A Review of the Best News of the Week on Cyber Threats & Defense

Facebook Mistakenly Stored ‘Hundreds of Millions’ of User Passwords as Plaintext (Motherboard, Mar 21 2019)
The social network confirmed a massive mistake that exposed millions of passwords. But, the company said, no passwords were exposed to people outside of Facebook.

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers (Motherboard, Mar 25 2019)
The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.

Thousands of API and cryptographic keys leaking on GitHub every day (Naked Security – Sophos, Mar 25 2019)
Researchers have found that one of the most popular source code repositories in the world is still housing thousands of publicly accessible user credentials.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Microsoft Dominates 2018’s Most Exploited Vulnerabilities (SecurityWeek, Mar 22 2019)
Eight of the top ten most exploited vulnerabilities in 2018 affected Microsoft products. Only one — but the second most exploited — was an Adobe vulnerability. The last one, ranking at the ninth most exploited vulnerability of 2018, was an Android vulnerability.

Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ (Motherboard, Mar 22 2019)
It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.

This Spyware Data Leak Is So Bad We Can’t Even Tell You About It (Motherboard, Mar 22 2019)
A consumer spyware vendor left a lot of incredibly sensitive and private data, including intimate pictures and private call recordings, for all to see on a server freely accessible over the internet. And it still hasn’t taken the data down.

Google, Microsoft work together for a year to figure out new type of Windows flaw (Ars Technica, Mar 18 2019)
Researcher finds building blocks for privilege escalation: Can they be assembled to create a flaw?

Fujitsu wireless keyboard vulnerable to keystroke injection attack (SC Magazine, Mar 18 2019)
A German security researcher has discovered and released information on a flaw in an otherwise secure wireless keyboard that could allow an attacker to inject keystrokes and take over a computer.

Upgraded Cardinal RAT malware targets Israeli fintech firms (SC Magazine, Mar 19 2019)
A pair of Israeli financial technology companies were recently the target of a malware campaign featuring an updated version of the rarely seen Cardinal remote access trojan, researchers from Palo Alto Networks’ Unit 42 team are reporting.

Persistence and scale signature moves of new Monero miner campaign (SC Magazine, Mar 19 2019)
A new Monero cryptomining campaign has been detected in the wild being spread and operating in a manner more consistent with ransomware and other attacks that retain a level of persistence than has been seen before. Check Point researchers said these mining operations have been on-going since mid-January using two specific trojans…

Researchers Seek Out Ways to Search IPv6 Space (Dark Reading, Mar 20 2019)
Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?

Vulnerability in NSA’s Reverse Engineering Tool Allows Remote Code Execution (SecurityWeek, Mar 20 2019)
A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March, could be exploited to execute code remotely, researchers say. 

Researcher finds new way to sniff Windows BitLocker encryption keys (Naked Security – Sophos, Mar 21 2019)
A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.

Cisco directs high priority patches for IP phone security exposures (Network World Security, Mar 21 2019)

Cisco this week advised customers using its 7800 and 8800 series IP phones they should patch a variety of high-priority vulnerabilities that could lead to denial of service and other security problems.

Microsoft ships antivirus for macOS as Windows Defender becomes Microsoft Defender (Ars Technica, Mar 21 2019)
Microsoft is expanding the reach of its device management services.

FIN7 Cybercrime Gang Rises Again (Dark Reading, Mar 21 2019)
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.

2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise (Help Net Security, Mar 25 2019)
Network attacks targeting a vulnerability in the Cisco Webex Chrome extension have increased dramatically. In fact, they were the second-most common network attack…

Most IT and security professionals feel vulnerable to insider threats (Help Net Security, Mar 21 2019)
91 percent of IT and security professionals feel vulnerable to insider threats, and 75 percent believe the biggest risks lie in cloud applications like popular file storage and email solutions such as Google Drive, Gmail, Dropbox and more.

Latest tactics used by cybercriminals to bypass traditional email security (Help Net Security, Mar 21 2019)
Cybercriminals are continuously using new strategies to get past email security gateways, with brand impersonation being used in 83 percent of spear-phishing attacks, while 1 in 3 business email compromise attacks are launched from Gmail accounts.

How Three of 2018’s Critical Threats Used Email to Execute Attacks (SecurityWeek, Mar 21 2019)
If you look back at 2018, you’ll find threats like Emotet and cryptomining used email as the preferred delivery method. It’s also highly likely that other threats, such as unauthorized Mobile Device Management (MDM) profiles, used email as well.