A Review of the Best News of the Week on Cyber Threats & Defense

Thangrycat: A Serious Cisco Vulnerability (Schneier on Security, May 23 2019)
Thrangrycat only works once you have administrative access to the device. You need a two-step attack in order to get Thrangrycat working. Attack #1 gets you remote administrative access, Attack #2 is Thrangrycat. Attack #2 can’t happen without Attack #1. Cisco can protect you from Attack #1 by sending out a software update. If your I.T. people have your systems well secured and are applying updates and patches consistently and you’re not a regular target of nation-state actors, you’re relatively safe from Attack #1, and therefore, pretty safe from Thrangrycat.

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc (The New York Times, May 25 2019)
American cities are being hijacked with an N.S.A. cyberweapon that has already done billions of dollars in damage overseas. The N.S.A. will say nothing.

Magecart POS skimmer adds iframe injection technique (SC Magazine, May 21 2019)
A new online POS skimmer used by one of the Magecart groups has been spotted injecting an iframe into retailer websites that asks for payment card information. Malwarebytes came across the new technique being used on a Magento powered e-commerce platform.

Compliance is necessary. Wasting money isn’t.
The Mosaic Security Research Market Intelligence Platform provides the tools you need for OWASP’s Cyber Defense Matrix. Build your threat defense systematically.

New Trickbot Variant Uses URL Redirection to Spread (Dark Reading, May 20 2019)
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.

Microsoft updates break AV software, again! (Help Net Security, May 21 2019)
Microsoft’s May 2019 security fixes have again disrupted the normal functioning of some endpoint security products on certain Windows versions.

DDoS Attacks on the Rise After Long Period of Decline (Infosecurity Magazine, May 21 2019)
Number of DDoS Attacks jumped 84% in Q1 2019 compared to Q4 2018

Phishing Kit 16Shop Targets Apple Users, Hackers (Infosecurity Magazine, May 21 2019)
16Shop is a go-to-kit for hackers, but it’s also tracking hackers through a hidden backdoor.

Linux variant of Winnti malware spotted in wild (SC Magazine, May 20 2019)
Google’s Chronicle Security team discovered a Linux version of the Winnti malware was used in the 2015 hack of a Vietnamese gaming company.

Satan Ransomware Expands Portfolio of Exploits (SecurityWeek, May 21 2019)
A recently observed Satan ransomware variant has added exploits to its portfolio and is looking to compromise more machines by targeting additional vulnerabilities.

Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP (SecurityWeek, May 20 2019)
A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation.

Cybercriminals continue to evolve the sophistication of their attack methods (Help Net Security, May 23 2019)
Cybercriminals continue to evolve the sophistication of their attack methods, from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximize their opportunities, according to the Fortinet latest report.

Great White North bombarded with malicious email campaigns, report (SC Magazine, May 23 2019)
During the first four months of 2019 threat actors conducted thousands of malicious email campaigns, hundreds of which targeted Canadian organizations.

Windows 10 zero-day vulnerability released, Microsoft in the dark (SC Magazine, May 23 2019)
A zero-day vulnerability in Windows 10 that abuses a flaw in Windows Task Scheduler has been posted to GitHub by a security researcher who did not first notify Microsoft of the issue.

Hackers Breach Company That Makes License Plate Readers for U.S. Government (VICE, May 24 2019)
The hacker known as “Boris Bullet-Dodger” has published what appears to be internal data belonging to Perceptics, which provides license plate reader technology for the Mexico border.

Serious Security: Don’t let your SQL server attack you with ransomware (Naked Security – Sophos, May 25 2019)
Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because we’re still making old mistakes – here’s what to do.