A Review of the Best News of the Week on Cyber Threats & Defense

Secureworks Releases Open Source IDS Tools (SecurityWeek, Nov 20 2017)
Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

Imgur breached back in 2014, wasn’t storing your passwords properly (Naked Security – Sophos, Nov 27 2017)
Photo-sharing site Imgur just found out it was breached back in 2014 – and back then it wasn’t storing your passwords securely.

3 Pillars of Cyberthreat Intelligence (Dark Reading, Nov 22 2017)
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Intel Chip Flaws Expose Millions of Devices to Attacks (SecurityWeek, Nov 21 2017)
Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released firmware updates, but it could take some time until they reach the millions of devices exposed to attacks due to these flaws.

Chromebook exploit earns researcher second $100k bounty (Naked Security – Sophos, Nov 22 2017)
By Chromebook standards the latest issue is a biggie: an exploit chain comprising an impressive five CVE vulnerabilities that would allow an attacker to remotely pwn the system via a web page.

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’ (Threatpost, Nov 24 2017)
A proof-of-concept attack demonstrates how adversaries can abuse Microsoft’s Active Directory Federation Services framework to go unnoticed and assume multiple user identities.

OSX.Proton spreading through fake Symantec blog (Malwarebytes Labs, Nov 27 2017)
A new variant of the OSX.Proton malware is being promoted via a fake Symantec blog site.

Endpoint Advanced Protection Buyer’s Guide: Top 10 Questions for Detection and Response (Securosis Blog, Nov 22 2017)
“There are plenty of obvious questions you could ask each endpoint security vendor. But they don’t really help you understand the nuances of their approach, so we decided to distill the selection criteria down to a few key points. We will provide both the questions and the reasons behind them.”

Researcher Finds Hole in Windows ASLR Security Defense (Dark Reading, Nov 20 2017)
A security expert found a way to work around Microsoft’s Address Space Randomization Layer, which protects the OS from memory-based attacks.

Understanding Guide to Nmap Firewall Scan (Part 1) (Hacking Articles, Nov 23 2017)
You might have used NMAP to performing Network scanning for enumerating active Port services of target machine but in some scenario it is not possible to perform scanning with help of basic scan method especially in case of firewall filter. This article demonstates a “Nmap firewall scan” by making use of Iptable rules and try to bypass firewall filter to perfrom NMAP Advance scanning.

DDoS Attack Attempts Doubled in 6 Months (Dark Reading, Nov 20 2017)
Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.