A Review of the Best News of the Week on Cyber Threats & Defense

Critical PGP Vulnerability (Schneier on Security, May 14 2018)
EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME….sounds like a protocol vulnerability….

A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan (FireEye, May 14 2018)
Although exploit kit activity is on the decline, FireEye recently observed RIG Exploit Kit delivering a Trojan named Grobios.

Hackers can jump from passenger Wi-Fi to train control networks (Help Net Security, May 14 2018)
Network segregation tops the list, of course. “Ensure that your passengers can ONLY route traffic from their devices to the internet,” he advises. “The wireless router admin interface should not be accessible to passengers either: an access control list should be in place to prevent this.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

8 Ways Hackers Can Game Air Gap Protections (Dark Reading, May 11 2018)
Isolating critical systems from connectivity isn’t a guarantee they can’t be hacked.

A Year Later, WannaCry Ransomware Persists (PCMag, May 12 2018)
A huge swath of Windows machines across the world have yet to install patches that can ward off the attack’s infection method, says security firm Kryptos Logic.

Despite Efail, the sky is not falling (Graham Cluley, May 14 2018)
The Efail attack on encrypted emails is sneaky, but it doesn’t seem to be all that it’s hyped up to be.

Detecting Cloned Cards at the ATM, Register (Krebs on Security, May 14 2018)
Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card’s magnetic stripe. But new research suggests retailers and ATM operators could reliably detect counterfeit cards using a simple technology that flags cards which appear to have been altered by such tools.

Why DDoS Just Won’t Die (Dark Reading, May 07 2018)
Distributed denial-of-service attacks are getting bigger, badder, and ‘blended.’ What you can (and can’t) do about that.

Bad guys have something new to play with! Microsoft Excel adds support for JavaScript (Graham Cluley, May 08 2018)
Microsoft has launched some new features in its Excel spreadsheet software that will boost its power. But will that only be for the benefit of users?

Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed (Threatpost, May 11 2018)
Researchers maintain Microsoft’s vaunted Arbitrary Code Guard in the Edge browser can’t stop hackers from mounting attacks.

Proofpoint Sounds Warning on Vega Stealer Targeted Data Theft Campaign (Dark Reading, May 11 2018)
Marketing, PR, and advertising firms are among those being targeted.

SynAck Ransomware Gets Dangerous ‘Doppleganging’ Feature (Dark Reading, May 07 2018)
New Process Doppelganging, obfuscation features makes the malware much harder to spot and stop.

Understanding the Role of Multi-Stage Detection in a Layered Defense (Infosec Island, May 08 2018)
Basically, it boils down to detecting malware before, or after, it gets executed on the victim’s endpoint. Layered security solutions often cover these detection stages with multiple security technologies specifically designed to detect and prevent zero-day threats, APTs, fileless attacks and obfuscated malware from reaching or executing on the endpoint.

Zero-day flaw exploited in targeted attacks is fixed by Microsoft (Graham Cluley, May 10 2018)
This month’s Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks.

Gandcrab Ransomware Exploits Website Vulnerabilities (Dark Reading, May 11 2018)
Researchers find campaigns distributing Gandcrab by hosting malware on legitimate websites with poor security measures.

Danish Railway Company DSB Suffers DDoS Attack (Infosecurity Magazine, May 14 2018)
Passengers unable to purchase tickets as systems taken down

New PowerShell Backdoor Discovered (SecurityWeek, May 14 2018)
A recently detected PowerShell backdoor can steal information and execute various commands on the infected machines.