A Review of the Best News of the Week on Cyber Threats & Defense

CIA Network Exposed Through Insecure Communications System (Schneier on Security, Aug 29 2018)
People died because of that mistake. The moral — which is to go back to pre-computer systems in these high-risk sophisticated-adversary circumstances — is the right one, I think.

RansomWarrior Defeated with Decryption Tool (Infosecurity Magazine, Sep 03 2018)
“Written in .NET, the executable itself isn’t obfuscated, packed, or otherwise protected, suggesting those behind it are relatively new to the game. In fact, the ‘encryption’ used by the ransomware is a stream cipher using a key randomly chosen from a list of 1000 hard-coded keys in RansomWarrior’s binary code,” said Check Point.

Booz Allen researchers find new POS malware with no data exfiltration capabilities (SC Magazine, Aug 28 2018)
Researchers have discovered a point-of-sale malware program, RtPOS, that saves payment card data locally but does not exfiltrate it to a command-and-control server, perhaps so its activity is less likely to be detected as anomalous.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Fileless Attacks Jump 94% in First Half of 2018 (Dark Reading, Aug 28 2018)
While ransomware is still popular, fileless and PowerShell attacks are the threats to watch this year.

Windows zero-day flaw and PoC unveiled via Twitter (Help Net Security, Aug 28 2018)
A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter. The user in question deleted the account soon after, but not before sharp-eyed security researchers were able to follow the link to the GitHub repository hosting the PoC exploit. Will Dormann, a vulnerability analyst at the CERT/CC, tested the exploit and confirmed that it “works well in a fully-patched 64-bit Windows 10 system.”

How Full Admin Rights Could Pose a Threat to Your Business (Infosec Island, Aug 28 2018)
…privileged account management should be one of the top priorities for CISOs when it comes to security.

7 Steps to Start Searching with Shodan (Dark Reading, Aug 29 2018)
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.

Wireshark can be crashed via malicious packet trace files (Help Net Security, Aug 31 2018)
The Wireshark team has plugged three serious vulnerabilities that could allow an unauthenticated, remote attacker to crash vulnerable installations. Wireshark is the world’s most popular network protocol analyzer. The software is free and open source.

All Data is Security Data: A Shift in Thinking (Chris Jordan @ Fluency, Aug 31 2018)
As the number of successful cyberattacks increase, so do companies’ costs. Any idea why? It’s nearly always associated with the amount of data collected, and the use of outdated solutions that weren’t intended to store a day’s worth of modern data collection, let alone a year’s.

Advanced Persistent Tenacity (Securosis Blog, Sep 03 2018)
Mike and Rich discuss the latest Wired piece in Notpetya and how advanced attacks, despite the hype, are very much still alive and well. These days you might be a victim not because you are targeted, but because you are a pivot to a target or share some underlying technology. As a new Apache Struts vulnerability rolls out, we thought it a good time to re-address some fundamentals and evaluate the real risks of both widespread and targeted attacks.

New Pen Test Tool Tricks Targets with Microsoft WCX Files (Dark Reading, Aug 30 2018)
The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.

How lucrative is web-based cryptojacking? (Help Net Security, Aug 31 2018)
1 out of 500 of the one million most visited websites according to Alexa contains a web-based cryptominer that starts mining as soon as the website has been opened in the browser, researchers from the Braunschweig University of Technology have found.

Eavesdropping on Computer Screens through the Webcam Mic (Schneier on Security, Aug 31 2018)
Yet another way of eavesdropping on someone’s computer activity: using the webcam microphone to “listen” to the computer’s screen.

Old “Misfortune Cookie” flaw opens medical gateway and devices to attack (Help Net Security, Aug 29 2018)
A vulnerability in Qualcomm Life Capsule Datacaptor Terminal Server (DTS) can be easily exploited to allow attackers to execute unauthorized code to obtain administrator-level privileges on the device.

Machine Identity Failings Expose Firms (Infosecurity Magazine, Aug 30 2018)
nd every single one of them needs an identity in order to communicate with other machines securely.” Unfortunately, while IAM in the context of human identities is maturing, this failure to protect digital entities represents a coming security storm.

Cisco Data Center Network Manager flaw allows unauthorized access to sensitive information (SC Magazine, Aug 29 2018)
A vulnerability in Cisco’s Data Center Network Manager could allow a remote attacker to gain access to sensitive information.

Loki Bot Attacks Target Corporate Mailboxes (SecurityWeek, Aug 30 2018)
The emails employ various lures to trick potential victims into opening malicious attachments that would deploy the Loki Bot stealer onto the target machines. The messages masquerade as notifications from other companies, or as orders and offers.

Hundreds of Banks Exposed from Fiserv Flaw (Infosecurity Magazine, Aug 30 2018)
Fiserve deployed a security patch within 24 hours of receiving the flaw notification.

New Cobalt Campaign Targets Russian and Romanian Banks (SecurityWeek, Aug 30 2018)
A new campaign by the Russia-based Cobalt hacking group was observed on August 13, 2018. Cobalt is best-known for targeting financial institutions, and this campaign is no different. Two targets have been identified to date: NS Bank in Russia and Carpatica/Patria in Romania.

CISOs Reveal the Most Likely Culprits for Data Leaks (Infosecurity Magazine, Aug 31 2018)
Data security issues can be profoundly damaging. How can your organization avoid them?