A Review of the Best News of the Week on Cyber Threats & Defense

Leaking Cloud Databases and Servers Expose Over 1 Billion Records (X-Force Research, Sep 21 2017)
In 2017 alone, as of September, IBM X-Force has tracked more than 1.3 billion (yes, billion) exposed records from misconfigured servers — from just 24 incidents. To put that in perspective, these misconfigurations make up 71 percent of the total number of reported leaked records for 2017 so far.

Incident Response Fundamentals – Communication (Cisco Blog, Sep 22 2017)
If you consider the number of stakeholders normally involved during an incident, let alone the leadership concern and focus that comes along with one, it shouldn’t come as a surprise that communication is perhaps one of the most important, and yet, most overlooked aspects.

Equifax or Equiphish? (Krebs on Security, Sep 24 2017)
More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet another security stumble, the company appears to be training recipients to fall for phishing scams..

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Office 365 Phishing attacks create a sustained insider nightmare for IT (CSO Online Salted Hash, Sep 20 2017)
Earlier this month, Salted Hash deconstructed a Phishing email that had bypassed company filters and made into the general inbox. The email focused on an outdated company subdivision, and was easily spotted as a scam. However, we’ve since learned the message itself could be part of a larger campaign that has been targeting Office 365 customers since at least June.

Siemens’ New ICS/SCADA Security Service a Sign of the Times (Dark Reading, Sep 19 2017)
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.

Apache “Optionsbleed” vulnerability – what you need to know (Naked Security – Sophos, Sep 19 2017)
This time, the bug isn’t in OpenSSL, but in a program called httpd, probably better known as the Apache Web Server, and officially called the Apache HTTP Server Project. The vulnerability has been dubbed OptionsBleed, because the bug is triggered by making HTTP OPTIONS requests.

Hackers Could Use Light to Steal Information Via Security Cameras (Discover Magazine (blog), Sep 21 2017)
Researchers at Ben-Gurion University of the Negev used security cameras equipped with night vision to send and receive data from a network that wasn’t even connected to the internet.

Hackers Using iCloud’s Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments (Mac Rumors, Sep 20 2017)
With access to an iCloud user’s username and password, Find My iPhone on iCloud.com can be used to “lock” a Mac with a passcode even with two-factor authentication turned on, and that’s what’s going on here.

Microsoft Is Adding a Potent Security Feature to Windows 10 (Fortune, Sep 22 2017)
Once a breach is detected, the system is programmed to run through steps like determining the type of attack, isolating other affected machines, deleting malicious software files, or reformatting hard drives and reinstalling operating systems, depending on the severity of the compromise.

Tips for Reverse-Engineering Malicious Code (Lenny Zeltser, Sep 07 2017)
This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler.

Should I deploy monitoring software on your servers? (GFI Blog, Sep 21 2017)
How do you monitor what goes on within your infrastructure? Do you gather logs, use SNMP, query WMI, or do you deploy agents that report in? There are almost as many ways to monitor servers as there are things on servers to monitor, but…

All the Ways Equifax Epically Bungled Its Breach Response (Wired, Sep 24 2017)
The Equifax breach that potentially exposed the personal information of 143 million people was bad. The company’s response has almost been worse, if that’s even possible.

Major accounting firm Deloitte reports extensive cybersecurity breach (Engadget, Sep 25 2017)
The company caught the breach in March though it may have begun last October.

Russian hackers exploited a Google flaw the company has refused to fix (Salon, Sep 25 2017)
A hacking team reportedly linked to the Russian government has been utilizing a security flaw in a Google service to launch attacks on investigative journalists. The web giant has known about the vulnerability since November of last year but has still failed to fix it.