This weekend I spoke at the Global Azure Bootcamp 2019. This was another great day, this year hosted at Swinburne University.
I presented a longer version of my talk, The Boring Security Talk. The longer format lets me get into some extra details. The extra time also provides some time to talk about some of the latest security incidents that have occured in the last few months.
I have put together a list of links and reference materials:
- Hackers exploit Jenkins servers, make $3 million by mining Monero
- DHS: Multiple US gov domains hit in serious DNS hijacking wave
- Advice on Mitigating DNS Infrastructure Tampering
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks
- DNS Squatting with Azure App Services
- Microsoft loses control over Windows Tiles subdomain
- DNSControl
- Managing DNS with DNSControl, CloudFlare, DNSimple, GitHub, VSTS, Key Vault and Docker
- MX Toolbox
- PostMark DMARC reporting
- Report URI DMARC monitoring
- Phishing Scorecard
- UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned
- Malicious Docker Containers Earn Cryptomining Criminals $90K
- Postmortem for Malicious Packages Published on July 12th, 2018
- Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
- Pipdig Update: Dishonest Denials, Erased Evidence and Ongoing Offences