A Review of the Best News of the Week on Cyber Threats & Defense
Credit Freezes are Free: Let the Ice Age Begin (Krebs on Security, Sep 21 2018)
“It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.”
New Xbash Malware a Cocktail of Malicious Functions (Dark Reading, Sep 17 2018)
The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer (Schneier on Security, Sep 20 2018)
This particular vulnerability is particularly interesting because it’s the result of a security mistake in the design process. Someone didn’t think the security through, and the result is a voter-verifiable paper audit trail that doesn’t provide the security it promises.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Western Digital goes quiet on unpatched MyCloud flaw (Naked Security – Sophos, Sep 20 2018)
Western Digital has failed to patch a serious security vulnerability in its MyCloud NAS drives that it was told about more than a year ago, researchers have alleged.
Cloudflare Launches Security Service for Tor Users (SecurityWeek, Sep 21 2018)
Cloudflare on Thursday announced a new service to provide Tor users with improved security and performance, while also aiming at reducing malicious network traffic.
ZDI Shares Details of Microsoft JET Database Zero-Day (SecurityWeek, Sep 21 2018)
Trend Micro’s Zero Day Initiative (ZDI) on Thursday made public details on a vulnerability impacting the Microsoft JET Database Engine, although a patch isn’t yet available for it.
RDP Ports Prove Hot Commodities on the Dark Web (Dark Reading, Sep 17 2018)
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
Hackers Say Windows 8 and 10 Easiest Entry Points (Infosecurity Magazine, Sep 18 2018)
A Black Hat survey finds 50 percent of hackers enter IT systems via Windows 8 and 10.
Cloudflare Embraces Google Roughtime, Giving Internet Security a Boost (Wired, Sep 21 2018)
Syncing clocks online is vital to web security.
Ransomware Takes Down Airport’s Flight Information Screens (Dark Reading, Sep 17 2018)
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
FBI Warns Parents of Edtech Security Risk (Infosecurity Magazine, Sep 18 2018)
Data-collection tools could be a target for hackers
The Top 5 Security Threats & Mitigations for Industrial Networks (Dark Reading, Sep 18 2018)
…the five most common threats to ICS networks and how to reduce the risk associated with them.
Intel releases firmware update for ME flaw (Naked Security – Sophos, Sep 18 2018)
It’s only September and yet 2018 is well on its way to being remembered as the year of fixing flaws we didn’t realise were possible in hardware we’d never heard of.
Manipulation tactics that you fall for in phishing attacks (Help Net Security, Sep 20 2018)
1. An urgent deadline, 2. Intimidation, and 3. Flattery and politeness
Think Like An Attacker: How a Red Team Operates (Dark Reading, Sep 20 2018)
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Scan4Yyou’ Operator Gets 14-Year Sentence (Dark Reading, Sep 24 2018)
A citizen of the former USSR is sentenced to 168 months for running Scan4you, an online counter antivirus service.