A Review of the Best News of the Week on Cyber Threats & Defense

NSA Releases Reverse Engineering Tool’s Source Code (SecurityWeek, Apr 08 2019)
The National Security Agency (NSA) has made the source code for its “Ghidra” reverse engineering tool available for everyone.

Half of Cyber-Attacks Involve the Supply Chain (Infosecurity Magazine, Apr 02 2019)
Carbon Black claims island hopping and counter-incident response is growing

How the ‘New York Times’ Protects its Journalists From Hackers and Spies (Motherboard, Apr 08 2019)
The New York Times has beefed up its cybersecurity team in recent years, including with the hire of Runa Sandvik, a former hacker who used to work for the anonymization network the Tor Project, and who once hacked a smart gun.


Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.


Arizona Beverages ransomware attack exacerbated by unpatched servers, poorly configured back-up system (SC Magazine, Apr 02 2019)
Arizona Beverages, quick to the grocer’s shelf with its ubiquitous iced teas, has been slow to get much of its network running again after it discovered its backup system wasn’t properly configured to restore its systems in the wake of a targeted ransomware attack and was forced to spend a pretty penny…

Microsoft Not Concerned About Disclosed Edge, IE Flaws (SecurityWeek, Apr 04 2019)
Microsoft does not seem too concerned about the risk posed by unpatched Internet Explorer and Edge vulnerabilities for which proof-of-concept (PoC) exploits were recently made public.

TrickBot Malware Targets Tax Filing Deadline, IBM Warns (eWEEK, Apr 08 2019)
IBM X-Force reveals that multiple malware campaigns are spoofing major accounting and payroll firms as the U.S. tax filing deadline nears.

Game of Thrones report finds the show is the most popular malware lure (SC Magazine, Apr 02 2019)
While spring may still be trying to ease in, winter is set to return in just a couple weeks with the series finale of Game of Thrones, meaning cybercriminals will be busy using buzz surrounding the show to lure fans with the promise of torrented content.

ShadowHammer Shows Supply Chain Risks (Dark Reading, Apr 01 2019)
Trusted relationships can become critical risks when suppliers’ systems are breached.

FireEye Creates Free Attack Toolset for Windows (Dark Reading, Apr 02 2019)
The security services company releases a distribution of 140 programs for penetration testers who need to launch attacks and tools from an instance of Windows.

War on Zero-Days: 4 Lessons from Recent Google & Microsoft Vulns (Dark Reading, Apr 02 2019)
When selecting targets, attackers often consider total cost of ‘pwnership’ — the expected cost of an operation versus the likelihood of success. Defenders need to follow a similar strategy.

Python-Based Bot Scanner Gorging on Recon Intel (Dark Reading, Apr 04 2019)
Discovered by AT&T AlienLabs, new malware Xwo seeking default creds and misconfigurations in MySQL and MongoDB, among other services

Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware (Dark Reading, Apr 04 2019)
The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.

New, Improved BEC Campaigns Target HR and Finance (Dark Reading, Apr 04 2019)
Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics.

Consumer routers targeted by DNS hijacking attackers (Help Net Security, Apr 05 2019)
Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS hijacking campaigns and device hijacking attacks.

What is shadow mining and why is it a security threat? (Help Net Security, Apr 05 2019)
Yet, shadow mining – a form of shadow IT – occurs when a malicious insider compromises their organization’s computing resources to illicitly mine cryptocurrencies. Shadow IT refers to any surreptitious or unauthorized use of IT infrastructure by an employee.

Cisco Talos Finds Criminals Hiding in Plain Sight on Social Media (eWEEK, Apr 05 2019)
Cyber-criminals aren’t just hiding on the dark web. Many are also operating openly on social media sites like Facebook, according to new research from Cisco’s Talos research unit.

Magento sites under attack through easily exploitable SQLi flaw (Help Net Security, Apr 08 2019)
A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.

Bootstrap supply chain attack is another attempt to poison the barrel (Naked Security – Sophos, Apr 08 2019)
Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

Threat actors use US data center to spread malware (SC Magazine, Apr 05 2019)
Bromium researchers spotted scammers used Nevada data centers to distributed Dridex, GandCrab and other malware in a campaign that lasted between May 2018 to March 2019.