A Review of the Best News of the Week on Cyber Threats & Defense

An Incomplete Security Big Data History (Raffael Marty Blog, Dec 11 2017)
Security has been dealing with big data (variety, velocity, and volume) since 1996 – we just didn’t call it that back then.

Detection and recovery of NSA’s covered up tracks (Fox-IT, Dec 08 2017)
Part of the NSA cyber weapon framework DanderSpritz is eventlogedit, a piece of software capable of removing individual lines from Windows Event Log files. Now that this tool is leaked and public, any criminal willing to remove its traces on a hacked computer can use it. Fox-IT has looked at the software and found a unique way to detect the use of it and to recover the removed event log entries.

Threat Detection Is A Multi-Stage Process (Gartner Blog Network, Dec 04 2017)
Most of us would think about advanced automated response use cases, dynamically patching or removing things from the network, as the main way to get value from SOAR (Security Orchestration, Automation and Response). Not necessarily. Making detection smarter is probably where most organizations will find the value for those tools.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Understanding Guide to Nmap Firewall Scan (Part 2) (Hacking Articles, Dec 02 2017)
In our previous article we had demonstrated “Nmap firewall scan (part 1)” by making use of Iptable rules and then try to bypass firewall filter to perform NMAP Advance scanning, today we are going to discuss second part of it.

Newly Revealed Flaw in Intel Processors Allows Undetectable Malware (eWEEK, Dec 06 2017)
The CPU flaw allows malware to reside on nearly any recent Intel-based computer manufactured since at least 2015 so that it’s completely undetectable.

The Wired Guide to Digital Security, From Passwords to Faraday Cages (Wired, Dec 09 2017)
A collection of Wired articles that they’ve grouped by threat profiles: Civilian, Public Figure, Spy

On “Advanced” Network Security Monitoring (TaoSecurity, Dec 04 2017)
“Many times students would ask me when I would create the “advanced” version of the class, usually in the course feedback. I could never answer them, so I decided to do so in this blog post. The short answer is this: at some point, advanced NSM is no longer NSM. If you consider my collection – analysis – escalation – response model, NSM extensions from any of those phases quickly have little or nothing to do with the network.”

Hackers Can Steal Data From Air-Gapped Industrial Networks via PLCs (SecurityWeek, Dec 06 2017)
Researchers have discovered a method that hackers could use to stealthily exfiltrate data from air-gapped industrial networks by manipulating the radio frequency (RF) signal emitted by programmable logic controllers (PLCs).

Phishing Schemes Are Using HTTPS Encrypted Sites to Seem Legit (Wired, Dec 05 2017)
A massicve effort to encrypt web traffic over the last few years has made green padlocks and “https” addresses increasingly common; more than half the web now uses internet encryption protocols to keep data protected from prying eyes as it travels back and forth between sites and browsers. But as with any sweeping reform, the progress also comes with some new opportunities for fraud. And phishers are loving HTTPS.

How to Encrypt All of the Things, From Chats to Calls and More (Wired, Dec 09 2017)
Want to keep outsiders from listening in on your chats, phone calls, and more? Encrypt them. All of them.

Microsoft Fixes Serious Flaw in Windows Defender (PCMag, Dec 08 2017)
The bug was triggered when the software’s malware protection engine scanned a rigged file.