A Review of the Best News of the Week on Cyber Threats & Defense
TRITON Actor TTP Profile, Custom Attack Tools, Detections, and
ATT&CK Mapping (Fire Eye Threat Research , Apr 10 2019)
FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility.
US Government Warns of New North Korean Malware (Infosecurity Magazine, Apr 11 2019)
Hoplight backdoor uses proxies to hide C&C comms
Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support (Motherboard, Apr 14 2019)
Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.
Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.
OceanLotus: macOS malware update (WeLiveSecurity, Apr 09 2019)
Latest ESET research describes the inner workings of a recently found addition to OceanLotus’s toolset for targeting Mac users
TajMahal Spyware (Schneier on Security, Apr 11 2019)
“nation-state spyware it calls TajMahal: The TajMahal framework’s 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of “files of interest,” automatically stealing them if a USB drive is inserted into the infected machine.”
Enterprise VPN apps store authentication and session cookies insecurely (Help Net Security, Apr 12 2019)
CVE-2019-1573, a flaw that makes VPN applications store the authentication and/or session cookies insecurely (i.e. unencrypted) in memory and/or log files, affects a yet to be determined number of enterprise Virtual Private Network (VPN) applications.
Verizon Patches Trio of Vulnerabilities in Home Router (Dark Reading, Apr 09 2019)
One of the flaws gives attackers way to gain root access to devices, Tenable says.
Meet Baldr: The Inside Scoop on a New Stealer (Dark Reading, Apr 09 2019)
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
Microsoft Patches Windows Privilege Escalation Flaws Exploited in Attacks (SecurityWeek, Apr 09 2019)
Microsoft has fixed over 70 vulnerabilities with its April 2019 Patch Tuesday updates, including two Windows zero-day flaws that allow an attacker to escalate privileges on a compromised system.
Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords (Ars Technica, Apr 11 2019)
Next-gen standard was supposed to make password cracking a thing of the past. It won’t.
Mainframe security is top priority for 85% of IT pros yet few are adequately protecting their systems (Help Net Security, Apr 11 2019)
While 85 percent of companies say mainframe security is a top priority, just 33 percent always or often make mainframe decisions based on security.
Windows 10: New update controls for end users, automatic removal of broken updates (Help Net Security, Apr 10 2019)
It seems that last year’s Windows 10 updating troubles have spurred Microsoft to make some changes to the operating system’s update experience and the company’s quality testing of updates.
Nearly one billion Chrome users vulnerable to exploit patched in later versions (SC Magazine, Apr 10 2019)
Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome.
Google launches new security tools for G Suite users (TechCrunch, Apr 10 2019)
Google is announcing the beta launch of its advanced phishing and malware protection, for example. This is meant to help admins protect users from malicious attachment and inbound email spoofing, among other things.
The top emerging risks organizations are facing (Help Net Security, Apr 15 2019)
Gartner surveyed 98 senior executives across industries and geographies and found that “accelerating privacy regulation” had overtaken “talent shortages” as the top emerging risk in the Q1 2019 Emerging Risk Monitor survey.