A Review of the Best News of the Week on Cyber Threats & Defense

The Pentagon is Publishing Foreign Nation-State Malware (Schneier on Security, Nov 09 2018)
The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that’s used by security pros and antivirus/malware detection engines to gain a better understanding of the threat landscape.

Most IT Security Pros Underestimate Phishing Risks (Infosecurity Magazine, Nov 08 2018)
Targeted phishing attacks have expanded into ads as well as coming in through search results, pop-ups, social media, IM and chat applications, rogue browser extensions and apps.

Bug Bounty Hunter Ran ISP Doxing Service (Krebs on Security, Nov 09 2018)
“A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned.”


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Pakistan Banks Not Breached, but Probably Skimmed (Infosecurity Magazine, Nov 08 2018)
Mohammad Shoaib, head of the Federal Investigation Agency’s cyber-crime unit, apparently told two TV stations that “almost all” banks had been hacked, with a “large amount of money” stolen.

A DJI Bug Exposed Drone Photos and User Data (Wired, Nov 08 2018)
Researchers found that they could compromise DJI’s single sign-on tokens, similar to the issue behind Facebook’s massive breach this September.

When your Instagram account has been hacked, how do you get it back? (Graham Cluley, Nov 08 2018)
A travel blogger, with more than 100,000 followers on Instagram, has described how her account was wiped after she refused to hand over hundreds of dollars worth of Bitcoin to an extortionist.

Hackers stole income, immigration and tax data in Healthcare.gov breach, government confirms (TechCrunch, Nov 10 2018)
Hackers siphoned off thousands of Healthcare.gov applications by breaking into the accounts of brokers and agents tasked with helping customers sign up for healthcare plans.

Self-encrypting SSDs vulnerable to encryption bypass attacks (Help Net Security, Nov 06 2018)
Researchers have discovered security holes in the hardware encryption implementation of several solid state disks (SSDs) manufactured by Crucial (owned by Micron) and Samsung, which could allow attackers to bypass the disk encryption feature and access the data on them without having to know the user’s password.

New Side-Channel Attacks Target Graphics Processing Units (Dark Reading, Nov 07 2018)
A trio of new attacks bypass CPUs to wring data from vulnerable GPUs.

Flaw Leads to RCE in WordPress Plugins, WooCommerce (Infosecurity Magazine, Nov 07 2018)
“Affected were over 4 million WooCommerce shops. No other requirements other than an attacker being in control of an account with the user role shop manager were required,” researchers wrote. “Such access could be obtained via XSS vulnerabilities or phishing attacks. Once the vulnerability described here is exploited, the shop manager can take over any administrator account and then execute code on the server.”

Banking Malware Takes Aim at Brazilians (Dark Reading, Nov 08 2018)
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.

“Inception Attackers” Combine Old Exploit and New Backdoor (SecurityWeek, Nov 09 2018)
A malicious group known as the “Inception” attackers has been using a year-old Office exploit and a new backdoor in recent attacks

What You Should Know About Grayware (and What to Do About It) (Dark Reading, Nov 09 2018)
Everyone has seen them: applications that come on many new systems offering services with unfamiliar names, or apps that have familiar names but are offered on sites that aren’t from their publishers. They’re grayware – or “potentially unwanted applications” – and they’re an ongoing issue for computer security.

WannaCry Still Alive, Reaches Almost 75,000 Victims (Infosecurity Magazine, Nov 12 2018)
Ransomware is still the most widespread cryptor family

Stealthy Crypto-Mining Malware Evades Detection (Infosecurity Magazine, Nov 09 2018)
A coinminer goes undetected by using Windows Installer as an evasion technique, says Trend Micro.

Threat Actors Exploiting Red Team Tool JexBoss (Infosecurity Magazine, Nov 09 2018)
The NCCIC issued a CERT alert warning of vulnerabilities in the JBoss application server.

Hackers Exploit Flaw in GDPR Compliance Plugin for WordPress (SecurityWeek, Nov 12 2018)
A critical security flaw affecting a GDPR compliance plugin for WordPress has been exploited in the wild to take control of vulnerable websites, users have been warned.