A Review of the Best News of the Week on Cyber Threats & Defense

Marriott Sheds New Light on Massive Breach (Dark Reading, Jan 04 2019)
New information on the Starwood breach shows that the overall breach was somewhat smaller than originally announced, but the news for passport holders is worse.

Researchers Fool ReCAPTCHA With Google’s Own Speech-To-Text Service (Motherboard, Jan 04 2019)
The new method has a 90 percent success rate at tricking the robot into thinking it’s human.

One of the West’s biggest cybersecurity vulnerabilities is our idiotic habit of sending servers full of sensitive information to foreign countries (Business Insider, Jan 06 2019)
Western companies routinely sell their old tech hardware to private companies in foreign countries, without wiping the sensitive data on them first.


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Threat of a Remote Cyberattack on Today’s Aircraft Is Real (Dark Reading, Jan 07 2019)
We need more stringent controls and government action to prevent a catastrophic disaster.

CERT/CC Details Critical Flaws in Microsoft Windows, Server (Dark Reading, Jan 04 2019)
The vulnerabilities could be remotely exploited and give attackers control over affected systems.

First-Ever UEFI Rootkit Tied To Sednit APT (Slashdot, Jan 01 2019)
Researchers hunting cyber-espionage group Sednit (an APT also known as Sofacy, Fancy Bear and APT28) say they have discovered the first-ever instance of a rootkit targeting the Windows Unified Extensible Firmware Interface (UEFI) in successful attacks.

Redefining Critical Infrastructure for the Age of Disinformation (Dark Reading, Jan 03 2019)
As a particularly concerning example, privacy rules have taken a large bite out of the data available through the domain Whois services, making domain ownership largely opaque to investigators. This is significant, because analysis of infrastructure through a combination of DNS and registration data has been a mainstay of threat intelligence operations for years.

Report: Hackers hijacking old Twitter accounts to post pro-ISIS content (SC Magazine, Jan 02 2019)
Hackers supporting ISIS have recently been spreading terrorist propaganda on social media by hijacking old, largely abandoned Twitter accounts that were never confirmed via email by their rightful owners, TechCrunch reported on Wednesday. Generally, the impacted accounts were inactive for long periods of time before they were taken over.

New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit (SecurityWeek, Jan 03 2019)
A new version of the NRSMiner is actively spreading in the southern region of Asia. The majority of detections (54%) have been found in Vietnam, followed by Iran (16%) and Malaysia (12%).

Inside PolySwarm’s Decentralized Threat Intelligence Marketplace (SecurityWeek, Jan 02 2019)
PolySwarm seeks to provide an additional and alternative approach by creating a decentralized open market for suspicious file intelligence, bringing together the mainstream existing anti-malware vendors, worldwide small companies and independent experts, and financial incentive rewards, under blockchain and smart contracts built on the Ethereum platform. The rewards come via PolySwarm’s own cryptocurrency, Nectar (NCT).

Emotet Malware Gets More Aggressive (Dark Reading, Jan 03 2019)
Emotet’s operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.

Cybercriminals Hide Malware Commands in Malicious Memes (Infosec Island, Jan 03 2019)
Trend Micro security researchers have discovered a new piece of malware that receives commands via malicious memes its operators published on Twitter.

Multiple privilege escalation vulnerabilities in CleanMyMacX (SC Magazine, Jan 03 2019)
Several privilege escalation vulnerabilities were found in MacPaw’s CleanMyMac X software, all of which will allow an attacker with local access to the victim’s machine to modify the file system as root.

Serious DoS Flaw Impacts Several Yokogawa Products (SecurityWeek, Jan 04 2019)
A serious denial-of-service (DoS) vulnerability impacts several industrial automation products from Japanese electrical engineering and software company Yokogawa Electric.

New Attack Against Electrum Bitcoin Wallets (Schneier on Security, Jan 07 2019)
This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).User clicks the…

NSA to Release Reverse Engineering Tool for Free Public Use (SecurityWeek, Jan 07 2019)
The United States National Security Agency (NSA) plans to make a reverse engineering tool that it has developed available for free public use in the coming months.