A Review of the Best News of the Week on Cyber Threats & Defense

On the Equifax Data Breach (Schneier on Security, Sep 13 2017)
The market can’t fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn’t notice, you’re not Equifax’s customer. You’re its product. It’s not just Equifax. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about you — almost all of them companies you’ve never heard of and have no business relationship with.

CCleanup: A Vast Number of Machines at Risk (Cisco’s Talos Group, Sep 18 2017)
For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week.

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop (Krebs on Security, Sep 14 2017)
According to a statement from Equifax, the hacker(s) downloaded the data in one fell swoop in mid-May 2017. “The attacker accessed a storage table that contained historical credit card transaction related information,” the company said.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

How to Stop the Next Equifax-Style Megabreach—Or At Least Slow It Down (Wired, Sep 12 2017)
Organizations can start by segmenting their networks, to limit the fallout if a hacker does break through. Legislation and regulation may also help create more clearly defined repercussions for consumer data loss that motivate organizations to prioritize data security. Lawsuits can also help deter to lax security practices. Beyond what individual organizations can achieve on their own, increasing data security overall will require technological overhauls of network systems and user identification/authentication.

BlueBorne is Bluetooth’s Stagefright moment (CSO Online Salted Hash, Sep 12 2017)
Researchers at internet of things security company Armis found eight vulnerabilities in the Bluetooth implementations for Android, Microsoft Windows, Linux, and iOS, which means nearly all Bluetooth-capable devices are affected.

Nascent Quantum Computing Poses Threat to Cybersecurity (WSJ, Sep 14 2017)
The threat of a cyber attack by hackers or rogue nation states with access to quantum computers is becoming real enough that scientists and public officials are convening in London this week in part to urge companies to develop a plan for defense.

Tesla Hacks: The Good, The Bad, & The Ugly (Dark Reading, Sep 12 2017)
Another video interview from BlackHat: Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company’s security in other ways.

Zerodium Offering $1M for Tor Browser Zero Days (Threatpost, Sep 13 2017)
Weeks after the company said it would pay $500,000 for zero days in private messaging apps such as Signal and WhatsApp, Zerodium said Wednesday it will pay twice that for a zero day in Tor Browser.

17 pen testing tools the pros use (CSO Online, Sep 13 2017)
CSO recently spoke to a few security experts – some who are full-time red team operators and developers themselves – and asked them to share their favorite tools.

Equifax Lessons: Risk Hunting at Scale (Kenna Blog, Sep 15 2017)
A Metasploit module was released for this vulnerability on March 15, only 6 days after the vulnerability was published. For years now, our data has indicated that a vulnerability having a weaponized, public exploit available is one of the single biggest factors in predicting successful exploitations. This vulnerability proved no different.

Raise the Red Flag: Guidelines for Consuming and Verifying Indicators of Compromise (Security Intelligence, Sep 18 2017)
Indicators of compromise (IoCs) are artifacts such as file hashes, domain names or IP addresses that indicate intrusion attempts or other malicious behavior. These indicators consist of: Observables — measurable events or stateful properties; and Indicators — observables with context, such as time range.

Three Ways to Use Data Classification Scan Results (Blog | Imperva, Sep 14 2017)
In July Imperva launched Classifier, a free data classification tool that allows you to quickly and easily uncover sensitive data in your database(s). Once you have the results of a classification scan in hand, you can make informed decisions on how to manage the associated risk. Here are three ways you can use the results of a Classifier scan to drive further value in your organization.