A Review of the Best News of the Week on Cyber Threats & Defense

APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign (Dark Reading, Dec 21 2018)
US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish?

Certifiably Gone Phishing (rud.is, Dec 23 2018)
One popular community tool/resource in this pursuit is PhishTank which is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge. While the PhishTank API is useful for real-time anti-phishing operations the data is also useful for security researchers as we work to understand the ebb, flow and evolution of these attacks.

Someone is trying to take entire countries offline and cybersecurity experts say ‘it’s a matter of time because it’s really easy’ (Business Insider, Dec 23 2018)
The West’s biggest security weakness is in the old electronics and sensors that control processes in infrastructure and industry.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Memes on Twitter Used to Communicate With Malware (Dark Reading, Dec 18 2018)
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.

Microsoft Issues Emergency Fix for IE Zero Day (Krebs on Security, Dec 19 2018)
Microsoft released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Caribou Coffee Card Breach Hits 265 Stores (Infosecurity Magazine, Dec 21 2018)
US chain the latest to suffer POS malware infection

Disk-Wiping ‘Shamoon’ Malware Resurfaces With File-Erasing Malware in Tow (Dark Reading, Dec 17 2018)
As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says.

Cobalt Group Uses New Version of ThreadKit Malware (Infosecurity Magazine, Dec 17 2018)
Activity of APT group declined in March but appears to have returned with a new version of malware.

Logitech flaw fixed after Project Zero disclosure (Naked Security – Sophos, Dec 18 2018)
The flaw offered attackers a way of executing keystroke injection to take control of a Windows PC running Logitech Options.

The Iran Hacks Cybersecurity Experts Feared May Be Here (Wired, Dec 18 2018)
An uptick in potentially Iran-related hacking since the nuclear deal collapsed spells trouble for the US and allies.

Serious Flaws Found in ABB Safety PLC Gateways (SecurityWeek, Dec 18 2018)
Researchers discovered that some gateways made by Swiss industrial tech company ABB are affected by potentially serious vulnerabilities, but firmware updates will not be made available by the vendor as the impacted products have reached end of life.

Trend Micro Finds Major Flaws in HolaVPN (Dark Reading, Dec 18 2018)
A popular free VPN is found to have a very high cost for users.

Cryptographic Erasure: Moving Beyond Hard Drive Destruction (Dark Reading, Dec 18 2018)
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.

Cryptocurrency craze drives coinmining malware surge (Help Net Security, Dec 19 2018)
The cryptocurrency craze of 2018 helped drive a 1,500 percent increase in coinmining malware when compared to 2017The cryptocurrency craze of 2018 helped drive a 1,500 percent increase in coinmining malware when compared to 2017.

After SamSam, Ryuk shows targeted ransomware is still evolving (Naked Security – Sophos, Dec 18 2018)
Devastating, targeted ransomware attacks didn’t start with SamSam and they didn’t end with it either.

Serious Security: When cryptographic certificates attack (Naked Security – Sophos, Dec 19 2018)
Machine learning is all the rage – but don’t knock human savvy just yet! One weird character can be enough to alert a smart researcher…

Servers Can Be Bricked Remotely via BMC Attack (SecurityWeek, Dec 19 2018)
Hackers could remotely brick servers by launching firmware attacks that involve the Baseboard Management Controller (BMC), researchers at firmware security company Eclypsium have demonstrated.

Popular Banking Trojans Share Loaders (SecurityWeek, Dec 19 2018)
Several well-known banking Trojans that have been around for several years have shared loaders, Trend Micro security researchers have discovered. 

Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed (Dark Reading, Dec 21 2018)
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.

Drones shut down major international airport (Naked Security – Sophos, Dec 20 2018)
A drone operator has repeatedly flown two (UAVs close to the runway, grounding flights at the airport since last night.