A Review of the Best News of the Week on Cyber Threats & Defense

Researchers use power lines to exfiltrate data from air-gapped computers (Help Net Security, Apr 13 2018)
Researchers from the Ben-Gurion University of the Negev have come up with another way to exfiltrate data from air-gapped computers: this time, its via malware that can control the power consumption of the system.

Avoiding the Ransomware Mistakes that Crippled Atlanta (Dark Reading, Apr 12 2018)
What made Atlanta an easy target was its outdated use of technology: old computers running on non-supported platforms, which are also a characteristic of many municipalities and most major cities.

How many can detect a major cybersecurity incident within an hour? (Help Net Security, Apr 11 2018)
Less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour, according to LogRhythm.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Emergency alert systems used across the US can be easily hijacked (Help Net Security, Apr 10 2018)
A vulnerability affecting emergency alert systems supplied by ATI Systems, one of the leading suppliers of warning sirens in the USA, could be exploited remotely via radio frequencies to activate all the sirens and trigger false alarms.

Thousands of compromised websites spreading malware via fake updates (Graham Cluley, Apr 13 2018)
Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates.

Word Attachment Delivers FormBook Malware, No Macros Required (Threatpost, Apr 09 2018)
A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware.

Cybersecurity situation room accelerates security operations (Help Net Security, Apr 11 2018)
ThreatQuotient launched ThreatQ Investigations, a cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response.

Symantec Now Offers Threat Detection Tools Used by its Researchers (Dark Reading, Apr 16 2018)
TAA now is part of Symantec’s Integrated Cyber Defense Platform.

Capsule8 Launches Zero-Day Threat Detection Platform for Linux (eWEEK, Apr 11 2018)
More than a year after first emerging from stealth, container security startup Capsule8 launches the 1.0 version of its zero-day threat detection platform.

Fraudsters Using HTTP Injectors to Steal Internet Access: Flashpoint (eWEEK, Apr 09 2018)
Fraudsters in Latin America are manipulating HTTP headers with injector files that are enabling unauthorized internet access.

AMD systems gain Spectre protection with latest Windows fixes (Ars Technica, Apr 11 2018)
Systems will still need updated firmware to get the latest microcode, however.

URL file attacks spread Quant Loader (SC Magazine, Apr 11 2018)
A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers

The ransomware that says, “I don’t want money” – play a violent game instead! (Naked Security – Sophos, Apr 13 2018)
Ransomware that lets you play to pay…

U.K. intel director discloses offensive cyber campaign against ISIS, lambastes Russia (SC Magazine, Apr 12 2018)
In his first public speech, the U.K.’s GCHQ Director Jeremy Fleming acknowledged that the agency recently coordinated a major cyber offensive operation against ISIS, significantly crippling the terrorist group’s ability to recruit and coordinate attacks online.

Researchers Sinkhole Deep-Rooted “EITest” Infection Chain (SecurityWeek, Apr 13 2018)
Proofpoint on Thursday said that it has managed to sinkhole what could be the oldest “infection chain” out there, which redirected users to exploit kits (EKs), social engineering schemes, and other malicious or fraudulent operations.