A Review of the Best News of the Week on Cyber Threats & Defense

Malware may have thwarted printing of Southern California newspapers (NBC News, Dec 30 2018)
“Some customers may not have received their paper,” the Los Angeles Times said in a statement.

Siren bot uses 10 methods to send DoS attacks (SC Media, Dec 28 2018)
Zscaler ThreatLabZ researchers identified a new DoS bot family named Siren that uses 10 different DoS methods to carry out attacks. The bot is capable of carrying out HTTP, HTTPS, and UDP flooding on any web server location as instructed by the command-and-control (C&C) server, according to a Dec. 21 blog post.

Leaked Documents Show How Instagram Polices Stories (Motherboard, Dec 31 2018)
Motherboard has obtained internal documents that show how Instagram moderators grapple to police the service’s popular Stories feature.


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Idaho Lab Protects US Infrastructure From Cyber Attacks (SecurityWeek, Dec 26 2018)
It’s called the “Dark Side” because the 50 workers there prefer to keep the lights low so they can dim the brightness on their computer screens.

Vulnerabilities in WibuKey Could Lead to Code Execution (SecurityWeek, Dec 24 2018)
Vulnerabilities in the WibuKey Digital Rights Management (DRM) solution could be leveraged to disclose information, elevate privileges, or even execute code on affected systems. 

Cryptojacking Took Over the Internet in 2018 (Wired, Dec 24 2018)
Move over, ransomware. Cryptojacking is officially the scourge of the internet.

IBM Kernel-Based Vulnerability Discovered (Infosecurity Magazine, Dec 21 2018)
No patch for a vulnerability found in a driver bundled with IBM Trusteer Rapport for MacOS, says Trustwave.

Cisco patches a critical patch on its software-license manager (Network World Security, Dec 21 2018)
CIsco has issued a critical patch of a patch for a Cisco Prime License Manager SQL fix.

Electrum wallet phishing and malware attacks net more than $750,000 in Bitcoin (SC Media, Dec 28 2018)
A clever phishing attack targeting Electrum Bitcoin wallets has resulted in the theft of more than $750,000 worth of cryptocurrency at the time of writing.