servers. Also able to infect MacOS devices. At the moment it serves XMRig miners to infected servers but bigger threat most likely in the making

For people that are into , here's a blog with some useful resources. I regularly update it. If you have good resources that are missing please contribute!

Evil, Eviler, Evilest. After infecting the victims' machines with ransomware, criminals provide a link to a PayPal page to harvest their payment card details.

Yesterday I started with a series of short blogs. The plan is to do several of them each week. Here's the first one about secure previewing of shortened links.

Researcher pulls Black hat Asia talk on hacking apple's saying he was only able to reproduce hacks on iPhone X under certain conditions, but it did not work with iPhone XS and XS Max. Good PR for Apple, shitty PR for his company.

18th century blockchain! AKA how I feel when someone is suggesting to use blockchain to solve the problem.

Junglesec ransomware originally reported in early November by Windows, Linux, and Mac users. Back then there was no indication how the attack was executed. Now several users reported being attacked via IPMI interface.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.