A Review of the Best News of the Week on Cyber Threats & Defense

How Microsoft found a Huawei driver that opened systems to attack (Ars Technica, Mar 29 2019)
Monitoring systems were looking for attacks using technique popularized by the NSA.

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach (Krebs on Security, Mar 29 2019)
“On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.”

ASUS pushes out urgent security update after attackers hacked its automatic Live Update tool (Tripwire, Mar 29 2019)
Taiwan-based technology giant ASUS is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using ASUS’s own Live Update software tool.


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Russia Regularly Spoofs Regional GPS (Dark Reading, Mar 26 2019)
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

Hackers Are Loving PowerShell, Study Finds (SecurityWeek, Mar 27 2019)
Threat Actors Prefer PowerShell over Other ATT&CK Techniques, Report Shows. PowerShell is by far the most prevalent MITRE ATT&CK technique, being detected twice as often as the next most common technique, says a new report from cybersecurity firm Red Canary.

Asus pushes out urgent security update after its own automatic Live Update tool was hacked (Graham Cluley, Mar 27 2019)
Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus’s own Live Update software tool.

How to hack your own Wi-Fi network (Network World Security, Mar 26 2019)
One way to bolster your understanding of Wi-Fi security is to do some hacking yourself. That doesn’t mean you should infiltrate a company’s network or snoop on a neighbor’s setup.

New Shodan Tool Warns Organizations of Their Internet-Exposed Devices (Dark Reading, Mar 27 2019)
Shodan Monitor is free to members of the popular Internet search engine.

Encrypted attacks growing steadily, cybercriminals are increasingly targeting non-standard ports (Help Net Security, Mar 27 2019)
“The use of SSL/TLS to encrypt data is not new. Over the past five or ten years, as major web destinations like Google and Facebook moved to encrypt their traffic, most traffic coming into and going out of the organization today is encrypted. In fact, our data shows that 69.7% of all data in 2018 was TLS/SSL encrypted…”

Elfin, aka APT33, targets U.S., Saudi Arabian firms in cyberespionage campaign (SC Magazine, Mar 27 2019)
The cyberespionage group Elfin, aka APT33, has launched a heavily targeted campaign against multiple organization in Saudi Arabia and the United States.

North Korea-Linked Hackers Target macOS Users (SecurityWeek, Mar 27 2019)
The North Korea-linked Lazarus group has been leveraging PowerShell to target both Windows and macOS machines as part of an attack campaign that has been ongoing since at least November 2018, Kaspersky Lab reports.

HTTPS Isn’t Always As Secure As It Seems (Wired, Mar 28 2019)
A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear.

WinRAR Vulnerability Exploited to Deliver New Malware (SecurityWeek, Mar 28 2019)
A recently patched vulnerability affecting the popular archiver utility WinRAR has been increasingly exploited by malicious actors, including to deliver new malware to targeted users.

Microsoft takes control of 99 domains operated by Iranian state hackers (ZDNet, Mar 29 2019)
Microsoft takes control of 99 domains operated by APT35/Phosphorus cyber-espionage group.

Microsoft adds tamper protection to Microsoft Defender ATP (Help Net Security, Apr 01 2019)
Microsoft has added a new tamper protection feature to Microsoft Defender ATP (formerly Windows Defender ATP) antimalware solution. When turned on, it should prevent malicious apps and actors from disabling the antimalware solution or some of its key security features. Foiling often-used tactics Malware developers are forever looking for ways to make its wares “invisible” to users, AV/antimalware software and malware analysts.

3.1 million customer records possibly stolen in Toyota hack (Help Net Security, Apr 01 2019)
Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced on Friday. The announcement comes a few weeks after Toyota Australia said they have been “the victim of an attempted cyber attack”.

Main threat source to industrial computers? Mass-distributed malware (Help Net Security, Apr 01 2019)
“Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or emails,”

Automatically and invisibly encrypt email as soon as it is received on any trusted device (Help Net Security, Apr 01 2019)
In response to these kinds of widespread attacks, computer scientists at Columbia Engineering have built Easy Email Encryption (E3), an application for secure, encrypted email that is easy to manage even for non-technical users. Now in beta test mode, E3 automatically and invisibly encrypts email as soon as it is received on any trusted device, including smartphones, laptops, and tablets. It works on a variety of platforms including Android, Windows, Linux, and Google Chrome, and with popular mail services such as Gmail, Yahoo, AOL, and more.