A Review of the Best News of the Week on Cyber Threats & Defense

Typeform Reports Data Breach That Impacts Users of Survey Platform (eWEEK, Jul 02 2018)
The breach at Typeform is the second breach in June that once again exposed third-party vendor supply chain risks.

The Next Big Cyber-Attack Vector: APIs (SecurityWeek, Jun 28 2018)
The data breach at Panera Bread is a good example. The bakery-café chain left an unauthenticated API endpoint exposed on its website, allowing anyone to view customer information such as username, email address, phone number, last four digits of the credit card, birthdate, etc.

Scaling Network Security: The Scaled Network Security Architecture (Securosis, Jul 01 2018)
“You can start small, maybe implementing a SDN technology in front of your egress security controls to apply the policies we’ve discussed. Or possibly introducing a packet broker in front of a key application to make sure that appropriate security controls are not overwhelmed if a flood of traffic happens. You could start thinking about starting with micro-segmentation in your virtualized data center and map those capabilities to any new applications being deployed in IaaS (infrastructure as a service).”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Rising concerns over hackers using satellites to target US (TheHill, Jun 26 2018)
The rapidly expanding number of satellites transmitting GPS locations, cellphone signals and other sensitive information is creating new opportunities for hackers.

Cisco ASA and Firepower flaw exploited in the wild (Help Net Security, Jun 26 2018)
A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been released online on Friday.

How to Avoid Card Skimmers at the Pump (Krebs on Security, Jun 26 2018)
In virtually all cases investigated by the SAPD, the incidents occurred at filling stations using older-model pumps that have not yet been upgraded with physical and digital security features which make it far more difficult for skimmer thieves to tamper with fuel pumps and siphon customer card data (and PINs from debit card users).

91% of critical incidents involve known, legitimate binaries like PowerShell (Help Net Security, Jun 28 2018)
“Technology is changing rapidly, and as it does, attackers are shifting their techniques to match. The increase in router-based attacks is a prime example.”

Windows 10 security can be bypassed by Settings page weakness (Naked Security – Sophos, Jun 28 2018)
The file type used by Windows 10’s settings page can be used to trick Windows into running files it’s supposed to block.

Demystifying the Dark Web and Mitigating Risks (SecurityWeek, Jun 28 2018)
Threat modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats.

Free Thanatos Ransomware Decryptor Released (SecurityWeek, Jun 27 2018)
Cisco’s Talos team this week announced the availability of a free decryption tool to help victims of the Thanatos ransomware recover their files without paying the ransom.

Gentoo Linux Reports Hack of GitHub Mirror Site (eWEEK, Jun 29 2018)
Attackers were able to compromise a Gentoo Linux developer’s GitHub account and planted malware that aimed to erase user files.

Conservation of Threat (Schneier on Security, Jun 29 2018)
Here’s some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats.

Known Threat Actor Develops Malware Downloader (Infosecurity Magazine, Jun 25 2018)
Kardon Loader is a new malware downloader with full bot capabilities.

JASK raised $25M Series B financing to advance security operations (Help Net Security, Jun 29 2018)
JASK’s mission is to modernize security operations by delivering an asset-independent, open platform that provides prioritized threat information with an autonomous workflow of what, where, why and how SOC analysts should take action.

Hyperthreading under scrutiny with new TLBleed crypto key leak (Ars Technica, Jun 25 2018)
A new attack prompted OpenBSD’s developers to disable hyperthreading by default.

Number of Fake Homograph Domains Continues to Increase (Infosecurity Magazine, Jun 26 2018)
The number of IDN lookalike domain pages continues to increase

Money-eating cash machine RAT gobbles $17,500 (Naked Security – Sophos, Jun 26 2018)
A bank in India, faced with an ATM that wouldn’t dispense money despite apparently still containing plenty of cash…was opened up to reveal a dead rat, together with more than 1.2 million rupees (about $17,500) of munched-up banknotes.

PBot adware family growing longer (SC Magazine, Jun 27 2018)
The Python code-based PBot (PythonBot) adware family, much like its reptilian cousins, has continued to grow from when it was first spotted last year adding several new features, including a cryptocurrency miner.

Fastbooking Hack Leaves Japan Hotel Red-Faced (SecurityWeek, Jun 27 2018)
A Japanese hotel chain has apologised after more than 120,000 items of customer information were stolen in hacks of its reservations handled by French company Fastbooking.

Why Sharing Intelligence Makes Everyone Safer (Dark Reading, Jun 29 2018)
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.