A Review of the Best News of the Week on Cyber Threats & Defense

The top 10 cyber hygiene issues that lead to a breach: A perimeter in ruins (Darktrace Blog, May 15 2019)
And whereas there is no silver bullet when it comes to securing the enterprise online, patching these holes in the perimeter is nevertheless a critical first step.

Another MacOS Bug Lets Hackers Invisibly Click Security Prompts (Wired, Jun 03 2019)
Exploiting a bug in Mojave, Wardle has shown yet again that any piece of automated malware can exploit a feature of MacOS known as “synthetic clicks” to breeze through security prompts, allowing the attacker to gain access to the computer’s camera, microphone, location data, contacts, messages, and even in some cases to alter its kernel, adding malicious code to the deepest part of the operating system.

Google Researcher Finds Code Execution Vulnerability in Notepad (SecurityWeek, May 29 2019)
Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Checkers Breach Underscores Continued POS Dangers (Dark Reading, May 31 2019)
Attacks on point-of-sale terminals garners less attention these days, but the most recent breach of the restaurant chain shows hackers have not lost focus.

The Shenanigans Behind a Stealthy Apple Keychain Attack (Wired, Jun 01 2019)
An 18-year-old security researcher made headlines earlier this year with KeySteal, a macOS hack. Now he’s showing the world how it worked.

12M Quest Diagnostics Patients May Have Had Data Breached (NBC New York, Jun 03 2019)
In a filing with securities regulators, Quest said it was notified that between Aug. 1, 2018, and March 30, 2019, that someone had unauthorized access to the systems of AMCA, a billing collections vendor.

WannaCry Lives On in 145K Infected Devices (Dark Reading, May 29 2019)
Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.

You’re Still Unpatched from WannaCry? (SC Magazine, Jun 03 2019)
Recently, a new version of NRSMiner was found actively spreading malware in Asia by either updating existing NRSMiner infections or spreading to new systems using the EternalBlue exploit.

GandCrab Campaign Attacks MySQL Servers (Infosecurity Magazine, May 28 2019)
Ransomware-slingers look for new victims

Emotet Made Up 61% of Malicious Payloads in Q1 (Dark Reading, May 29 2019)
The botnet has displaced credential stealers, stand-alone downloaders, and RATs in the overall threat landscape.

APT10 campaign debuts two new loaders for distributing PlugX and Quasar RATs (SC Magazine, May 28 2019)
The reputed Chinese state-sponsored threat group APT10 appears to be the culprit behind a campaign this past April that sought to distribute PlugX and Quasar RAT malware via one of two newly discovered downloader variants.

Business Users Targeted by HawkEye Keylogger Malware (SecurityWeek, May 28 2019)
HawkEye keylogger campaigns observed in April and May 2019 focused on targeting business users, IBM X-Force security researchers say. 

A million devices still vulnerable to ‘wormable’ RDP hole (Naked Security – Sophos, May 30 2019)
An internet-wide scan has revealed almost one million devices vulnerable to CVE-2019-0708.

A dive into Turla PowerShell usage (WeLiveSecurity, May 29 2019)
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only

Sophisticated HiddenWasp Malware Targets Linux (SecurityWeek, May 30 2019)
A recently uncovered piece of sophisticated malware targeting Linux provides attackers with remote control of the infected systems, Intezer’s security researchers have discovered. 

Microsoft’s BlueKeep Bug Isn’t Getting Patched Fast Enough (Wired, May 31 2019)
At this rate, it will take years to fix a critical vulnerability that remains in over 900,000 Windows machines. A worm will arrive much sooner.

Critical vulnerability found in WordPress plugin Convert Plus (SC Magazine, May 31 2019)
For the second time this week a WordPress plugin has been found vulnerable, this time allowing an attacker to gain administrative privileges in plugin Convert Plus. Convert Plus, which has 100,000 active installs, is a commercial lead generation tool containing a critical-rated “unauthenticated administrator creation” flaw, according to Wordfence.

Chrome Extensions Policy Hits Deceptive Installation Tactics (SecurityWeek, May 31 2019)
Google this week announced a new policy that aims at eliminating the use of deceptive installation tactics among Chrome browser extensions.