A Review of the Best News of the Week on Cyber Threats & Defense

APT37: Inside the Toolset of an Elite North Korean Hacker Group (Wired, Feb 20 2018)
Security researcher at FireEye break down the arsenal of APT37, a North Korean hacker team coming into focus as a rising threat.

How to Hack into an Instagram Account (Cylance, Feb 20 2018)
Hacking isn’t a tool, it’s a methodology. You likely won’t be able to hack an established service without considerable time spent learning its operations and interactions. And this is why so many nascent hacker-wannabes who want to learn hacking don’t really want to learn hacking. They want to learn computer magic, and it doesn’t really work like that.

New Spectre/Meltdown Variants (Schneier on Security, Feb 21 2018)
Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake (Ars Technica, Feb 21 2018)
All 6th, 7th, and 8th generation Core processors now have microcode available.

Why aren’t we using SHA-3? (CSO Online, Feb 21 2018)
The Secure Hash Algorithm version 3 fixes flaws in the now-standard SHA-2 cipher. Here’s how to prepare for a migration to SHA-3 when SHA-2 is inevitably compromised.

The Security Command Center Protecting the Winter Olympics (Wired, Feb 23 2018)
In a windowless room in Seoul, dozens of security experts train—and watch—for the worst.

Private browsing is not that private, but it can be (Help Net Security, Feb 26 2018)
“After a private session terminates, the browser is supposed to remove client-side evidence that the session occurred. Unfortunately, implementations of private browsing mode still allow sensitive information to leak into persistent storage,” a group of MIT and Harvard University researchers pointed out.

How Much of Your Security Gear Is Misconfigured or Not Configured? (Gartner Blog Network, Feb 23 2018)
The point here is a lot of preventative [as well as detection and other] security technologies is misconfigured, not configured optimally, set to default or deployed broken in a miriad other ways. And it is rather the norm, not the exception!

xMatters snares $40 million Series D led by Goldman Sachs Private Capital Investing (TechCrunch, Feb 20 2018)
It acts as an uber monitoring tool allowing you to understand the source of your problem and getting the right people involved to fix it.

New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks (Imperva, Feb 20 2018)
Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code execution (RCE) attacks sent a request to an external source to try to download a crypto-mining malware.

Steganography: Combatting Threats Hiding in Plain Sight (Fortinet, Feb 21 2018)
While still relatively unusual, security researchers report a 600% upsurge in steganographically-based attacks in 2017. Cybersecurity attackers use steganography to inject malicious content to slip past security defenses and exfiltrate misappropriated content from compromised systems.

Palo Alto Networks Releases New Rugged Firewall (SecurityWeek, Feb 21 2018)
Palo Alto Networks on Tuesday announced that it has updated its PAN-OS operating system and released a new next-generation firewall designed for use in industrial and other harsh environments.

The Struggle to Operationalize Threat Intelligence (Recorded Future, Feb 21 2018)
Having heard of the benefits of incorporating threat intelligence into their security systems, many organizations jump into monitoring threat data feeds and try to make sense of them. But often, security analysts spend too much time on manual processes, causing organizations to struggle with turning cyber threat intelligence into insights.

Trucking Industry Launches Info Sharing, Cybercrime Reporting Service (Dark Reading, Feb 21 2018)
American Trucking Associations developed new Fleet CyWatch threat reporting, information sharing service in conjunction with FBI.

Trend Micro fixes serious vulnerabilities in Email Encryption Gateway (Help Net Security, Feb 22 2018)
Trend Micro has plugged a bucketload of vulnerabilities in its Email Encryption Gateway, some of which can be combined to execute root commands from the perspective of a remote unauthenticated attacker.

Bad Actors Increase Focus on Cloud Services, Encryption (Infosecurity Magazine, Feb 21 2018)
There was a threefold increase in encrypted communication used by malware in last 12 months.

Hacker claims spyware maker Retina-X has been breached, again (Naked Security – Sophos, Feb 23 2018)
Retina-X denies that the vigilante hacker got in

How to protect your browser from Unicode domain phishing attacks (Graham Cluley, Feb 22 2018)
Phishers and other online crooks are taking advantage of Unicode domain names in their pursuit of your passwords and other sensitive information. Here’s a simple way to protect yourself.

Global megatrends that are problematic for the state of cybersecurity (Help Net Security, Feb 26 2018)
82% of respondents predict their workplace will suffer a catastrophic data breach in the next three years as a result of unsecured IoT devices.