A Review of the Best News of the Week on Cyber Threats & Defense

Hackers Breach Healthcare.gov (WSJ, Oct 22 2018)
The Affordable Care Act’s federal exchange system for insurance was breached and about 75,000 consumer files compromised, the Trump administration said Friday.

Serious SSH bug lets crooks log in just by asking nicely… (Naked Security – Sophos, Oct 17 2018)
A serious bug in libssh could allow crooks to connect to your server – with no password requested or required. Here’s what you need to know.

Facebook Finds Hack Was Done by Spammers, Not Foreign State (WSJ, Oct 22 2018)
The company believes the hackers who accessed 30 million accounts masqueraded as a digital marketing firm and were driven by greed, not ideology.

MITRE ATT&CKcon is Tomorrow!
Sign up to receive the YouTube links to watch all the action LIVE from MITRE ATT&CKcon on October 23-24, as they share best practices for using ATT&CK to demystify the complexity that cyber attackers hide behind. Watch Live Stream on Oct. 23rd and Oct. 24th at 8:55 a.m. EST.

GreyEnergy: Updated arsenal of one of the most dangerous threat actors (WeLiveSecurity, Oct 17 2018)
ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks

The Mysterious Return of Years-Old APT1 Malware (Wired, Oct 18 2018)
Security researchers have discovered a new instance code associated with APT1, a notorious Chinese hacking group that disappeared in 2013.

Government Perspective on Supply Chain Security (Schneier on Security, Oct 18 2018)
“This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now.”

Google Patch to Block Spectre Slowdown in Windows 10 (Dark Reading, Oct 19 2018)
Microsoft will incorporate Google’s Retpoline patch to prevent Spectre Variant 2 from slowing down its operating system.

FBI Investigates Attack on Critical Water Utility (Infosecurity Magazine, Oct 17 2018)
North Carolina-based Onslow Water and Sewer Authority (ONWASA) suffers ransomware attack while recovering from hurricane damage.

Apache Access Vulnerability Could Affect Thousands of Applications (Dark Reading, Oct 18 2018)
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.

Vulnerable controllers could allow attackers to manipulate marine diesel engines (Help Net Security, Oct 18 2018)
Researchers have found several authentication and encryption vulnerabilities in the firmware of marine diesel engine controllers by Norwegian company Auto-Maskin, as well as the accompanying Android app.

Secret Comment Crew Code Spotted in New Attack (Infosecurity Magazine, Oct 19 2018)
Operation Oceansalt could be false flag attempt, says McAfee

Royal Navy’s Biggest Warship, HMS Queen Elizabeth, In New York To Sink Cybersecurity Threats (Forbes, Oct 22 2018)
At 939 feet (284 meters) in length, the HMS Queen Elizabeth is longer than the Houses of Parliament and the Royal Navy’s biggest warship; and it was built with cybersecurity firmly in mind.

Tracking Tick Through Recent Campaigns Targeting East Asia (Cisco Talos, Oct 22 2018)
Since 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight and Bronze Butler.