A Review of the Best News of the Week on Cyber Threats & Defense

CIS Releases Revised Top 20 Critical Security Controls (Tripwire, Mar 19 2018)
Today, the Center for Internet Security (CIS) is releasing its next revision of the Top 20 Critical Security Controls. Initially developed by the SANS Institute, these controls have been used by organizations both large and small. By adopting these sets of controls, organizations can prevent the majority of attacks.

Russia accused of burrowing into US energy networks (Naked Security – Sophos, Mar 19 2018)
Russia has been accused of so many things recently, it’s easy to lose track. Now we can add cyber-intrusion and more to the list.

Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37 (Krebs on Security, Mar 19 2018)
“Adrian Lamo, the hacker probably best known for breaking into The New York Times‘s network and for reporting Chelsea Manning‘s theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapter of his life eclipsed the profile of a complex individual who taught me quite a bit about security over the years.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Detecting Attacks that Exploit Meltdown and Spectre with Performance Counters (TrendLabs, Mar 13 2018)
We worked on a detection technique for attacks that exploit Meltdown and Spectre by utilizing performance counters available in Intel processors. They measure cache misses — the state where data that an application requests for processing is not found in the cache memory — that can be used to detect attacks that exploit Meltdown and Spectre.

Microsoft Report Details Different Forms of Cryptominers (Dark Reading, Mar 13 2018)
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.

New ‘Mac-A-Mal’ Tool Automates Mac Malware Hunting & Analysis (Dark Reading, Mar 14 2018)
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.

Intel Details CPU ‘Virtual Fences’ Fix As Safeguard Against Spectre, Meltdown Flaws (Threatpost, Mar 16 2018)
Intel is introducing hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when they were announced in early 2018.

Guest Accounts Gain Full Access on Chrome RDP (Check Point Research, Mar 19 2018)
An unexpected behavior in Google Chrome Remote Desktop Application on macOS that allows, in some cases, a ‘Guest user’ to login as Guest and yet receive an active session of another user (such as administrator) without entering a password.

CAPTCHA Limitations of Bot Mitigation (Radware Blog, Mar 15 2018)
A combination of challenging the bot, device fingerprinting and activity tracking provide a successful bot management and accurate bot-attack mitigation.

How Creative DDOS Attacks Still Slip Past Defenses (Wired, Mar 12 2018)
While some major distributed-denial-of-service attacks have been thwarted this month, the threat remains as critical as ever.

Speakers can be used to jump air-gapped systems (Naked Security – Sophos, Mar 14 2018)
Bad news for fans of air-gapped security – researchers have outlined how it could be defeated by converting speakers into ultra-sonic transceivers.

Mac malware rockets 270 percent – users warned ‘safe’ perception is wrong (SC Magazine, Mar 13 2018)
Anti-malware security vendors have warned that Mac malware is on the rise, and that the perception of Macs as being completely ‘safe’ is misleading.

Israeli Security Attacks AMD by Publishing Zero-Day Exploits (Schneier on Security, Mar 19 2018)
What’s new is that the company only gave AMD a day’s notice, which breaks with every norm about responsible disclosure. CTS Labs didn’t release details of the exploits, only high-level descriptions of the vulnerabilities, but it is probably still enough for others to reproduce their results. This is incredibly irresponsible of the company.

FBI: we don’t want a backdoor; we just want you to break encryption (Naked Security – Sophos, Mar 12 2018)
We don’t know how to do it, said director Christopher Wray, but you can figure it out. You’re smart.

Malware Leveraging PowerShell Grew 432% in 2017 (Dark Reading, Mar 12 2018)
Cryptocurrency mining and ransomware were other major threats.

Chinese APT Takes Aim at Pharma (Infosecurity Magazine, Mar 13 2018)
The infamous PlugX malware is targeting pharmaceutical organizations in Vietnam, aimed at stealing drug formulas.

Cyber-Attack Prevention Firm Solebit Raises $11 Million (SecurityWeek, Mar 14 2018)
Tel Aviv-based cyber-attack prevention firm Solebit Labs, currently establishing new global headquarters in Silicon Valley, has announced completion of an $11 million Series A funding round led by ClearSky Security.

Microsoft kicks off bounty program for speculative execution bugs (Help Net Security, Mar 15 2018)
Microsoft wants security researchers to search for and report speculative execution side channel vulnerabilities (a hardware vulnerability class that affects CPUs from multiple manufacturers), as well as bugs that can be misused to bypass Windows and Azure Spectre and Meltdown mitigations.

How to Harden Your Devices to Prevent Cyber Attacks (Cisco Blog, Mar 19 2018)
The 2016 Distributed Denial of Service attack on Dyn came from more than 100,000 infected devices. Learn about the multi-layers of product security architecture and implementation to keep your network safe.

New Hosted Service Lowers Barriers to Malware Distribution (Dark Reading, Mar 14 2018)
BlackTDS is a traffic distribution service for directing users to malware and exploit kits based on specific parameters.