A Review of the Best News of the Week on Cyber Threats & Defense

More Attacks against Computer Automatic Update Systems (Schneier on Security, May 16 2019)
Last month, Kaspersky discovered that Asus’s live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation.

Cisco Patches Critical Vulnerabilities in Prime Infrastructure (PI) Software (SecurityWeek, May 16 2019)
Cisco has released patches for numerous vulnerabilities affecting its products, including Critical flaws in the Cisco Prime Infrastructure (PI) Software that could allow remote code execution.

On the path to Zero Trust security: Time to get started (Help Net Security, May 20 2019)
This article is more about how to get from where you are today to a Zero Trust security posture. As with most things worthwhile, they don’t happen overnight. Zero Trust is a journey. But if you don’t start, you are never going to finish. In this article, we will share five best practices businesses should think about when moving towards a Zero Trust security model.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys (Google Online Security Blog, May 20 2019)
Google announced that it’s offering a free replacement for its Titan Security Key dongles after the discovery of a potentially serious vulnerability…you have to be within 30 feet to exploit it.

New speculative execution bug leaks data from Intel chips’ internal buffers (Ars Technica, May 14 2019)
Intel-specific vulnerability was found by researchers both inside and outside the company.

Intel MDS attack mitigation: An overview (Help Net Security, May 17 2019)
To remove or mitigate the danger MDS attacks present to users, the affected systems should get a microcode (firmware) update and a software update.

>20,000 Linksys routers leak historic record of every device ever connected (Ars Technica, May 18 2019)
Linksys said it fixed flaw in 2014. Researcher Troy Mursch disagrees.

Hackers Add Security Software Removal to Banload Banking Malware (SecurityWeek, May 14 2019)
There are two primary characteristics of the Brazilian hacking scene: a focus on Brazil, and the adaptability of the hackers. Very strict money laws make trans-border money movement difficult, ensuring that most targets remain local; and the hackers tend to move on to new targets when the current one becomes too difficult.

Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage (WeLiveSecurity, May 14 2019)
ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software

Attackers Are Messing with Encryption Traffic to Evade Detection (Dark Reading, May 15 2019)
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.

Website Attack Attempts Rose by 69% in 2018 (Dark Reading, May 14 2019)
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.

Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities (Help Net Security, May 15 2019)
For May 2019 Patch Tuesday, Microsoft has released fixes for 79 vulnerabilities, 22 of which are deemed critical. Among the fixes is that for CVE-2019-0708, a “wormable” RDP flaw that is expected to be weaponised by attackers very soon.

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign (Wired, May 15 2019)
A very bad vulnerability in Windows XP could have serious ramifications, even with a patch.

Oh, the irony… Malware spread via Best of the Web security seals (Graham Cluley, May 16 2019)
The very thing that websites were using to reassure you that they were secure… was insecure, and putting website visitors’ personal data at risk.

Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too (Help Net Security, May 20 2019)
Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new software or configuration changes.