A Review of the Best News of the Week on Cyber Threats & Defense

World Cup watching: The common threats found (WeLiveSecurity, Jun 13 2018)
On the eve of the 2018 FIFA World Cup in Russia, we take a closer look at the possible cybersecurity risks that exist on sports-streaming websites

Meet ‘Bro’: The Best-Kept Secret of Network Security (Dark Reading, Jun 14 2018)
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.

Paul Manafort accused of ‘foldering’ to hide communications (Graham Cluley, Jun 16 2018)
You make an email account and share the password to the account with the person you wish to communicate with. Then you write your message but crucially don’t send it. Instead, you save it as a draft.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Intel Discloses Yet Another Side Channel Vulnerability (Dark Reading, Jun 14 2018)
The problem exists in the way the microprocessors handle a technique called Lazy FP state restore for saving and restoring an application’s state. As Intel describes it, system software running on Intel Core-based microprocessors may use the Lazy FP state restore technique to delay the restoring of an application’s state in memory until when it is actually needed.

Cyber Attack Aims to Manipulate Mexican Election (SecurityWeek, Jun 18 2018)
In the run-up to Mexico’s July 1 presidential election, a website operated by the rightist National Action Party (PAN) was taken off-line for several hours by a DDoS attack.

Weaponizing IPv6 to Bypass IPv4 Security (Dark Reading, Jun 12 2018)
Just because you’re not yet using IPv6 doesn’t mean you’re safe from the protocol’s attack vectors.

MIT researchers develop frequency-hopping transmitter that fends off attackers (SC Magazine, Jun 11 2018)
Academic researchers say they have invented a transmitter that can secure billions of Internet of Things products by individually scattering each bit of data that a device wirelessly sends out onto different radio frequency channels, thus preventing attackers from intercepting a full packet and manipulating its data.

New Hack Weaponizes the Web Cache (Dark Reading, Jun 12 2018)
Researcher exploits design flaws in Web caching to take control of popular websites, frameworks – and the Mozilla Firefox browser infrastructure.

Spectre variant 4 fix included in Microsoft Patch Tuesday rollout (SC Magazine, Jun 12 2018)
Microsoft’s June 2018 Patch Tuesday cumulative rollout for Windows 10 contains a mitigation for the fourth Spectre variant known as known as Speculative Store Bypass (CVE-2018-3639).

US government report highlights gaps in battle against botnets (WeLiveSecurity, Jun 13 2018)
The report also identifies goals that are intended to help mitigate risks associated with botnets and to increase the resilience of the internet ecosystem

Serious Security: How three minor bugs make one major exploit (Naked Security – Sophos, Jun 13 2018)
In this story, three webcam bugs that weren’t critical one-by-one could be combined into an exploit giving total device takeover.

Every Business Can Have Visibility into Advanced and Sophisticated Attacks (Infosec Island, Jun 18 2018)
Building a strong security ecosystem is about having both the shield and the sword working together to increase the overall security posture of the organization.

Chinese Hackers Target National Datacenter in Watering Hole Spree (Infosecurity Magazine, Jun 15 2018)
LuckyMouse hackers looked to compromise multiple government websites

MuddyWater trojan campaign adds a few new notes (SC Magazine, Jun 15 2018)
The malicious actors behind the MuddyWater campaign have given the malware a facelift changing the way the malicious files are executed and altering the social engineering used to entice its victims to open the infected Word document.