A Review of the Best News of the Week on Cyber Threats & Defense
China-linked APT10 Hackers Update Attack Techniques (SecurityWeek, Sep 14 2018)
As part of the new attacks, spear-phishing emails carrying malicious Word documents that attempt to deliver the UPPERCUT backdoor. Known in the security community as ANEL, the malware was apparently in pre-release form (beta or release candidate) until recently, FireEye’s security researchers say.
New modification of the old cold boot attack leaves most systems vulnerable (Ars Technica, Sep 13 2018)
Cold boot attacks, used to extract sensitive data such as encryption keys and passwords from system memory, have been given new blood by researchers from F-Secure. First documented in 2008, cold boot attacks depend on the ability of RAM to remember values even across system reboots. In response, systems were modified to wipe their memory early during the boot process—but F-Secure found that, in many PCs, tampering with the firmware settings can force the memory wipe to be skipped, once again making the cold boot attacks possible.
Microsoft Office Macros Still No. 1 Malware Delivery (Infosecurity Magazine, Sep 14 2018)
Phishing attacks remain successful by leveraging macros.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Multiple Ways to Bypass UAC using Metasploit (Hacking Articles, Sep 16 2018)
In other words it is a security feature of Windows which supports I preventing unauthorized modifications to the operating system UAC makes sure that the certain changes are made only with authorization from the administrator. If the changes are not permitted by the administrator, they are not executed, and Windows remains unchanged.
Abandoning a domain name can come back to bite you, research shows (WeLiveSecurity, Sep 11 2018)
A domain name once left behind can catch up with you – by giving fraudsters access to a treasure trove of sensitive information
Modular Malware Brings Stealthy Attacks to Former Soviet States (Dark Reading, Sep 12 2018)
A new malware technique is making phishing attacks harder to spot when they succeed.
Creators of Tools for Building Malicious Office Docs Ditch Old Exploits (Dark Reading, Sep 12 2018)
The development suggests that many of the exploits developers have been using in their malicious document “builders” have been patched, so they are quickly turning to new exploits instead, says Gabor Szappanos, principal malware researcher at Sophos.
Corelight Expands Network Security Platform With Virtual Edition (eWEEK, Sep 13 2018)
Corelight raises new funding to help grow its network security framework, which is based on the open-source Bro project.
Magecart compromises Feedify to get to hundreds of e-commerce sites (Help Net Security, Sep 13 2018)
Customer engagement service Feedify has been hit by Magecart attackers, who repeatedly modified a script that it serves to a few hundred websites to include payment card skimming code.
DDoS attack frequency grows 40%, low volume attacks dominate (Help Net Security, Sep 13 2018)
While frequency has increased, the duration of attacks decreased with 77% lasting ten minutes or less, of which 63% last five minutes or less. Perhaps more concerning is that, having faced one attack, one in five organisations will be targeted again within 24 hours.
Banking Trojan attacks increase, large scale Ramnit campaign impacts organizations worldwide (Help Net Security, Sep 12 2018)
Check Point revealed a significant increase in attacks using the Ramnit banking trojan. Ramnit has doubled its global impact over the past few months, driven by a large scale campaign that has been converting victim’s machines into malicious proxy servers.
It’s Time to Get Real about Complex, Emerging Threats (Infosec Island, Sep 12 2018)
Information security professionals are facing increasingly complex threats—some new, others familiar but evolving.
Open Banking to Close Gaps (Infosecurity Magazine, Sep 12 2018)
As UK banks open their data via secure APIs, third-party providers will be required to adopt security-oriented approaches to enhance the Open Banking initiative’s objective of closing any security gaps.
Address Bar Spoofing Flaw Found in Edge, Safari (SecurityWeek, Sep 12 2018)
A researcher has discovered an address bar spoofing vulnerability in the Microsoft Edge and Apple Safari web browsers, but a patch is currently only available for the former.
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities (Dark Reading, Sep 13 2018)
One year after Armis disclosed ‘BlueBorne,’ a large number of Android, Linux, and iOS devices remain unpatched.
The Increasingly Vulnerable Software Supply Chain (Dark Reading, Sep 13 2018)
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes (Help Net Security, Sep 14 2018)
A group of researchers from Queen’s University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable fakes that attackers are forced either to exfiltrate them all or to try to find the real one from within the system. Of course, both actions carry an increased risk of detection.
EternalBlue Infections Persist (Dark Reading, Sep 14 2018)
Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.