A Review of the Best News of the Week on Cyber Threats & Defense

A Deep Dive on the Recent Widespread DNS Hijacking Attacks (Krebs on Security, Feb 18 2019)
“The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.”

Forcing the Adversary to Pursue Insider Theft (TaoSecurity, Feb 09 2019)
We sought to make digital intrusions more expensive than physical intrusions. In other words, we wanted to make it easier for the adversary to accomplish his mission using insiders. We wanted to make it more difficult for the adversary to accomplish his mission using our network. In a cynical sense, this makes security someone else’s problem. Suddenly the physical security team is dealing with the worst of the worst! This is a win for everyone, however.

Winning Systems & Security Practitioners 7. Attack Surface Reduction (Nick Hutton’s Blog, Feb 17 2019)
“This post is about is about minimising your attack surface. In it I explain what this means and why it may be our best hope for reducing vulnerability in practice. Finally I’ll tell you what the world might look like if we took this winning system to its ultimate logical conclusion. “

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

What comes after air gaps? DARPA asks world for ideas (Naked Security – Sophos, Feb 11 2019)
According to DARPA, air gapping computers and data is a security idea that has run its course and urgently needs to be replaced.

USB Cable with Embedded Wi-Fi Controller (Schneier on Security, Feb 14 2019)
It’s only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer….

Security Pros Agree Military Should Conduct Offensive Hacking (Dark Reading, Feb 11 2019)
But it can’t operate in a bubble, a new Washington Post study indicates.

Malware Campaign Hides Ransomware in Super Mario Wrapper (Dark Reading, Feb 08 2019)
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.

What Is Credential Stuffing? (Wired, Feb 17 2019)
What happens to all those emails and passwords that get leaked? They’re frequently used to try to break into users’ other accounts across the internet.

Identifying, Understanding & Combating Insider Threats (Dark Reading, Feb 12 2019)
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?

New Zombie ‘POODLE’ Attack Bred From TLS Flaw (Dark Reading, Feb 08 2019)
Citrix issues update for encryption weakness dogging the popular security protocol.

SD-WAN creates new security challenges (Network World Security, Feb 08 2019)
Security is one of the top concerns of organizations deploying an SD-WAN. Fortinet’s John Maddison explains what the SD-WAN security challenges are and how to address them.

macOS Vulnerability Leaks Safari Data (SecurityWeek, Feb 12 2019)
A vulnerability in the latest macOS release could allow a malicious application to access restricted Safari data, an application developer has discovered. 

Researchers use Intel SGX to put malware beyond the reach of antivirus software (Ars Technica, Feb 12 2019)
Processor protects malware from attempts to inspect and analyze it.

Trickbot becomes one of the most dangerous pieces of modular malware hitting enterprises (Help Net Security, Feb 14 2019)
Like Emotet, Trickbot started as a pure banking Trojan but was slowly developed through the years and now has many more additional capabilities. It can:
– Achieve persistence (through scheduled tasks)
– Disable Microsoft’s built-in antivirus Windows Defender
– Gather email addresses and send out spam
– …more

That VPN may not be as secure as you think (Network World Security, Feb 13 2019)
Academics say they’ve discovered a whopping 13 programming errors in 61 separate VPN systems tested recently.

PoC hides malware in Intel SGX enclave (SC Magazine, Feb 14 2019)
Researchers developed a proof of concept attack which allows them to hide malware in Intel’s Software Guard eXtensions (SGX). Intel SGX is a feature found on all modern Intel CPUs that allows developers to isolate applications in secure “enclaves” and the attack allows researchers to hide undetectable malicious code from their security software within these enclaves, according to the proof of concept.

WordPress plugin Simple Social Buttons flaw allows complete site takeover (SC Magazine, Feb 13 2019)
A critical vulnerability in WordPress plugin Simple Social Buttons allows an attacker to completely takeover a website.

Windows App Caught Running on Mac, Installing Malware (SecurityWeek, Feb 13 2019)
A Windows application was recently observed packing the ability to run on Macs and download and install malware on the target systems.

Cisco Network Assurance Engine (NAE) contains password vulnerability (SC Magazine, Feb 14 2019)
A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server.

ICS/SCADA Attackers Up Their Game (Dark Reading, Feb 15 2019)
Some 72% of ICS vulnerability advisories in 2018 encompassed engineering workstation systems, human machine interfaces (HMIs), and industrial networking components, according to Dragos’ data.