A Review of the Best News of the Week on Cyber Threats & Defense

Cybercriminals on average have seven-day window of opportunity to attack (SC Magazine, May 31 2018)
Cybercriminals on average have a week to attack before potential victims even know they’re vulnerable.

E-Mail Vulnerabilities and Disclosure (Schneier on Security, Jun 04 2018)
These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client into sending a copy of the plaintext to a web server controlled by that attacker. The story of these vulnerabilities and the tale of how they were disclosed illustrate some important lessons about security vulnerabilities in general and e-mail security in particular.

The 3 Must Knows of Sandboxing (Infosec Island, Jun 04 2018)
Sandboxes have been touted as a high-ranking method to prevent a cyber-attack on organizations because they allow you to test everything before it can affect your production environment. But does that come with a cost and are they as effective as vendors would like us to believe?

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Europol Creates Dark Web Investigations Team (SecurityWeek, May 29 2018)
The European Union’s law enforcement agency today announced the creation of a dedicated team that will be investigating activity across the dark web.

Dozens of Vulnerabilities Discovered in DoD’s Enterprise Travel System (Dark Reading, May 30 2018)
In less than one month, security researchers participating in the Pentagon’s Hack the Defense Travel System program found 65 vulnerabilities.

US Government Botnet Report Warns about Lack of Security Tool Use (eWEEK, May 31 2018)
Report to the President from the Departments of Commerce and Homeland Security reveals defensive gaps against distributed attacks and calls on industry to do more.

Cloudflare mistakes own DNS for DDoS attack (Naked Security – Sophos, Jun 04 2018)
When is a DDoS attack not a DDoS attack? When it’s caused by your own recently-launched DNS service.

State elections systems still hackable, report (SC Magazine, Jun 01 2018)
Recent data breaches, vulnerable voting machines, inconsistent security practices a complex decentralized election system provide several attack vectors for attackers looking to influence elections.

Brazilian Banking Trojan Communicates Via Microsoft SQL Server (Threatpost, May 29 2018)
Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control (C&C) server and a full-screen social-engineering overlay form.

An acoustic attack can blue screen your Windows computer (Graham Cluley, May 30 2018)
Security researchers have demonstrated how attackers could cause physical damage to hard drives, and cause PCs to crash, just by playing sounds through a computer’s speaker.

New Paper Published: “How to Start Your Threat Detection and Response Practice” (Gartner Blog Network, May 30 2018)
This is a very special paper that is very dear to my heart (and hopefully to Augusto’s as well). It is called “How to Start Your Threat Detection and Response…

Nothing to do with spying on people’: Dutton touts potential new cybersecurity powers (ABC Austrailia, May 29 2018)
Home Affairs Minister Peter Dutton says the Government is actively considering the domestic use of the highly secretive cybersecurity agency, the Australian Signals Directorate (ASD), to protect critical infrastructure as well as counter cybercrime.

Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net (Dark Reading, May 29 2018)
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.

Analyst-centric Security Operations (CSO Online, May 30 2018)
analyst-centric security operations technologies, which are designed to offer: Noise cancelling assistance, One console for all data, Canned models and routines, and Continuous learning and sharing.

FBI, DHS share intel on RAT and worm linked to North Korea (SC Magazine, May 30 2018)
The FBI and Department of Homeland Security on Tuesday jointly released a pair of technical alerts via the US-CERT warning of two malware families dating back to at least 2009 that it has tied to suspected North Korea-sponsored APT group Hidden Cobra.

Report: Cross-Site Scripting Still Number One Web Attack (Dark Reading, Jun 01 2018)
SQL injection is the second most common technique, with IT and finance companies the major targets.

WordPress Disables Plugins That Expose e-Commerce Sites to Attacks (SecurityWeek, Jun 01 2018)
Researchers discovered vulnerabilities in ten WordPress plugins made by a company for e-commerce websites powered by the WooCommerce platform. WordPress disabled many of them after the developer failed to release patches.