A Review of the Best News of the Week on Cyber Threats & Defense

Have Network, Need Network Security Monitoring (TaoSecurity, Oct 25 2018)
We may be in a golden age of endpoint visibility, but closure of those platforms will end the endpoint’s viability as a source of security logging. So long as there are networks, we will need network security monitoring.

China’s Hacking of the Border Gateway Protocol (Schneier on Security, Oct 24 2018)
BGP hacking is how large intelligence agencies manipulate Internet routing to make certain traffic easier to intercept. The NSA calls it “network shaping” or “traffic shaping.”

British Airways: 185K Affected in Second Data Breach (Dark Reading, Oct 26 2018)
The carrier discovered another breach while investigating its largest-ever data breach, disclosed in September.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Paper and the Case for Going Low-Tech in the Voting Booth (Wired, Oct 23 2018)
When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source.

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming (Wired, Oct 25 2018)
Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice.

Linux Privilege Escalation via Automated Script (Hacking Articles, Oct 22 2018)
what comes under privilege escalation and how an attacker can identify that low-privileges shell can be escalated to higher-privileged shell.

Magecart Attackers Exploit Magento Zero-Days (Infosecurity Magazine, Oct 24 2018)
This Magecart group differs from some of the attackers we’ve seen before in that, rather than inject the malicious code directly into a target site payment page or third-party, it will insert a customized payment overlay.

Researchers Find Command Injection Flaw in Cisco WebEx (SecurityWeek, Oct 25 2018)
Cisco’s WebEx software is affected by a serious vulnerability that can be exploited to execute arbitrary commands with elevated privileges.

Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites (Dark Reading, Oct 25 2018)
The side-channel attack exploits the user-blocking function of a social media or other platform by taking advantage of its feature that requires certain Web pages to return specific Web content. If the victim is logged into the social media platform, the attacker can wage an attack on that user when he or she visits the attacker’s site. The attacker can surreptitiously communicate with the victim’s social media platform and steal personal information from his or her account.

Unpacking Motifs in Federal Government Security (The Duo Blog, Oct 17 2018)
Recently, a few interesting federal government security stories have popped up in the news…

Bots Targeting SSH Servers and Brute-Forcing Entry (Infosecurity Magazine, Oct 23 2018)
The family, dubbed Chalubo, has been used in attacks targeting internet-facing SSH servers on Linux-based systems, according to SophosLabs.

Another Windows 0-day flaw has been published on Twitter (Ars Technica, Oct 24 2018)
And on GitHub there’s a proof-of-concept that’ll render your system unbootable.

New Free Decryption Tool for GandCrab (Dark Reading, Oct 25 2018)
GandCrab is one of the more common forms of ransomware afflicting the Internet and now there’s a new tool for its victims that decrypts their files without their having to deal with cryptocurrencies and anonymous wallets.

Facebook stopped 8.7m nude images of children in 3 months (Naked Security – Sophos, Oct 26 2018)
Facebook blocked 8.7m images of child nudity and exploitative content in 3 months.

Mac Malware Injects Ads Into Encrypted Traffic (SecurityWeek, Oct 25 2018)
Detected as OSX.SearchAwesome, the malware is delivered through a malicious installer that arrives as a cracked app downloaded via a torrent file. The threat’s installer is a disk image file that lacks the usual decorations used to make it look legitimate.

Windows Defender can now run inside a sandbox (Help Net Security, Oct 29 2018)
Microsoft has made it possible for Windows Defender Antivirus to be run within a sandbox, a restrictive environment that separates the AV’s processes from those of the underlying Windows OS, thus limiting the actions of malware that can exploit the software’s flaws.

Girl Scouts Alerted to Possible Data Breach (Infosecurity Magazine, Oct 29 2018)
Thousands may have been affected in Orange County

Copy of Chinese Spy Chip Used in Security Training (Infosecurity Magazine, Oct 26 2018)
New infrastructure-security combat training offered by CYBERGYM encompasses advanced forensics analysis.

Researchers exploit Microsoft Word through embedded video (Naked Security – Sophos, Oct 29 2018)
A group of researchers has found a way to infect computers via Word documents without triggering a security warning.

‘DemonBot’ Botnet Targets Hadoop Servers (SecurityWeek, Oct 29 2018)
A newly discovered botnet is targeting Hadoop clusters in an attempt to leverage their computing power to launch distributed denial of service (DDoS) attacks.