A Review of the Best News of the Week on Cyber Threats & Defense

Facebook Security Bug Affects 90M Users (Krebs on Security, Sep 28 2018)
“Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles.”

How 50 Million Facebook Users Were Hacked (Motherboard, Sep 28 2018)
Facebook revealed more details about how hackers exploited three distinct bugs to get the ability to control up to 50 million users’ accounts.

Russian Cyberspies Use UEFI Rootkit in Attacks (SecurityWeek, Sep 27 2018)
Russian cyber-espionage group Fancy Bear is the first threat actor to have used a Unified Extensible Firmware Interface (UEFI) rootkit in a malicious campaign.


Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.


Alphabet’s Chronicle Releases VirusTotal Enterprise (Dark Reading, Sep 27 2018)
Chronicle, the cybersecurity business under Alphabet, releases a major update to VirusTotal geared toward corporate threat hunters.

Voting Machines Are Still Absurdly At Risk (Wired, Sep 28 2018)
A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use.

Python-based attack tools are the most common vector for launching exploit attempts (Help Net Security, Oct 01 2018)
Hackers have an obvious predilection for Python-based attack tools, says Imperva.

Finally, a fix for the encrypted web’s Achilles’ heel (Naked Security – Sophos, Sep 26 2018)
Everyone knew that SNI needed to be fixed sooner or later, but nobody was quite sure how. SNI is a bit of unencrypted data that contains the name of the website you’re visiting. It’s sent by the browser when you view websites securely and, ironically, this unencrypted tidbit of data has played a crucial part in making encryption the exception rather than the rule on the web.

Apple DEP vulnerability lets attackers access orgs’ resources, info (Help Net Security, Sep 27 2018)
An authentication weakness in Apple’s ​Device Enrollment Program​ (DEP) may allow attackers to enroll any device into an organization’s Mobile Device Management server and, consequently, to obtain privileged access to the private resources of an organization or even full VPN access to internal systems.

FBI IC3 Warns of RDP Vulnerability (Dark Reading, Sep 28 2018)
Government agencies remind users that RDP can be used for malicious purposes by criminal actors.

Fault-Tolerant Method Use for Security Purposes in New Framework (Dark Reading, Sep 24 2018)
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.

What Exactly is Threat Hunting – and Why Does it Matter? (Infosec Island, Sep 24 2018)
So, according to this person, searching for IoCs is not hunting; searching for things that are sometimes indicative of malicious activity but will require you to sift through benign traffic is.

New Adwind Campaign Targets Linux, Windows, and macOS (SecurityWeek, Sep 24 2018)
The campaign started on August 26 and mainly targeted users in Turkey, with 75% of the observed requests made from that country. Some of the victims were located in Germany, likely members of the Turkish community there. The spam emails carrying malicious documents were written in Turkish.

Crowdfense launches Vulnerability Research Hub for top security researchers (Help Net Security, Sep 26 2018)
Crowdfense opened their process-oriented platform to a wider audience of researchers and brokers interested in trading 0day cyber capabilities, which can be both within the scope of Crowdfense public Bug Bounty Program or freely proposed (for a specific set of key targets).

Cryptocurrency mining malware increases 86% (Help Net Security, Sep 26 2018)
McAfee Labs Threats Report September 2018, examining the growth and trends of new cyber threats in Q2 2018.

Mmm… Pi-hole… (Troy Hunt, Sep 26 2018)
Pi-hole is a little DNS server you run on a Raspberry Pi in your local network then point your router at such that every device in your home resolves DNS through the service. It then blacklists about 130k domains used for nasty stuff such that when any client on your network (PC, phone, smart TV) requests sleazy-ad-domain.com, the name just simply doesn’t resolve.

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks (Krebs on Security, Sep 27 2018)
“The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.”

Weak Passwords Abused for ‘FruitFly’ Mac Malware Distribution (SecurityWeek, Oct 01 2018)
FruitFly, a piece of Mac malware that infected thousands of machines over the course of more than 13 years, was being distributed via poorly protected external services.

Vulnerabilities in PureVPN Client Leak User Credentials (SecurityWeek, Sep 28 2018)
The PureVPN client for Windows is impacted by two vulnerabilities that result in user credential leak, a Trustwave security researcher has discovered.