A Review of the Best News of the Week on Cyber Threats & Defense

OWASP: What Are the Top 10 Threats and Why Does It Matter? (Infosec Island, Jan 30 2019)
Since the founding of the Open Web Application Security Project (OWASP) in 2001, it has become a leading resource for online security best practices.

Privilege escalation vulnerability uncovered in Microsoft Exchange (Naked Security – Sophos, Jan 30 2019)
A researcher has discovered an alarming way that an attacker controlling a Microsoft Exchange mailbox account could potentially elevate their privileges to become a Domain Administrator.

DARPA explores new computer architectures to fix security between systems (Network World Security, Jan 31 2019)
A completely new government-developed computer architecture could ultimately lead to widespread, commercial-oriented data-security fixes as information moves between systems.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

65 Fortune 100s Downloaded Flawed Apache Struts (Infosecurity Magazine, Jan 30 2019)
Between July and December 2018, two-thirds of the Fortune 100 companies downloaded the same vulnerable version of Apache Struts that was used in the infamous Equifax breach

Mac Malware Steals Browser Cookies, Sensitive Data (SecurityWeek, Jan 31 2019)
A recently discovered piece of Mac malware is targeting browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites, as well as personal user information.

Chrome’s hidden lookalike detection feature battles URL imposters (Naked Security – Sophos, Feb 04 2019)
Chrome now checks for misspellings of popular URLs and will display a link to the site that it thinks the user might have wanted to visit.

Credential-stuffing attack prompts Dailymotion password reset (Naked Security – Sophos, Jan 29 2019)
Dailymotion is resetting the account passwords of an unknown number of users after being hit by a “large-scale” credential stuffing attack.

Iran-Linked Hackers Use Array of Tools to Steal Data: FireEye (SecurityWeek, Jan 29 2019)
An Iran-linked cyber-espionage group responsible for widespread theft of data is using a broad range of custom and off-the-shelf tools

How my Instagram account got hacked (Naked Security – Sophos, Jan 28 2019)
After years of embarrassment, I’m finally ready to admit how and why my Instagram account got hacked.

GreyEnergy threat group linked to Zebrocy (SC Magazine, Jan 30 2019)
Kaspersky researchers have discovered overlap between the GreyEnergy threat group, considered the successor to  BlackEnergy, and the Sofacy subset Zebrocy. Researchers described GreyEnergy and BlackEnergy as an advanced threat group that possesses extensive knowledge on penetrating their victim´s networks and exploiting any available vulnerabilities.

Justice Dept. Alerting Victims of North Korean Botnet Infections (Dark Reading, Jan 30 2019)
US officials disrupt North Korea’s Joanap attack infrastructure.

Israel Seeks to Beat Election Cyber Bots (SecurityWeek, Feb 01 2019)
Amy Spiro is one of many Israeli journalists who recently received a direct message on her Twitter account linking to a sensational news story.

Employee Data Compromised in Airbus Breach (SecurityWeek, Jan 31 2019)
Aircraft maker Airbus on Wednesday revealed that information on some of its employees was compromised as a result of a data breach.

250 Webstresser Users to Face Legal Action (Krebs on Security, Feb 01 2019)
“More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency.”

Public-Interest Tech at the RSA Conference (Schneier on Security, Feb 01 2019)
“Public-interest technology isn’t one thing; it’s many things. And not everyone likes the term. Maybe it’s not the most accurate term for what different people do, but it’s the best umbrella term that covers everyone.”

Most Magento shops get compromised via vulnerable extensions (Help Net Security, Feb 01 2019)
Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot.

Trying DetectionLab (TaoSecurity, Jan 28 2019)
Many security professionals run personal labs. Trying to create an environment that includes fairly modern Windows systems can be a challenge. In the age of “infrastructure as code,” there should be a simpler way to deploy systems in a repeatable, virtualized way — right? Enter DetectionLab, a project by Chris Long. Briefly, Chris built a project that uses Packer and Vagrant to create an instrumented lab environment.

Fixing Virtualbox RDP Server with DetectionLab (TaoSecurity, Jan 29 2019)
I wonder if those Packer templates have anything to do with it, or if I am encountering a problem with Vagrant? I have seen many people experience similar issues, so I don’t know.