A Review of the Best News of the Week on Cyber Threats & Defense

Crypto Mining Service Coinhive to Call it Quits (Krebs on Security, Feb 27 2019)
“Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com, a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month.”

A third of 2018’s vulnerabilities have public exploits, 50% can be exploited remotely (Help Net Security, Mar 04 2019)
Over 22,000 new vulnerabilities were disclosed during 2018, according to Risk Based Security’s 2018 Year End Vulnerability QuickView Report. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row.

Commerce Department’s pitch at RSA: Companies should publish ‘ingredients’ for their technology (Washington Post, Mar 04 2019)
The government wants to sell industry on software transparency.


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Many computers are vulnerable to hacking through common plug-in devices (Help Net Security, Feb 26 2019)
Attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations.

Highly critical Drupal flaw being exploited in the wild (SC Magazine, Feb 27 2019)
Cybercriminals are actively exploiting a “highly critical” Drupal bug to deliver cryptocurrency miners and other malicious payloads.

Better Security Not Sole Factor for Improved Breach Detection Times: FireEye (SecurityWeek, Mar 04 2019)
This improvement has been partly attributed to organizations having better internal threat hunting capabilities and enhanced network, endpoint and cloud visibility. However, the smaller dwell time is also the result of an increase in attacks that are not meant to be stealthy. For example, in the case of ransomware attacks, the victim learns quickly that they have been hit as the attacker delivers a ransom note. Business email compromise (BEC) attacks are also often detected quickly as it typically does not take long for victims to realize that they have been targeted by fraudsters.

Social Engineering Employed to Steal Data (Infosecurity Magazine, Feb 25 2019)
One in three cyberattacks during Q4 2018 used social engineering tactics, says Positive Technologies.

Backdoor Targets U.S. Companies via LinkedIn (SecurityWeek, Feb 26 2019)
Users are encouraged to click on a link to see the noted job description, or, in some cases, to open an attached PDF with embedded URLs or other malicious attachments.

Researchers Build Framework for Browser-Based Botnets (Dark Reading, Feb 26 2019)
The power of malware that uses HTML5 and other browser-based software as an attack component stems from the fact that, by default, Web applications are understood to be trusted and can run client-side JavaScript code with no natural limitations.

Attackers Continue to Focus on Users, Well-Worn Techniques (Dark Reading, Feb 26 2019)
From WannaCry and phishing to credential stuffing and cryptomining, attackers relied on many oldie-but-goodie attacks in 2018, according to a pair of new security threat reports.

New B0r0nt0K ransomware roughs up Linux servers (SC Magazine, Feb 26 2019)
Linux servers and possibly Windows-based machines as well are susceptible to a newly discovered ransomware called B0r0nt0K that encrypts affected data with a base64 algorithm.

New Attack Runs Code After Closing Browser Tab (SecurityWeek, Feb 26 2019)
A group of researchers has discovered that websites can abuse modern browser APIs to persistently abuse browser resources for nefarious operations even after their tabs or windows have been closed.

Privileged Credential Abuse a Top Attack Vector (Infosecurity Magazine, Feb 26 2019)
Credential abuse was involved in 74% of breaches, survey finds.

Researchers break e-signatures in 22 common PDF viewers (Naked Security – Sophos, Feb 27 2019)
Researchers have discovered a flaw in some PDF document viewers that allows new content to be added to documents without breaking the electronic signatures.

Cisco warns a critical patch is needed for a remote access firewall, VPN and router (Network World Security, Feb 28 2019)
Cisco puts Elasticsearch cluster, Docker/Kubernetes, Webex customers on guard, as well

Magecart Hackers Change Tactics Following Public Exposure (SecurityWeek, Mar 01 2019)
One of the multiple hacking groups operating under the “Magecart” umbrella has changed its tactics following a November 2018 report exposing their activity.

Data Leakage from Encrypted Databases (Schneier on Security, Mar 01 2019)
“Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson.”

How to Get and Set Up a Free Windows VM for Malware Analysis (Lenny Zeltser, Mar 02 2019)
If you’d like to start experimenting with malware analysis in your own lab, here’s how to download and set up a free Windows virtual machine…

Chrome Zero-Day Exploited to Harvest User Data via PDF Files (SecurityWeek, Feb 27 2019)
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser.

40% of malicious URLs were found on good domains (Help Net Security, Mar 01 2019)
Also, “After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt. Webroot found that organizations that combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.”