A Review of the Best News of the Week on Cyber Threats & Defense

US and UK Governments Back Denial of Supermicro Story (Infosecurity Magazine, Oct 08 2018)
The United States and UK authorities have joined Amazon and Apple in contesting a blockbuster story last week that Chinese spies implanted tiny chips onto supply chain components used in the tech giants’ products.

What Businessweek got wrong about Apple (Apple Newsroom, Oct 06 2018)
Apple issued this statement: “The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found “malicious chips” in servers on its network in 2015. As Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims.”

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It? (Krebs on Security, Oct 05 2018)
“There aren’t any corroborating accounts of this scoop so far, but it is both fascinating and terrifying to look at why threats to the global technology supply chain can be so difficult to detect, verify and counter.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Inside the North Korean Hacking Operation Behind SWIFT Bank Attacks (Dark Reading, Oct 03 2018)
FireEye details how this money-stealing operation it now calls APT 38 has emerged in the past four years and how it operates.

Malware Has a New Way to Hide on Your Mac (Wired, Oct 03 2018)
By only checking a file’s code signature when you install it—and never again—macOS gives malware a chance to evade detection indefinitely.

It only takes one data point to blow open a threat investigation (Help Net Security, Oct 02 2018)
But then he forgets to switch IP addresses from one associated with another of his attacks to a new one. Now, he’s exposed himself to being caught. He slipped up. Simply seeing the same IP address associated with multiple forms of suspicious activity can help you identify a potential threat and act swiftly to block the infrastructure he was using to prevent him from hacking your assets.

Short, Brutal Lives’: Life Expectancy for Malicious Domains (Dark Reading, Oct 01 2018)
Using a cooling-off period for domain names can help catch those registered by known bad actors.

Cisco Talos discloses serious vulnerabilities in Foxit PDF Reader (Help Net Security, Oct 02 2018)
Cisco Talos researcher Aleksandar Nikolic has unearthed one of the critical vulnerabilities fixed in the latest Adobe Acrobat and Reader security updates. He is also the one that recently discovered 23 vulnerabilities in another popular PDF reader: Foxit.

Hackers demand ransom from hijacked Instagram influencers (Naked Security – Sophos, Oct 02 2018)
Hackers are taking over high-profile Instagram users’ accounts and holding them to ransom, revealed reports this week.

Malware Less Common in Q2, Still Top Attack Method (Infosecurity Magazine, Oct 02 2018)
Hackers target information and credentials more than financial reward, says Positive Technologies.

Researchers Link New NOKKI Malware to North Korean Actor (SecurityWeek, Oct 02 2018)
Dubbed NOKKI, the new malware family shows close resemblance and code overlaps with KONNI, a piece of malware long used in attacks targeting the Korean peninsula, and is likely the work of the same developer.

Terahertz Millimeter-Wave Scanners (Schneier on Security, Oct 03 2018)
Interesting article on terahertz millimeter-wave scanners and their uses to detect terrorist bombers.

APTs are targeting IT service providers (Help Net Security, Oct 04 2018)
Managed service providers (MSPs) and cloud service providers (CSPs) are under attack by advanced persistent threat (APT) groups, the U.S. Department of Homeland Security warns.

Betabot – An Example of Cheap Modern Malware Sophistication (SecurityWeek, Oct 03 2018)
The infection chain starts with social engineering designed to get users to download and open what appears to be an attached Word document. It exploits an 18-year-old vulnerability in the Equation Editor tool in Microsoft Office, that was patched in 2017 (CVE-2017-11882).