A Review of the Best News of the Week on Cyber Threats & Defense

New Spectre derivative bug haunts Intel processors (Network World Security, Mar 07 2018)
Researchers have discovered how to use the Spectre design flaw to break into the SGX secure environment of an Intel CPU to steal information. A fix is coming March 16.

How Leaked NSA Spy Tool ‘EternalBlue’ Became a Hacker Favorite (Wired, Mar 07 2018)
EternalBlue is the name of both a software vulnerability in Microsoft’s Windows operating system and an exploit the National Security Agency developed to weaponize the bug. In April 2017, the exploit leaked to the public, part of the fifth release of alleged NSA tools by the still mysterious group known as the Shadow Brokers.

China Altered Public Vulnerability Data to Conceal MSS Influence (Recorded Future, Mar 09 2018)
CNNVD altered the original publication dates in its public database for at least 267 vulnerabilities we identified as statistical outliers in our research published in November 2017.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Security Vulnerabilities in Smart Contracts (Schneier on Security, Mar 06 2018)
Abstract: Smart contracts — stateful executable objects hosted on blockchains like Ethereum — carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime.

Poor User Practice at the Root of Most Medical Device Security Risks (Infosecurity Magazine, Mar 06 2018)
Use of unauthorized applications (22%) and browsers (18%) are the leading security risks.

Intel SGX Can Be Used to Hide, Execute Malware (Dark Reading, Mar 07 2018)
The microprocessor giant’s Software Guard Extensions security feature can be abused to implement virtually undetectable malware, Graz University researchers say.

Router-Hacking “Slingshot” Spy Operation Compromised More Than 100 Targets (Wired, Mar 09 2018)
Security researchers have found a broad, apparently state-sponsored hacking operation that goes a step further, using hacked routers as a foothold to drop highly sophisticated spyware even deeper inside a network, onto the computers that connect to those compromised internet access points.

Look-Alike Domains and Visual Confusion (Krebs on Security, Mar 08 2018)
How good are you at telling the difference between domain names you know and trust and impostor or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using.

Cryptocurrency-stealing malware relies on victims copy-pasting wallet info (Help Net Security, Mar 06 2018)
After it’s downloaded, the malware first ensures its persistence and hides itself from the user. Then it enters into an infinite loop that sees it checking the contents of the clipboard every half second.

Malware Authors Turn to DNS Protocol as a Covert Channel (Infosecurity Magazine, Mar 05 2018)
DNS command and control (C&C) and DNS exfiltration can be successful because DNS is an integral part of the internet’s infrastructure. Most traffic analyzers don’t look at how the DNS protocol itself is being used, which provides an opportunity for a victim machine to communicate with the bad actor’s C&C server, often without even creating a continuous connection between the two.

Locked Windows machines can be compromised through Cortana (Help Net Security, Mar 07 2018)
Compromising locked Windows computers that have the Cortana voice-activated virtual assistant enabled is relatively easy – or it was until Microsoft made a simple tweak.

NSA Used Simple Tools to Detect Other State Actors on Hacked Devices (SecurityWeek, Mar 07 2018)
An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) provides a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could help the cybersecurity community discover previously unknown threats.

The state of Mac malware (Malwarebytes Labs, Mar 08 2018)
Mac users are often told that they don’t need antivirus software, because there are no Mac viruses. However, this is not true at all, as Macs actually are affected by malware, and have been for most of their existence. Even the first well-known virus—Elk Cloner—affected Apple computers rather than MS-DOS computers.

Cisco Adds Vulnerability Identification to Tetration Platform (SecurityWeek, Mar 05 2018)
Cisco today announced the availability of identification of software vulnerabilities and exposures as part of the security capabilities of its Tetration platform.

Memcached DDoS Attack: Kill Switch, New Details Disclosed (Dark Reading, Mar 07 2018)
Corero shares a kill switch for the Memcached vulnerability and reports the flaw is more extensive than originally believed.

Cryptomining versus cryptojacking – what’s the difference? (Naked Security – Sophos, Mar 09 2018)
When cryptomining is done on the sly, it turns into cryptojacking – a crime that has become a serious global problem. Here’s what to do…

Universities Lag in DMARC Adoption (Infosecurity Magazine, Mar 09 2018)
Only 11.2% have adopted the DMARC email security framework.

Gozi Banking Trojan Uses “Dark Cloud” Botnet for Distribution (SecurityWeek, Mar 07 2018)
The well-known Gozi ISFB banking Trojan recently started using the elusive “Dark Cloud” botnet for distribution, Talos warns.

New Attack Bypasses Microsoft’s Code Integrity Guard (SecurityWeek, Mar 08 2018)
Morphisec security researchers warn of a newly discovered attack vector that allows attackers to bypass Microsoft’s Code Integrity Guard (CIG) in order to load malicious libraries into protected processes.

Take a new approach to data security: protect all of it (CSO Online, Mar 08 2018)
Don’t just pick and choose data and documents to protect: secure unstructured data, too.