A Review of the Best News of the Week on Cyber Threats & Defense

Google: Security Keys Neutralized Employee Phishing (Krebs on Security, Jul 23 2018)
“Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.”

MoneyTaker Grabs $1m from PIR Bank (Infosecurity Magazine, Jul 20 2018)
…by compromising a router used by one of the bank’s regional branches.

Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations (Digital Shadows, Jul 22 2018)
“For this blog we have used the MITRE ATT&CK™ framework as our methodology to play back the findings of the indictment. In doing so, we aim to provide key lessons organizations can take away from this indictment.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Less Than Half of Cyberattacks Detected via Antivirus: SANS (Dark Reading, Jul 16 2018)
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.

Memory Protection beyond the Endpoint (Infosec Island, Jul 16 2018)
Re-engineering security solutions to fit the new infrastructure, performance, and scalability needs of organizations is crucial as advanced threats often exploit security blind spots.

Attention all passengers: Airport networks are putting you at risk! (Help Net Security, Jul 19 2018)
To identify the airports with the greatest cyber risk, Coronet collected data from more than 250,000 consumer and corporate endpoints that traveled through America’s 45 busiest airports over the course of five months. Researchers then analyzed the data consisting of both device vulnerabilities and Wi-Fi network risks, which was captured from the company’s threat protection applications.

Canada tackles malicious online advertising (WeLiveSecurity, Jul 20 2018)
Federal agency issues Notices of Violation to Datablocks and Sunlight Media for allegedly facilitating the installation of malware through online advertising

New Report on Chinese Intelligence Cyber-Operations (Schneier on Security, Jul 20 2018)
The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years.

A Global Guide to State-Sponsored Trolling (Bloomberg, Jul 21 2018)
Trolling by states and parties is changing the political landscape of entire nations, according to journalists and politicians.

SSRF Flaw Exposed Information From Google’s Internal Network (SecurityWeek, Jul 23 2018)
A researcher has earned a significant bug bounty from Google after finding a serious server-side request forgery (SSRF) vulnerability that exposed information from the tech giant’s internal network.

Calisto macOS Backdoor Remained Undetected for Two Years (SecurityWeek, Jul 23 2018)
A recently discovered backdoor targeting macOS systems remained undetected for at least two years, according to security firm Kaspersky Lab.

Robotics supplier’s sloppy security leaks ten years’ worth of data from major car manufacturers (Graham Cluley, Jul 23 2018)
Security researchers have discovered 157 gigabytes of sensitive data from over 100 manufacturing companies left exposed online for anyone to access.

North Korean Hackers Launch New ActiveX Attacks (SecurityWeek, Jul 17 2018)
A new series of reconnaissance attacks targeting ActiveX objects has been associated with the North Korean-linked Andariel group, a known branch of the notorious Lazarus Group.

A deep dive down the Vermin RAThole (WeLiveSecurity, Jul 17 2018)
In this blogpost, ESET sums up the findings published in full in a white paper “Quasar, Sobaken and Vermin: A deeper look into an ongoing espionage campaign”.

Siemens Informs Customers of New Meltdown, Spectre Variants (SecurityWeek, Jul 17 2018)
Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1.

Federal Agencies Struggle with DMARC Compliance (Infosecurity Magazine, Jul 18 2018)
SPF and DMARC gaps slow email authentication in federal agencies, according to Proofpoint.

Securing U.S. Democracy: Athenian Project Update (Cloudflare, Jul 19 2018)
Last December, Cloudflare announced the Athenian Project to help protect U.S. state and local election websites from cyber attack.
Since then, the need to protect our electoral systems has become increasingly urgent.

DOJ to publicly disclose election tampering schemes (Naked Security – Sophos, Jul 23 2018)
Under a new policy, US organizations and individuals will be told if they’re the target of foreign operations trying to influence elections.

10 Ways to Protect Protocols That Aren’t DNS (Dark Reading, Jul 16 2018)
Here’s how to safeguard three other network foundation protocols so they don’t become weapons or critical vulnerabilities.

US Retail Weak in Encryption, Security Practices (Infosecurity Magazine, Jul 18 2018)
Research finds security spending for retailers is up but not aligning with risk.