15 Bullet Friday – The Best Security News of the Week – 2019.05.03

The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. A ‘Blockchain Bandit’ Is Guessing Private Keys and Scoring Millions (Wired, Apr 23 2019)
The larger lesson of an ongoing Ethereum crime spree: Be careful with who’s generating your cryptocurrency keys.

2. Legacy infrastructures and unmanaged devices top security risks in the healthcare industry (Help Net Security, Apr 25 2019)
– The most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels. This traffic represents external communication involving multiple sessions over long periods of time that appear to be normal encrypted web traffic.
– The most common method attackers use to hide data exfiltration behaviors in healthcare networks was hidden domain name system (DNS) tunnels. Behaviors consistent with exfiltration can also be caused by IT and security tools that use DNS communication.

3. How a Nigerian ISP Accidentally Hijacked the Internet (Dark Reading, Apr 25 2019)
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China’s Great Firewall.


8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn


*AI, IoT, & Mobile Security*
4. P2P Weakness Exposes Millions of IoT Devices (Krebs on Security, Apr 26 2019)
“A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.”

5. Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps (Motherboard, Apr 24 2019)
“I can absolutely make a big traffic problem all over the world,” the hacker said.

6. The SIM Swap Fix That the US Isn’t Using (Wired, Apr 26 2019)
While foreign phone carriers are sharing data to stop SIM swap fraud, US carriers are dragging feet.

*Cloud Security, DevOps, AppSec*
7. Attackers breached Docker Hub, grabbed keys and tokens (Help Net Security, Apr 29 2019)
Docker, the company behing the popular virtualization tool bearing the same name, has announced late on Friday that it has suffered a security breach. There was no official public announcement. Instead, the company sent an alert to potentially affected customers and urged them to change their passwords check their security logs. What happened? “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” the company shared. “During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

8. NIST tool boosts chances of finding dangerous software flaws (Naked Security – Sophos, Apr 29 2019)
NIST thinks it has reached an important milestone in complex software testing with something called Combinatorial Coverage Measurement (CCM).

9. Ransomware disables Cleveland airport’s email systems, information screens (SC Magazine, Apr 25 2019)
A ransomware attack reportedly has affected email, payroll and record-keeping systems at Cleveland Hopkins International Airport this week and also darkened the transportation facility’s information screens And according to a report from local news outlet WKYC, the attackers may have also accessed airport employee payroll records containing personal information.

*Identity Mgt & Web Fraud*
10. Unknown Data Breach Exposes 80 Million US Households (vpnMentor, Apr 30 2019)
vpnMentor’s research team discovered a hack affecting 80 million American households. Known hacktivists Noam Rotem and Ran Locar discovered an unprotected …

11. Microsoft’s security chief explains why the company is eliminating passwords (CNBC, May 01 2019)
Microsoft’s security chief explains why the company is eliminating passwords  Ninety percent of Microsoft’s employees can log on to the corporate network without a password, Arsenault said. It’s a reflection of the “passwordless future” Microsoft has touted for years, and backed up by products to move consumers away from memorizing strings of confusing terms. Instead, Microsoft employees use a variety of other options, including Windows Hello and the Authenticator app, which provide other alternatives for logging in, like facial recognition and fingerprints.

12. After Telcos Shut Off Bounty Hunters, Scammers Sell Fake ‘Phone Pings’ (Motherboard, May 01 2019)
After Motherboard’s investigation led to telcos stopping their sale of phone location data, apparent scammers are exploiting a void in the private investigator industry.

*CISO View*
13. Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies (Motherboard, Apr 30 2019)
The data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen.

14. GE trade secret theft case demonstrates need for document behavior monitoring (Help Net Security, Apr 29 2019)
A former GE engineer and a Chinese national have been formally charged with 14 counts of economic espionage by the U.S. Department of Justice after stealing trade secrets from GE. The indictment describes the calculated theft of sensitive documents related to the proprietary design of GE’s gas and steam turbines.

15. Here are the 55 things the U.S. government most needs to protect against cyberattacks (The Washington Post, Apr 30 2019)
The Department of Homeland Security is releasing today a list of 55 things the government most needs to protect from digital attacks. The government believes that a cyberattack on any of these government or private sector services or functions could have a “debilitating effect” on national security, the U.S. economy or public health.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn