A Review of the Best News of the Week on Cyber Threats & Defense

The new ways we could get hacked (and defended) in 2019 (Fast Company, Jan 07 2019)
The new ways we could get hacked (and defended) in 2019  Fast CompanyExperts from the NSA and Darktrace discuss AI, invisible security, and why you really need to change your passwords.

US Shutdown Plays into Hackers’ Hands (Infosecurity Magazine, Jan 11 2019)
Expired web certificates expose users to man-in-the-middle attacks

Security Vulnerabilities in Cell Phone Systems (Schneier on Security, Jan 10 2019)
“Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks.”


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Why Internet Security Is So Bad (Schneier on Security, Jan 14 2019)
“I recently read two different essays that make the point that while Internet security is terrible, it really doesn’t affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency will make computer security a matter of life and death, and not just a matter of data.”

Stronger DNS Security Stymies Would-Be Criminals (Dark Reading, Jan 07 2019)
2018 saw a reduced number of huge DNS-facilitated DDoS attacks. Vendors and service providers believe that malicious impact will drop with continued technology improvements.

DNS Hijacking Campaign Targets Organizations Globally (Dark Reading, Jan 10 2019)
A group believed to be operating out of Iran has manipulated DNS records belonging to dozens of firms in an apparent cyber espionage campaign, FireEye says.

A Worldwide Hacking Spree Uses DNS Trickery to Nab Data (Wired, Jan 11 2019)
Security researchers suspect that Iran has spent the last two years pilfering data from telecoms, governments, and more.

Universities Beware! The Biggest Security Threats Come from Within the Network (Infosec Island, Jan 08 2019)
While the latest technology streamlines processes and makes the learning experience more efficient, higher education institutions’ networks have not kept up with technology and cyber security requirements.

How ASLR protects Linux systems from buffer overflow attacks (Network World Security, Jan 08 2019)
Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable, thus flaws or vulnerabilities associated with these processes will be more difficult to exploit.

Researchers discover hardware-agnostic side-channel attack that exploits OS page cache (SC Magazine, Jan 08 2019)
Researchers from a combination of academic and corporate backgrounds have disclosed a newly discovered side-channel attack technique that targets the operating system page cache and affects devices regardless of hardware architecture or OS. “The page cache is a pure software cache that contains all disk-backed pages, including program binaries, shared libraries,and other files…

NCSC Launches Nation-State Cyber Threat Protection Program for Businesses (Dark Reading, Jan 09 2019)
National Counterintelligence and Security Center (NCSC) released free online security awareness materials for businesses to defend against nation-state hackers.

Understanding how data becomes intelligence is central for any successful security program (Help Net Security, Jan 10 2019)
To properly utilize threat intelligence an organization must have a clear vision of what it seeks to achieve by introducing it into its security program. Without it, a threat intelligence program can become an expensive drain on resources and deliver little or no real value.

Deception for proactive defense (Help Net Security, Jan 10 2019)
The deception can be viewed as reactive, because it prompts behavior for monitoring, but it can also be viewed as proactive, because it diverts breach activity away from production resources. In addition, good deception allows security teams to be alerted quickly when policy violations are detected.

IcePick-3PC Malware Strain Steals Device IPs (Infosecurity Magazine, Jan 09 2019)
More than 100 businesses were impacted by a malware strain targeting Android devices, says The Media Trust.

BSIA Publishes Guidelines to Reduce Exposure to Digital Sabotage (Infosecurity Magazine, Jan 14 2019)
Guidelines will assist the supply chain in their duty of care to other network users

Third-Party Breach Exposed 31K Patient Records (Infosecurity Magazine, Jan 11 2019)
Managed Health Services of Indiana Health Plan announced two security incidents.

TEMP.MixMaster group infects with Tickbot and delayed Ryuk ransomware combo (SC Magazine, Jan 11 2019)
Financially motivated threat actors,referred to as TEMP.MixMaster, are infecting victims with Trickbot malware before deploying the infamous Ryuk ransomware and so far have managed to make off with a reported $3.7 million worth of Bitcoin.

Unpatched Flaws in Building Access System Allow Hackers to Create Fake Badges (SecurityWeek, Jan 14 2019)
Researchers discovered that a popular building access control system made by IDenticard contains vulnerabilities that can be exploited to create fake badges, disable door locks, and obtain or modify user data.