Infosec news  


A zero-day in Microsoft SMB has received a maximum CVSS score of 10/10, and it applies to Windows 8 and 10. There's no fix until February 14th, so make sure you have ports 139, 445, 137, and 138 blocked, including outbound. Link

Hacker releases alleged Cellebrite hacking tools, sends message that this is why you don't build backdoors into systems. Link

The IRS is warning of a tax-related phishing campaign where attackers spoof a company executive and ask for W-2 forms and/or bank transfers. It's been quite successful and it's picking up again due to tax season. Link

Up to 150,000 internet-connected printers all over the world have been probed by an attacker who sent messages saying they'd been pwned. Link

Gitlab has had some major drama after losing significant data when they discovered their backups were not usable. Someone had run the infamous rm -rf command. Link

Vulnerabilities have been discovered in some Honeywell web-based SCADA controllers. Using the issues attackers can access a certain URL and extract cleartext passwords that can be used to access the networks those devices reside on. Link

A British man and Swedish woman have been arrested for attacking Washington D.C. surveillance cameras with ransomware. 123 of 187 network video recorders were rendered non-functional. Link

HTTPS has crossed the historic milestone of being used on 50% of sites, according to Mozilla. Link


Technology news                                                    


Apple has purchased VocalIQ, a company working to bring deep context to conversations with machines. Link

Planet has purchased Terra Bella from Google. Link

Researchers can extract audio from a video where none was recorded, simply by watching how surfaces vibrated. Link

Amazon now has more than 340K employees, having added over 110K just this year. Link


Human news                                                  


Researchers have data mined 1,700 of the most popular stories of all time and discovered that they tend to follow six main story arcs. Link


Ideas


What is Mobile 2.0? Link

Exploration of Human to Computer Interfaces Link

Purple Teams Mean You're Failing at Red and Blue Link

The Clash of the Extreme Left and Right Will Create a New Centrism Link

Hollywood is dying because they don't make movies anymore; they make hats and whistles. Link


Discovery


StreamAlert -- A serverless, realtime data analysis framework that lets you ingest, analyze, and alert on data from any environment. Link

Commix -- An automated all-in-one OS command injection and exploitation tool. Link

From Mimikatz to Kekeo -- Passing by new Microsoft security technologies. Link

The Gartner Quadrant Report for Endpoint Protection Link

BruteSubs -- Run multiple open source subdomain bruteforcing tools in parallel using your own wordlists using Docker. Link

CyberProbe -- Capturing, analyzing, and responding to cyber attacks. Link

How to bypass AV and run Mimikatz. Link

A framework of consequences when you have unhappy developers. Link


Notes


I'll be giving a talk at RSA on Wednesday at 1:30pm at Moscone West, Room 2005. The talk is on using Adaptive Testing Methodologies to test medical devices. Link

I'll also be spending a good amount of time during the conference at IOActive's IOAsis, which is right down the street from Moscone. It's like a sanctuary away from the show floor where you can come talk about security, get a massage, etc. Stop by and say hello. Link

I've finished Lexicon, and I can virtually guarantee that anyone who likes this newsletter will love this book. It's in my top 5 fiction books for sure. Link

I just started reading Hamilton's Biography, Alexander Hamilton. Link

There's no sister podcast for this issue.


Recommendations


Consider filing your taxes as quickly as possible, and having your loved ones do the same, as it will make you less likely to be a victim of the tax fraud that's going around.


Aphorism

"Life is not lost by dying; life is lost minute by minute, day by dragging day, in all the thousand small and uncaring ways." ~ Stephen Vincent Benét