A Review of the Best News of the Week on Cyber Threats & Defense

House Democrats list states with weakest election security in new report (Washington Post, Jul 16 2018)
House Democrats are trying to ramp up pressure to send more election security funding to states by spotlighting the ones they say are most vulnerable going into November.

Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data (Dark Reading, Jul 11 2018)
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.

Department of Commerce Report on the Botnet Threat (Schneier on Security, Jul 11 2018)
“Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic.”


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


New Spectre-like attack uses speculative execution to overflow buffers (Ars Technica, Jul 10 2018)
All the attacks follow a common set of principles. Each processor has an architectural behavior (the documented behavior that describes how the instructions work and that programmers depend on to write their programs) and a microarchitectural behavior (the way an actual implementation of the architecture behaves). These can diverge in subtle ways.

Ukraine Security Service Stops VPNFilter Attack at Chlorine Station (Dark Reading, Jul 12 2018)
The facility’s process control system and emergency-detection system were infected, Interfax Ukraine reports.

Do advances in voice technology pose a threat to enterprise security? (Help Net Security, Jul 12 2018)
UK organisations’ contradictory attitudes towards the voice channel, increasing the chances of their customers’, employees’ and partners’ data being exposed to unauthorised parties – and as a result falling foul of the GDPR.

Hackers break into newswire services, trade on what they find (Naked Security – Sophos, Jul 12 2018)
Some financially-motivated hackers go straight for the money, but others take a more circuitous route, going after information that they can use for profit. That’s what criminals convicted this week did until they were caught in 2015, earning millions in ill-gotten gains.

Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July
2018 Elections and Reveals Broad Operations Globally
(FireEye, Jul 16 2018)
FireEye has examined a range of TEMP.Periscope activity revealing extensive interest in Cambodia’s politics, with active compromises of multiple Cambodian entities related to the country’s electoral system.

Magecart presents an unprecedented threat: Here’s what you can do (Help Net Security, Jul 16 2018)
Given the growing consumer shift away from in-store towards ecommerce and the sheer number of global merchants affected by Magecart, this event is chilling in scope.

7 Ways to Keep DNS Safe (Dark Reading, Jul 10 2018)
A DNS attack can have an outsize impact on the targeted organization – or organizations. Here’s how to make hackers’ lives much more difficult.

EclecticIQ integrates with MITRE’s ATT&CK framework (Help Net Security, Jul 10 2018)
EclecticIQ announced the integration with MITRE’s ATT&CK (adversarial tactics, techniques, and common knowledge) Framework. The integration allows insights into tactics, techniques and procedures (TTP) of adversaries.

Gas thieves remotely pwn pump with mysterious device (Naked Security – Sophos, Jul 10 2018)
In broad daylight, over the course of about 90 minutes, thieves somehow remotely froze pump software and stole 600 gallons of gas.

Over 100 Vulnerabilities Patched in Adobe Acrobat, Reader (SecurityWeek, Jul 10 2018)
Adobe on Tuesday released security updates that patch 105 vulnerabilities in Acrobat and Reader, two in Flash Player, three in Experience Manager, and three in Connect.

SolarWinds acquires real-time threat-monitoring service Trusted Metrics (TechCrunch, Jul 10 2018)
SolarWinds, the company behind tools like Pingdom, Papertrail, Loggly and a number of other IT management tools, today announced it has acquired Trusted Metrics, a company that helps businesses monitor incoming threats to their networks and servers. This move follows SolarWinds’ acquisition of Loggly earlier this year.

Major International Airport System Access Sold for $10 on Dark Web (Dark Reading, Jul 11 2018)
Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.

Outdated DoD IT Jeopardizes National Security: Report (SecurityWeek, Jul 11 2018)
This report is solely about DoD IT managers’ attitude towards cloud migration — which is perhaps unsurprising since the survey was underwritten by AWS and Red Hat.

What are the options for securing SD-WAN? (Network World Security, Jul 12 2018)
A key component of SD-WAN is its ability to secure unreliable Internet links and identify anomalous traffic flows. SD-WAN technology providers are continuing to increase their native security features and to create robust ecosystems of network-security partners.

GandCrab Ransomware Continues to Evolve But Can’t Spread Via SMB Shares Yet (Dark Reading, Jul 13 2018)
Recent fears that this year’s most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.

How to Structure an Enterprise-Wide Threat Intelligence Strategy (Dark Reading, Jul 13 2018)
To keep an organization safe, you must think about the entire IT ecosystem.