A Review of the Best News of the Week on Cyber Threats & Defense

Verizon details breaches they were called in to investigate (Help Net Security, Sep 10 2018)
Each story is told from a different perspective, and from a different business sector. Each of them details the lessons learned and offers advice on detection, response, mitigation and prevention. Some tell the by-now familiar stories of a business losing money to BEC scammers and social engineering attacks hitting the IT help desk. Other studies deal with cyberespionage, cryptojacking, PoS intrusions, ICS attacks, complex identity theft scenarios, and more.

Apple Removes Top Security Tool for Secretly Stealing Data (Infosecurity Magazine, Sep 10 2018)
Apple has been forced to remove one of the most popular security apps on its Mac App Store after it was found to be secretly exfiltrating browser data to China.

Oracle Products Affected by Exploited Apache Struts Flaw (SecurityWeek, Sep 04 2018)
Oracle informed customers over the weekend that some of the company’s products are affected by a critical Apache Struts 2 vulnerability that has been exploited in the wild.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Credit card gobbling code found piggybacking on ecommerce sites (Naked Security – Sophos, Sep 04 2018)
Magento is to ecommerce what WordPress is to blogging – you can run the open source version on your own servers; you can use an ecommerce partner who’ll run a Magento instance for you; or you can sign up for Magento’s own cloud platform.

Could home appliances knock down power grids? (WeLiveSecurity, Sep 06 2018)
Far-fetched though it may sound, the answer is yes, according to researchers, who show that electrical grids and smart home appliances could make for a dangerous mix

Browser Extensions: Are They Worth the Risk? (Krebs on Security, Sep 05 2018)
“Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine.”

China’s MSS using LinkedIn against the U.S. (CSO Online, Aug 31 2018)
The head of the U.S. National Counterintelligence and Security Center says China’s MSS is using social networks, specifically LinkedIn, to target, access, and recruit U.S. sources.

IBM Identifies Ongoing FIN6 Attacks Against PoS Targets (eWEEK, Sep 06 2018)
IBM’s X-Force Incident Response and Intelligence Services (IRIS) has identified sophisticated fileless attacks from a group known as FIN6, involving millions of unique credit cards.

Microsoft to Charge for Windows 7 Security Updates (SecurityWeek, Sep 07 2018)
Microsoft this week revealed plans to offer paid Windows 7 Extended Security Updates (ESU) for three years after traditional support for the operating system will officially end.

NIST Releases Draft on BGP Security (Dark Reading, Sep 05 2018)
“Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation,” is open for public comment until Oct. 15.

Attackers Employ Social Engineering to Distribute New Banking Trojan (Dark Reading, Sep 04 2018)
CamuBot malware, which disguises itself as a required security module, is targeting business customers of major Brazilian banks.

VPN Firms Release New Patches for Privilege Escalation Flaw (SecurityWeek, Sep 10 2018)
Virtual private network (VPN) service providers ProtonVPN and NordVPN have made another attempt to patch a potentially serious privilege escalation vulnerability that they first tried to address a few months ago.

Automating in Security With Intelligence (SecurityWeek, Sep 04 2018)
Program A’s strategy is to ensure that any and all indicators of compromise (IoCs) that have ever been linked to phishing campaigns are fed to the security operations center (SOC) and blocked automatically. Program B’s strategy is to employ some automation—primarily by using spam filters and email encryption—and then augment these measures with comprehensive and ongoing anti-phishing education and awareness training for all employees. Which is better?

Thoughts on the Latest Apache Struts Vulnerability (Dark Reading, Sep 05 2018)
CVE-2018-11776 operates at a far deeper level within the code than all prior Struts vulnerabilities. This requires a greater understanding of the Struts code itself as well as the various libraries used by Struts.

PowerPool malware exploits ALPC LPE zero-day vulnerability (WeLiveSecurity, Sep 05 2018)
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure

Silence Group Quietly Emerges as New Threat to Banks (Dark Reading, Sep 05 2018)
The duo, who security vendor Group-IB is tracking as “Silence,” is known to have stolen at least $800,000 from banks in Russia, Ukraine, Belarus, Poland, Kazakhstan, and Azerbaijan over the past year.

Remotely exploitable flaw in Schneider Electric PLCs is a danger to OT networks (Help Net Security, Sep 06 2018)
A vulnerability in the Schneider Electric Modicon M221, a programmable logic controller (PLC) deployed in commercial industrial facilities worldwide, can be exploited to remotely disconnected the device from communicating in the ICS network.

German Researchers Spoof Certificate Authorities (Infosecurity Magazine, Sep 07 2018)
Researchers break certificate authorities’ domain validation

Google Launches Alert Center for G Suite (SecurityWeek, Sep 10 2018)
Google is making it easier for G Suite administrators to access notifications, alerts, and actions by bringing them all together in a single place with the launch of a new alert center.

Windows Kernel Exploit Privilege Escalation (Hacking Articles, Sep 10 2018)
“today we are demonstrating the Windows privilege escalation via Kernel exploitation methodologies. For this purpose, we will utilize an in-built Metasploit module known as Local Exploit Suggester. The objective of this suggester is to just identify what parts of a system can be exploitable and to give us an insight on the best matching possible exploits available ,which can be further utilized to elevate the privileges.”