A Review of the Best News of the Week on Cyber Threats & Defense

The Reaper Botnet Could Be Worse Than the Internet-Shaking Mirai Ever Was (Wired, Oct 20 2017)
While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using actual software-hacking techniques to break into devices instead.

How I Socially Engineer Myself Into High Security Facilities (Motherboard, Oct 23 2017)
A pentester shares a story that shows how social engineering can get you anywhere.

Oh Good, the Worst Idea in Cybersecurity Is Back Again (Slate Magazine, Oct 23 2017)
If there were a prize for the worst cybersecurity policy idea that just won’t die, it would have to go to “hacking back,” or making it legal for people to attack the computers that are attacking them.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Hackers stole information on Windows vulnerabilities from Microsoft in 2013 (Quartz, Oct 17 2017)
Major software companies like Microsoft always have a long list of bugs to fix. They can range from benign cosmetic issues to critical flaws that make software like Windows vulnerable to hacking. Usually, engineers fix such flaws before hackers ever know they existed. However, in 2013, according to a new report from Reuters, hackers broke into Microsoft’s network and stole its database of bugs.

Practice: The Best Defense for Responding to Cyber Incidents (Security Intelligence, Oct 17 2017)
First responders have proven time and time again the valuable help they provide to people in need. Right now, we’re seeing their bravery with the historic hurricanes, fires and floods impacting millions of people. What makes first responders confident in the face of such danger? One word: practice. And this lesson is translating to the private sector in areas you wouldn’t normally expect.

New Locky Ransomware Strain Emerges (Dark Reading, Oct 19 2017)
Latest version goes by the .asasin extension and is collecting information on users’ computer operating system and IP address.

Encryption chip flaw afflicts huge number of computers (Naked Security – Sophos, Oct 18 2017)
A serious vulnerability exists in Infineon TPM cryptographic processors used by PCs, laptops, Chromebooks and other devices

Denuvo DRM Cracked within a Day of Release (Schneier on Security, Oct 20 2017)
Denuvo is probably the best digital-rights management system, used to protect computer games. It’s regularly cracked within a day.

OSX/Proton spreading again through supply-chain attack (WeLiveSecurity, Oct 19 2017)
During the last hours, ESET researchers noticed that Eltima, the makers of the Elmedia Player software, have been distributing a version of their application trojanized with the OSX/Proton malware on their official website.

To rule or not to rule: SIEMs and their false positives (CSO Online, Oct 18 2017)
What’s the best approach to using rules in SIEMs? Do security-focused SMBs and enterprises need more rules or fewer? What role are rules likely to play in future solutions for threat detection?

Kaspersky Lab to open anti-virus software to outside review (Washington Post, Oct 23 2017)
Moscow-based Kaspersky Lab will open up its anti-virus software for review by outside parties. The move comes a month after the U.S. government barred agencies from using the company’s anti-virus products, citing security concerns.

FBI Chief Says Encryption Is ‘Huge Problem’ (Newsweek, Oct 23 2017)
Speaking to police officials in Philadelphia on Sunday, FBI Director Christopher Wray disclosed that encryption was hindering FBI investigations, saying his agency has been unable to gain access to data from nearly 7,000 mobile devices.

How to Block Ransomware Using Controlled Folder Access on Your PC (The State of Security, Oct 23 2017)
Microsoft has released a new feature called “Controlled Folder Access” that helps Windows users protect their data against ransomware.

Hackers scanning for unsecured SSH private keys on WordPress sites (SC Magazine UK, Oct 23 2017)
Lack of key security allows criminals keys to the kingdom after scanning 25,000 systems per day to find unsecured SSH private keys.