A Review of the Best News of the Week on Cyber Threats & Defense

Invisible Mouse Clicks Let Hackers Burrow Deep into MacOS (Wired, Aug 12 2018)
A former NSA hacker finds a new way malware can take control of a Mac’s mouse for a powerful intrusion technique.

Macs in Enterprise Can Be Hacked on First Boot (SecurityWeek, Aug 10 2018)
Researchers have demonstrated that brand new Mac computers used in enterprise environments can be hacked by sophisticated threat actors on the first boot through Apple’s mobile device management (MDM) protocol.

Fax Machines Are Still Everywhere, and Wildly Insecure (Wired, Aug 12 2018)
Researchers have demonstrated that sending a single malicious fax is all it takes to break into a network.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Researchers Release Free TRITON/TRISIS Malware Detection Tools (Dark Reading, Aug 08 2018)
Team of experts re-creates the TRITON/TRISIS attack to better understand the epic hack of an energy plant that ultimately failed.

PGA of America Struck By Ransomware (Dark Reading, Aug 09 2018)
Hackers provided a Bitcoin wallet number, though no specific ransom amount was demanded, for the return of files.

Election Officials Discuss Efforts to Bolster Voting System Security (eWEEK, Aug 12 2018)
At Defon in Las Vegas, election officials talk about potential cyber-security and some of the steps they are taking to improve voting system security.

F5 Details Cellular Gateway IoT Flaws at Black Hat (eWEEK, Aug 11 2018)
Justin Shattuck, principal threat researcher for F5 Labs, explains how he discovered flaws in cellular gateways that could be putting critical infrastructure at risk.

Car Hackers Discuss What It Takes to Secure Autonomous Vehicles (eWEEK, Aug 11 2018)
Car hackers Charlie Miller and Chris Valasek provide their views on what’s needed in autonomous car security.

Software supply chain attacks: preventing and mitigating “the next ransomware” (SC Magazine, Aug 09 2018)
Think about a few common examples: HR uses software to manage employee benefits, accounting uses finance software to keep maintain visibility into the movement of assets, employees use software for internal communication.

Researchers Find Flaws in WPA2’s 4-way Handshake Implementations (SecurityWeek, Aug 09 2018)
Researchers have discovered several security vulnerabilities in implementations of Wi-Fi Protected Access two (WPA2)’s 4-way handshake, which is used by nearly all protected Wi-Fi networks.

Breaking Down the PROPagate Code Injection Attack (Dark Reading, Aug 08 2018)
What makes PROPagate unique is that it uses Windows APIs to take advantage of the way Windows subclasses its window events.

So I’ve Removed Admin Rights…What Now? (Infosecurity Magazine, Aug 08 2018)
Restricting user admin rights is just one important part of improving data security.

Black Hat Talk Reveals How Embedded Systems Expose Airlines to Risk (eWEEK, Aug 08 2018)
Security firm IOActive is set to disclose multiple vulnerabilities in the embedded systems used for satellite communications and in-flight WiFi, revealing the larger challenge of supply chain risk.

US-CERT Warns of New Linux Kernel Vulnerability (Dark Reading, Aug 07 2018)
Patches now available to prevent DoS attack on Linux systems.

Expect API Breaches to Accelerate (Dark Reading, Aug 07 2018)
APIs provide the digital glue that binds apps, cloud resources, app services and data all together – and they’re increasingly an appsec security threat.

TLBleed Side-Channel CPU Attack Detailed at Black Hat (eWEEK, Aug 11 2018)
Security researcher Ben Gras from VU University details a new side-channel attack method against CPU caches.

Risk of Fraud in Mobile Point-of-Sale Device Flaw (Infosecurity Magazine, Aug 10 2018)
Researchers at Black Hat reveal a vulnerability in mPOS terminals.

US-CERT issues malware analysis on KEYMARBLE RAT, attributes threat to North Korea (SC Magazine, Aug 10 2018)
Through its US-CERT division, the U.S. Department of Homeland Security yesterday issued a new analysis report on a remote access trojan called KEYMARBLE that the agency says has been attributed to Hidden Cobra, a suspected North Korean APT actor.

Ransomware attack at Blue Springs Family Care in Missouri affects 45,000 patients (SC Magazine, Aug 09 2018)
Blue Springs Family Care in Missouri was hit by a ransomware attack that compromised the information of nearly 45,000 patients.

Flaws in Siemens Tool Put ICS Environments at Risk (SecurityWeek, Aug 09 2018)
Serious vulnerabilities discovered by researchers in Siemens’ TIA Portal for SIMATIC STEP7 and SIMATIC WinCC can be exploited by threat actors for lateral movement and other purposes in ICS environments.