Threats & Defense – The Week’s Best News – 2018.08.06

A Review of the Best News of the Week on Cyber Threats & Defense

Security world to hit Las Vegas for a week of hacking, cracking, fun (The Register, Aug 06 2018)
About a quarter of a century ago, a handful of hackers decided to have a party in a cheap hotel, and had a whale of a time. Fast forward to 2018, and that get-together has grown into events that will see an estimated 30,000 people converge on Las Vegas for the biggest security shindig in the world – the combination of Black Hat USA, DEF CON and BSidesLV.

How to defend yourself against SamSam ransomware (Naked Security – Sophos, Aug 02 2018)
Drawing on new research we look at how best to defend your organisation against SamSam.

Top 10 list of dark web activities that indicate a breach (Help Net Security, Aug 01 2018)
Research analysts at Terbium Labs released a list of the most common activities seen on the dark web that indicate a breach, or other unwanted incident, has taken place.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. What’s in the secret sauce?

Backdoors in Cisco Routers (Schneier on Security, Aug 01 2018)
We don’t know if this is error or deliberate action, but five backdoors have been discovered already this year….

How US Military Hackers Prepared to Hack the Islamic State (Motherboard, Aug 01 2018)
Documents obtained by Motherboard give insight into how hackers at CYBERCOM prepare before launching offensive cyber operations, including figuring out how likely an attack will be attributed back to them.

Intensifying DDoS attacks: ​Choosing your defensive strategy (Help Net Security, Aug 06 2018)
Shaul equates DDoS protection to a good chess strategy: the goal is to protect the king by taking out threats before they get close to him. If you wait until your opponent’s pieces are crowded round him, you’ve got no chance to defend against them in the long run.

Malware Hits Plants of Chip Giant TSMC (SecurityWeek, Aug 06 2018)
A piece of malware has caused significant disruptions in the factories of Taiwan Semiconductor Manufacturing Company (TSMC), the world’s biggest contract chipmaker.

The Explosive-Carrying Drones in Venezuela Won’t Be the Last (Wired, Aug 04 2018)
There’s still no good defense against drones attacks like the one that allegedly targeted Venezuelan president Nicolas Maduro Saturday.

Three Campaigns Targeted as Senate Pushes Security (Infosecurity Magazine, Jul 30 2018)
During a 29 July interview on “Face the Nation,” Sen. Jeanne Shaheen (D-N.H.) expressed concern over widespread phishing attacks against the Senate and political parties, according to The Hill.

Leaky radio devices broadcast chipset data, discover researchers (Naked Security – Sophos, Jul 31 2018)
Researchers at EURECOM S3 Group found that they can extract crypto keys from a set of run-of-the-mill communications chips just by listening to the noise it makes.

While you watched “The Emoji Movie,” a voting machine got hacked (CNET, Aug 02 2018)
Hackers find the foundation of democracy is on shaky ground thanks to shoddy technology.

Why Hijacked Search Results Makes Social Media Riskier for Business (eWEEK, Aug 01 2018)
The same thing can happen on social media where postings that are simply wrong are bolstered by those that are malicious. In addition, malicious actors can also create personas that closely resemble yours, or they can log on as you and take over your social media account. This seems to happen on Twitter with depressing regularity lately.

Accidental Cryptojackers: A Tale of Two Sites (Dark Reading, Jul 31 2018)
Why website operators need to know with whom they are doing business and how to close the loop on third-party vulnerabilities.

GCHQ on Quantum Key Distribution (Schneier on Security, Aug 01 2018)
The UK’s GCHQ delivers a brutally blunt assessment of quantum key distribution…

Google to warn G Suite admins of government-backed attacks (Help Net Security, Aug 02 2018)
Google started warning Gmail users of state-sponsored attacks in 2012 and now the option has been made available to G Suite admins.

Dept. of Energy to Test Electrical Grid Against Cyberattacks (Dark Reading, Aug 03 2018)
This is the first time the Department of Energy will test the electrical grid’s ability to recover from a blackout caused by cyberattacks.

Routers turned into zombie cryptojackers – is yours one of them? (Naked Security – Sophos, Aug 03 2018)
A patch was turned into an exploit and the exploit was turned into… why, CRYPTOCOINS, of course! Fortunately, there’s an easy fix.

Tripwire Data Collector uncovers blind spots in industrial cybersecurity (Help Net Security, Jul 30 2018)
Tripwire announced the debut of Tripwire Data Collector, a new cybersecurity solution to provide visibility into vulnerabilities and changes within operational technology (OT) environments.

Share on facebook
Share on twitter
Share on linkedin