A Review of the Best News of the Week on Cyber Threats & Defense

Who’s In Your Online Shopping Cart? (Krebs on Security, Nov 04 2018)
“Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own domain.”

The CIA’s communications suffered a catastrophic compromise. It started in Iran. (Yahoo, Nov 02 2018)
A new take on an older story: From around 2009 to 2013, the U.S. intelligence community experienced crippling intelligence failures related to the secret internet-based communications system, a key means for remote messaging between CIA officers and their sources.

Georgia Secretary of State Brian Kemp Accuses Georgia Democrats of Hacking (Wired, Nov 04 2018)
While anything is possible, Kemp’s claims seem unlikely on their face, especially when you parse what little information his team has provided.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Brain Freeze: Researchers Warn Hackers Could Target Our Minds (Infosecurity Magazine, Oct 31 2018)
Kaspersky Lab and Oxford University take their cue from Black Mirror

Apple’s T2 Security Chip Makes It Harder to Tap MacBook Mics (Wired, Oct 30 2018)
By cutting off the microphone at the hardware level, recent MacBook devices minimize the chance that someone can eavesdrop

USB threat vector trends and implications for industrial operators (Help Net Security, Nov 02 2018)
In an attempt to make industrial control systems less accessible to attackers, industrial players are limiting network access and increasingly using USB media devices to transfer patches, updates and files to those systems. But that choice is not devoid of all risk.

Netflix releases desktop versions of device security app Stethoscope (Help Net Security, Nov 05 2018)
The app still checks for all that and a few other things (e.g., whether remote login is enabled or disabled), but Windows 10 and Mac OS users now have the option of installing a desktop app.

Xerosploit- A Man-In-The-Middle Attack Framework (Hacking Articles, Oct 30 2018)
This article is on Xerosploit which provides advanced MITM attack on your local network to sniff packets, steal password etc.

Russian Held as Agent Studied US Groups’ Cyberdefenses (SecurityWeek, Oct 29 2018)
Butina’s college assignment called for her to gather information on the cyberdefenses of U.S. nonprofit organizations that champion media freedom and human rights, The Associated Press has learned. It was information that could help the groups plug important vulnerabilities, but also would be of interest to the Russian government.

Kraken Resurfaces From the Deep Web (Dark Reading, Oct 30 2018)
Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool.

Bluetooth Chip Flaws Expose Enterprises to Remote Attacks (SecurityWeek, Nov 01 2018)
Millions of access points and other networking devices used by enterprises around the world may be exposed to remote attacks due to a couple of vulnerabilities discovered by researchers in Bluetooth Low Energy (BLE) chips made by Texas Instruments.

Cisco Warns of Zero-Day Vulnerability in Security Appliances (SecurityWeek, Nov 01 2018)
The zero-day flaw, tracked as CVE-2018-15454, is related to the Session Initiation Protocol (SIP) inspection engine used in the company’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.

Microsoft, Amazon Top BEC’s Favorite Brands (Dark Reading, Nov 01 2018)
When attackers want to impersonate a brand via email, the majority turn to Microsoft and Amazon because of their ubiquity in enterprise environments.

New techniques expose your browsing history to attackers (Help Net Security, Nov 02 2018)
Security researchers at UC San Diego and Stanford have discovered four new ways to expose Internet users’ browsing histories. These techniques could be used by hackers to learn which websites users have visited as they surf the web.

What is WPA3? Wi-Fi security protocol strengthens connections (Network World Security, Nov 02 2018)
The Wi-Fi Alliance has introduced the first major security improvement to Wi-Fi in about 14 years: WPA3. The most significant additions to the new security protocol are greater protection for simple passwords, individualized encryption for personal and open networks, and even more secure encryption for enterprise networks.

Cybersecurity and Class M Planets (TaoSecurity, Nov 02 2018)
For example, a “class M” network might be an enterprise organization with endpoints, servers, and infrastructure, of a certain size. Or perhaps M1 might be “small,” M2 “medium,” and M3 “large,” where each is associated with a user count.

Analysis of North Korea’s Internet Traffic Shows a Nation Run Like a Criminal Syndicate (SecurityWeek, Nov 02 2018)
Recorded Future has published a series of analyses on North Korea’s most senior leadership’s use of the internet. As the last report of the series, it demonstrates how adaptable this leadership has become in both using and monetizing its use of the internet.

Stuxnet Returns, Striking Iran with New Variant (Infosecurity Magazine, Nov 02 2018)
Iran’s critical infrastructure and strategic networks were attacked by a next generation of Stuxnet.

PortSmash attack steals secrets from Intel chips on the side (Naked Security – Sophos, Nov 05 2018)
Researchers have developed an exploit that uses a feature in Intel chips to steal secret cryptographic keys.

A Primer on DNS and Security (PerezBox, Nov 04 2018)
This post will explain what DNS is and highlight some of it’s key security considerations.