A Review of the Best News of the Week on Cyber Threats & Defense

Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers (Threatpost, May 04 2018)
A backdoor could be exploited to allow an attacker to manipulate the implants and cause heart problems and even death,

10 Reasons To Break Up With Your Legacy SIEM (SecurityWeek, May 02 2018)
The Value Most Organizations Get Out of Their SIEM Deployment is Far Lower Than it Used to Be

The Decreasing Usefulness of Positive Visual Security Indicators (and the Importance of Negative Ones) (Troy Hunt, May 07 2018)
Look, in there, you need a padlock when you pay for stuff. If there isn’t one, the website could be fake.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

How have network firewalls evolved? (Network World Security, May 01 2018)
Firewalls have become ubiquitous across the enterprise IT landscape because of their proven ability to stop bad traffic from entering corporate networks and protect a company’s most valuable assets. So how have firewalls evolved over the years and what are the latest trends in firewall security?

All Chrome OS Devices Now Protected Against Meltdown (SecurityWeek, Apr 30 2018)
The latest version of Chrome OS now keeps all devices protected from Meltdown, Google says.

USB Sticks Can Trigger BSOD – Even on a Locked Device (Threatpost, Apr 30 2018)
Thanks to auto-play, it’s possible to crash Windows systems by simply inserting the drive into the USB port, no further user interaction necessary.

Spectre Returns with 8 New Variants (Dark Reading, May 04 2018)
Researchers have discovered versions of the processor vulnerability.

LookingGlass Acquires Threat Intelligence Platform From Goldman Sachs (SecurityWeek, May 07 2018)
Called Sentinel, the platform was built by Goldman Sachs engineers and served as the firm’s in-house Security Information and Event Management (SIEM) to manage cyber threat intelligence.

Zero-Day vulnerability found in two Schneider Electric ICS products (SC Magazine, May 02 2018)
Tenable Security researchers have revealed a Zero Day flaw in two Schneider Electric industrial controller that if exploited could give an attacker an attack the ability to remotely execute code with high privileges.

PyRoMine Malware Sets Security Industry on Fire (Infosec Island, May 03 2018)
This time in the form of PyRoMine, a Python-based malware which uses an NSA exploit to spread to Windows machines while also disabling security software and allowing the exfiltration of unencrypted data. By also configuring the Windows Remote Management Service, the machine becomes susceptible to future attacks.

Cat burglar: Kitty cryptominer targets web application servers, then spreads to app users (SC Magazine, May 03 2018)
A newly uncovered cryptojacking malware named Kitty attempts to infect web application servers by exploiting the recently discovered Drupalgeddon 2.0 RCE vulnerability. But what makes this malicious miner stand out among its peers is that after compromising the server, it seeks to infect future users of the apps running on the server.

Tens of Thousands of Malicious Apps Using Facebook APIs (Threatpost, May 01 2018)
The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls.

Millions of Home Fiber Routers Vulnerable to Complete Takeover (Threatpost, May 01 2018)
Exploitation can result in hackers gaining access to full browsing histories and all of the user’s internet activities.

Lenovo Patches Arbitrary Code Execution Flaw (Threatpost, May 07 2018)
Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line.

LoJack Attack Finds False C2 Servers (Dark Reading, May 01 2018)
A new attack uses compromised LoJack endpoint software to take root on enterprise networks.

Privilege Escalation Bug Lurked in Linux Kernel for 8 Years (SecurityWeek, May 01 2018)
A security vulnerability in a driver leading to local privilege escalation in the latest Linux Kernel version was introduced 8 years ago, Check Point reveals.

Detecting Laptop Tampering (Schneier on Security, May 04 2018)
Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering…

Poor passwords and self-induced flaws leave ICS easily accessible to hackers (SC Magazine, May 04 2018)
Positive Technologies found 73 percent of corporate information systems (CIS) have insufficient perimeter defenses, but making the situation much worse is that if a hacker gains entry into the CIS the attacker has an 82 percent chance of penetrating the industrial network.

Defending Against an Automated Attack Chain: Are You Ready? (Dark Reading, May 07 2018)
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.