A Review of the Best News of the Week on Cyber Threats & Defense

Triton is the world’s most murderous malware, and it’s spreading (MIT Technology Review, Mar 06 2019)
The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.

Google Reveals “BuggyCow,” a Rare MacOS Zero-Day Vulnerability (Wired, Mar 04 2019)
Google’s Project Zero researchers find a potentially powerful privilege escalation trick in how Macs manage memory.

#RSAC: The Most Dangerous New Attack Techniques & How to Counter Them (Infosecurity Magazine, Mar 11 2019)
According to Skoudis, there are two specific attack vectors that he’s seeing increasingly. First is the manipulation of the DNS infrastructure associated with specific enterprises. “Hackers are using credentials that they have compromised in the normal course of business,” he explained. “Bad guys are logging into DNS and name registrars and manipulating the DNS records there. Emails destined for your organizations are actually being redirected to them.”

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Microsoft Rolls Out Spectre Variant 2 Mitigations for Windows 10 (SecurityWeek, Mar 04 2019)
Microsoft started rolling out a new software update for Windows 10 devices to enable the Retpoline mitigations against Spectre attacks. 

A brief history of Wi-Fi security protocols from “oh my, that’s bad” to WPA3 (Ars Technica, Mar 10 2019)
Enjoy our primer on the ups and downs of Wi-Fi protocols since the mid-1990s.

Citrix Hacked by ‘International Cybercriminals’ (Dark Reading, Mar 08 2019)
FBI informed Citrix this week of a data breach that appears to have begun with a ‘password spraying’ attack to steal weak credentials to access the company’s network.

WordPress Comprises 90% of Hacked Sites: Report (Infosecurity Magazine, Mar 05 2019)
The problems associated with WordPress appeared not to have come from users running old versions of the platform. In fact, just 37% of infected sites on this platform were outdated…

New Threat Group Using Old Technique to Run Custom Malware (Dark Reading, Mar 06 2019)
Whitefly is exploiting DLL hijacking with considerable success against organizations since at least 2017, Symantec says.

Why Ransomware Is Still An Active Threat (eWEEK, Mar 04 2019)
RSA Conference 2019: Ransomware in 2019 doesn’t have the same volume as it did in 2017, but that doesn’t mean it isn’t an impactful threat.

Word Bug Allows Attackers to Sneak Exploits Past Anti-Malware Defenses (Dark Reading, Mar 05 2019)
Problem lies in the manner in which Word handles integer overflow errors in OLE file format, Mimecast says.

NSA unveils Ghidra reverse engineering tool at RSA Conference 2019 (Help Net Security, Mar 06 2019)
The National Security Agency (NSA) has released Ghidra, a free and cross-platform software reverse engineering tool suite used internally by the intelligence agency.

States Need Way More Money to Fix Crumbling Voting Machines (Wired, Mar 05 2019)
“We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers.

Fighting Alert Fatigue with Actionable Intelligence (Dark Reading, Mar 06 2019)
By fine-tuning security system algorithms, analysts can make alerts intelligent and useful, not merely generators of noise.

Windows Servers in danger of being compromised via WDS bug (Help Net Security, Mar 07 2019)
…CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2.

Phishing Attacks Spiked by 250% in 2018 (Infosecurity Magazine, Mar 07 2019)
Threat actors are becoming more innovate, finding new ways to escape detection by checking for known anti-malware solutions, persisting despite a browser reboot, stealing device information like IPs and switching infection tactics when they’ve been discovered, Rahim said.

Crowdfense launches $15M 0-day 2019 global Acquisition Program (Help Net Security, Mar 10 2019)
Crowdfense announces the launch of a $15M global Acquisition Program dedicated to the purchase and further refinement of zero-day vulnerabilities for the most popular software platforms, including Windows, MacOS, iOS and Android.

Zero-day Chrome/Windows combo actively exploited in the wild (Help Net Security, Mar 08 2019)
We now know why a number of Googlers made a point to urge users to implement the latest Chrome update as soon as possible: the vulnerability (CVE-2019-5786) is definitely being actively exploited in conjunction with another zero-day in Windows.

Multiple Healthcare Orgs Warn of Third-Party Attack (Infosecurity Magazine, Mar 08 2019)
Ransomware attack at Wolverine Solutions Group trickles down to dozens of client organizations.

Improving security with micro-segmentation: Where do I start? (SC Magazine, Mar 11 2019)
A common misconception is that micro-segmentation is an “all or nothing” proposition that requires a substantial commitment of staff and resources, conceivably over years, without a clear idea of what a successful outcome looks like. In reality, however, enterprises that have successfully implemented micro-segmentation have taken a phased approach, starting with a few “quick wins” on priority projects and gradually building out a more robust program. In the process, they discover that it’s not as daunting as they may have feared.