A Review of the Best News of the Week on Cyber Threats & Defense
At Gathering of Spy Chiefs, U.S., Allies Agreed to Contain Huawei (WSJ, Dec 17 2018)
Spy chiefs from the West’s most powerful intelligence alliance agreed in a July meeting in Canada they needed to contain Huawei Technologies Co.
NHS Fax Ban Set to Improve Security from 2020 (Infosecurity Magazine, Dec 11 2018)
“Fax machines provide a large surface area for human error and consequently data breaches when used to transfer sensitive data, as they can’t offer assurance over how the data is picked up and used at the receiving end, or a safety net to allow for user error when dialing,” he explained. “When used to transfer confidential information, there is a significant risk of a data breach.”
Iranian Hackers Target Nuclear Experts, US Officials (Dark Reading, Dec 14 2018)
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.
DanaBot Trojan Expands Beyond Banking (Infosecurity Magazine, Dec 10 2018)
The DanaBot banking Trojan sends malicious spam emails to victim’s contacts.
Deception: Honey vs. Real Environments (Dark Reading, Dec 12 2018)
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Dr. Shifro’ Prescribes Fake Ransomware Cure (Dark Reading, Dec 10 2018)
A Russian firm aims to capitalize on ransomware victims’ desperation by offering to unlock files then passing money to attackers.
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks (Dark Reading, Dec 11 2018)
But it still takes an average of 85 days to spot one, the security firm’s incident response investigations found.
Highly Active’ Seedworm Group Hits IT Services, Governments (Dark Reading, Dec 10 2018)
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
Highly Active MuddyWater Hackers Hit 30 Organizations in 2 Months (SecurityWeek, Dec 10 2018)
The cyberespionage group referred to as MuddyWater has hit over 130 victims in 30 organizations from late September to mid-November, Symantec security researchers said in a report published Monday.
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers (Dark Reading, Dec 11 2018)
Goal is to steal banking credentials by redirecting users to phishing sites.
New Variant of Shamoon Malware Uploaded to VirusTotal (SecurityWeek, Dec 12 2018)
A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet.
Hacking democracy efforts continue with upticks in malware deployments (Help Net Security, Dec 13 2018)
The US ranked No. 1 for both hosting of phishing sites (65%) and country of origin (36%)
Lax Controls Leave Fortune 500 Overexposed On the Net (Dark Reading, Dec 17 2018)
This simple-to-spot oversights suggest that companies do not have adequate control over what systems are connected to the public network…
Vulnerabilities in high-performance computer chips could lead to failures in modern electronics (Help Net Security, Dec 17 2018)
A Washington State University research team has uncovered significant and previously unknown vulnerabilities in high-performance computer chips that could lead to failures in modern electronics.
Cybercrime gangs continue to innovate to hide their crimes (Help Net Security, Dec 17 2018)
The researchers at APWG member PhishLabs have observed that half of all phishing sites now use SSL encryption, which can fool users into thinking that a site is safe to use, for example, by virtue of the green lock symbol that appears in the browser address bar when SSL encryption is enabled.