A Review of the Best News of the Week on Cyber Threats & Defense
Decrypting NotPetya/Petya: Tools for Recovering Your MFT After an Attack (Crowdstrike Blog, Aug 23 2017)
In this blog post, Crowdstrike makes its findings, and tools, for decrypting NotPetya/Petya available to the general public. With the aid of the supplied tools, almost all of the Master File Table (MFT) can be successfully recovered within minutes…
8 top cyber-attack maps and how to use them (CSO Online, Aug 21 2017)
Cyber-attack maps can be fun to look at, but are they useful? As usual, when it comes to security context is key, so CSO looked at eight of the web’s most popular cyber-attack maps. While the maps themselves are mostly eye candy with limited context, there are some creative ways they can be used…
I was hacked (TechCrunch, Aug 25 2017)
At about 9pm on Tuesday, August 22 a hacker swapped his or her own SIM card with mine, presumably by calling T-Mobile. This, in turn, shut off network services to my phone and, moments later, allowed the hacker to change most of my Gmail passwords, my Facebook password, and text on my behalf. All of the two-factor notifications went, by default, to my phone number so I received none of them and in about two minutes I was locked out of my digital life.
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
Beyond Feeds: A Deep Dive Into Threat Intelligence Sources (Recorded Future, Aug 23 2017)
Many organizations assume open source threat intelligence feeds are the simplest starting point. Sadly, that couldn’t be farther from the truth…
Is Malware Hiding in Your Resume? Vulnerability in LinkedIn Messenger Would Have Allowed Malicious File Transfer (Check Point Blog, Aug 24 2017)
Check Point researchers discovered that attackers could bypass the security restrictions and attach a malicious file to the LinkedIn messaging service. To do this, an attacker could have uploaded a normal-looking file that passes LinkedIn’s security checks; however the file is only masquerading as a legitimate file…
Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass (Krebs on Security, Aug 24 2017)
An October 2015 piece published here about the potential dangers of tossing out or posting online your airline boarding pass remains one of the most-read stories on this site. One reason may be that the advice remains timely and relevant: A talk recently given at a Czech security conference advances that research and offers several reminders of how being careless with your boarding pass could jeopardize your security or even cause trip disruptions down the road…
Hackers are using the promise of Game of Thrones spoilers to spread malware (The Verge, Aug 27 2017)
If that e-mail in your inbox seems too good to be true, it probably is. The emails contained some general details of upcoming episodes, as well as a Microsoft Word attachment with malware hidden in it…
All in a Spammer’s Workweek: Where Do the Busiest Spammers Work Around the Clock? (X-Force Research, Aug 21 2017)
According to recent IBM X-Force data, spammers and spam botnets typically work the same hours we do to maximize their returns…
Account Resolution via Market Basket Analysis (Exabeam Blog, Aug 24 2017)
Machine learning and statistical analysis have many practical applications in the detection of malicious user and entities as part of User & Entity Behavior Analytics (UEBA) solutions. Threat detection typically garners attention, this is as true on the show floor of security conferences, as it is for the text of marketing material. Equally important, although less mentioned, is the application of machine learning for context estimation…