A Review of the Best News of the Week on Cyber Threats & Defense

M-Trends 2018 – global median dwell time is 101 days (Fireeye, Apr 04 2018)
Mandiant’s (Fireeye) 9th edition of M-Trends draws upon the findings of one year of incident response investigations across the globe. This data provides us with insights into the evolution of nation-state sponsored threat actors, new threat groups, and new trends and attacker techniques they observed during investigations.

2018 IBM X-Force Report: Shellshock Fades, Gozi Rises and Insider Threats Soar (IBM Security Intelligence, Apr 04 2018)
Inadvertent insiders — employees who unwittingly caused security incidents through negligent actions — took center stage in 2017. According to the latest X-Force report, they were responsible for more than two-thirds of total records compromised last year. Misconfigured cloud servers and networked backup incidents unintentionally exposed more than 2 billion records, making confidential data ripe for picking.

Intel drops plans to develop Spectre microcode for ancient chips (Ars Technica, Apr 04 2018)
Company claims it’s too hard, and few systems have exposure to attack.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

New DARPA Contract Looks to Avoid Another ‘Meltdown’ (Dark Reading, Apr 04 2018)
A new DARPA contract with Tortuga Logic intends to field chip emulation systems to test security before processors hit manufacturing.

New macOS Backdoor Linked to Cyber-espionage Group (SecurityWeek, Apr 05 2018)
A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says.

Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018 (Krebs on Security, Apr 04 2018)
A story published on Krebs last week warned readers about a vast network of potentially malicious Web sites ending in “.cm” that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard visitors with fake security alerts that can lock up one’s computer. If that piece lacked one key detail it was insight into just how many people were mistyping .com and ending up at one of these so-called “typosquatting” domains.

2020 Vision: How to Prepare for the Future of Information Security Threats (Infosec Island, Apr 06 2018)
In Threat Horizon 2020, we drew from our research to highlight the top nine threats to information security over the next two years.

Criminals Targeting Magento Sites with Brute-Force Password Attacks (Dark Reading, Apr 03 2018)
Forcepoint says it is aware of at least 1,000 sites using Magento’s e-commerce platform that have been recently compromised.

Subverting Backdoored Encrryption (Schneier on Security, Apr 04 2018)
This is a really interesting research result. This paper proves that two parties can create a secure communications channel using a communications system with a backdoor. It’s a theoretical result, so it doesn’t talk about how easy that channel is to create.

Easily exploited flaw in Microsoft Malware Protection Engine allows total system compromise (Help Net Security, Apr 05 2018)
A critical and extremely easily exploitable vulnerability in the Microsoft Malware Protection Engine (MMPE) has been patched through an out-of-band security update pushed out by Microsoft on Tuesday.

A Deep Dive into Database Attacks [Part IV]: Delivery and Execution of Malicious Executables through SQL Commands (MySQL) (Imperva, Apr 05 2018)
This post covers various methods for executing SQL and OS commands through MySQL database, which can be used to deliver and execute malicious payloads on a targeted system.

Microsoft Adds New Security Features to Office 365 (SecurityWeek, Apr 05 2018)
Microsoft today announced new protections for Office 365 Home and Office 365 Personal subscribers, aimed at helping them recover files, protect data, and defend against malware.

New Agent Tesla Spyware Variant Discovered (SecurityWeek, Apr 07 2018)
A new variant of the Agent Tesla spyware has been spreading via malicious Microsoft Word documents, Fortinet reports.

Vulnerabilities Found in Linux ‘Beep’ Tool (SecurityWeek, Apr 09 2018)
Several vulnerabilities have been found in the Linux command line tool Beep, including a potentially serious issue introduced by a patch for a privilege escalation flaw.