A Review of the Best News of the Week on Cyber Threats & Defense

Fear the Reaper, or Reaper Madness? (Krebs on Security, Oct 27 2017)
Last week we looked at reports from China and Israel about a new “Internet of Things” malware strain called “Reaper” that researchers said infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs). Now some botnet experts are calling on people to stop the “Reaper Madness,” saying the actual number of IoT devices infected with Reaper right now is much smaller.

‘I Forgot My PIN’: An Epic Tale of Losing $30,000 in Bitcoin (Wired, Oct 29 2017)
Veteran tech journalist Mark Frauenfelder tries everything, including hypnosis, to recover a small fortune from a locked bitcoin device.

Google Patches ‘High Severity’ Browser Bug (Threatpost, Oct 27 2017)
Google began pushing out updates to its desktop browser Friday with a patch that repairs a stack-based buffer overflow vulnerability.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


BadRabbit ransomware attacks multiple media outlets (CSO Online, Oct 24 2017)
Russian media outlet Interfax confirmed the attack on Tuesday morning, several other outlets were reportedly attacked as well

NSA hacking tool EternalRomance found in BadRabbit (SC Magazine, Oct 27 2017)
BadRabbit evidence is multiplying, well like rabbits, with the latest revelation being the malware used another stolen NSA tool to help it move laterally through networks.

Dell Lost Control of Key Customer Support Domain for a Month in 2017 (Krebs on Security, Oct 24 2017)
A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned.

Increase your network security: Deploy a honeypot (Network World Security, Oct 24 2017)
Deploying a honeypot system on your internal network is a proactive measure that enables you to immediately detect an intruder before any data is damaged or stolen.

CSE Releases Malware Analysis Tool (Schneier on Security, Oct 25 2017)
The Communications Security Establishment of Canada — basically, Canada’s version of the NSA — has released a suite of malware analysis tools

8 free Wi-Fi stumbling and surveying tools (CSO Online, Oct 25 2017)
Discover SSIDs, signal strength, channels, MAC addresses, security status and more

Web Attacks Spike in Financial Industry (Dark Reading, Oct 27 2017)
Web application compromise beats human error as the top data breach cause, putting finance companies at risk for larger attacks, according to a new study.

Cybersecurity firm builds drone-based attack platform (SC Magazine, Oct 27 2017)
An Arizona cyber research firm has developed an aerial drone that can be used to land on a roof and then hack into a network inside the building.

Firefox takes a bite out of the canvas ‘super cookie’ (Naked Security – Sophos, Oct 29 2017)
Finally, one of the major browsers is doing something about canvas fingerprinting

Introducing GoCrack: A Managed Password Cracking Tool (FireEye, Oct 30 2017)
FireEye’s Innovation and Custom Engineering team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI to create, view, and manage tasks.

New Tool Debuts for Hacking Back at Hackers in Your Network (Dark Reading, Oct 24 2017)
Deception technology firm Cymmetria offers a new offense option for defenders.

Windigo Still not Windigone: An Ebury Update (WeLiveSecurity, Oct 30 2017)
Back in February 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury. Further research showed that this component was the core of an operation involving multiple malware families we called “Operation Windigo”…After further investigation, ESET realized that its infrastructure for exfiltrating credentials was still operational and that Ebury was still being actively used by the Windigo gang.