www.securityfocus.com/archive/1/542247 At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list. The archive will be shut down January 31st, 2021. Also:
Massive stolen credit card shop Joker’s Stash shuts down
www.bleepingcomputer.com/news/security/massive-stolen-credit-card-shop-jokers-stash-shuts-down/ The administrator of Joker’s Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month. The company says that Joker’s Stash added more than 40 million new card records over the past year, most of them from physical transactions at a point-of-sale. Gemini Advisory estimates that Joker’s Stash made more than $1 billion from selling stolen credit card data.
NSA Releases Guidance on Encrypted DNS in Enterprise Environments
us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors. PDF: