Threats & Defense – The Week’s Best News – 2018.08.20

A Review of the Best News of the Week on Cyber Threats & Defense

Hacker Unlocks ‘God Mode’ and Shares the ‘Key’ (Dark Reading, Aug 13 2018)
A researcher proves that it’s possible to break the most fundamental security on some CPUs.

In-flight satellite comms vulnerable to remote attack, researcher finds (Naked Security – Sophos, Aug 13 2018)
On a journey between Madrid and Copenhagen, researcher Ruben Santamarta decided to use Wireshark to study the aircraft’s in-flight Wi-Fi.

How to protect your infrastructure from DNS cache poisoning (Network World Security, Aug 16 2018)
When your company’s internet access, VoIP and email all depend on DNS, you have to ensure your DNS server is protected against DNS spoofing attacks. One solution: DNSSEC.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Intel’s SGX blown wide open by, you guessed it, a speculative execution attack (Ars Technica, Aug 14 2018)
Speculative execution attacks truly are the gift that keeps on giving.

Oracle: Apply Out-of-Band Patch for Database Flaw ASAP (Dark Reading, Aug 14 2018)
Flaw in the Java VM component of Oracle’s Database Server is easily exploitable, security experts warn.

Vulnerabilities in smart card drivers open systems to attackers (Help Net Security, Aug 13 2018)
“A lot of attacks against smart cards have been performed in the past but not much work has focused on hacking the driver side of the smart card stack [the piece of software that interacts with chip cards when a card is inserted into reader]. Smartcard drivers present a very interesting target from the attackers point of view since they contain multiple parsers and usually run with high privileges (e.g. root on linux systems),” Sesterhenn pointed out.

New PHP Exploit Chain Highlights Dangers of Deserialization (Dark Reading, Aug 15 2018)
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.

Georgia voter records exposure raises election security concerns (SC Magazine, Aug 15 2018)
With the midterms approaching, election systems are in need of greater safeguards, security pros said.

Networking vendors patch ​against new cryptographic attack (Help Net Security, Aug 15 2018)
Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, researchers have found.

Microsoft Fixes 60 Flaws Including Two Zero-Days (Infosecurity Magazine, Aug 15 2018)
No let-up for August Patch Tuesday

Variant of KeyPass Trojan Takes Manual Control (Infosecurity Magazine, Aug 13 2018)
The malware reportedly uses a simple scheme to encrypt data at the beginning of each file. Designed by the Trojan’s developers, the symmetric algorithm AES-256 is in CipherFeedback (CFB) mode with zero IV and the same 32-byte key for all files.

FBI Eyes Plethora of River-Related Threats (SecurityWeek, Aug 15 2018)
Giant cranes loading and unloading gargantuan barges. Oil tankers, supply vessels and pipelines serving a vital energy industry. Flood control structures. Chemical plants. Cruise ships. Drinking water sources. All computer-reliant and tied in some way to the internet. All of them vulnerable to cyber thieves, hackers and terrorists.

FireEye warns China’s Belt and Road Initiative will spark uptick in cyberespionage (SC Magazine, Aug 16 2018)
FireEye researchers are cautioning Malaysian organizations to be on the lookout for elevated cyberespionage attacks.

The Rise of Bespoke Ransomware (Dark Reading, Aug 17 2018)
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.

The 5 Challenges of Detecting Fileless Malware Attacks (Dark Reading, Aug 17 2018)
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.

Share on facebook
Share on twitter
Share on linkedin