A Review of the Best News of the Week on Cyber Threats & Defense

Apple’s ‘Find My’ Feature Uses Some Clever Cryptography (Wired, Jun 05 2019)
Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple.

Warnings of world-wide worm attacks are the real deal, new exploit shows (Ars Technica, Jun 05 2019)
Latest Metasploit module is being kept private, but time is running out.

PHA Family Highlights: Triada (Google Online Security Blog, Jun 10 2019)
“The main purpose of Triada apps was to install spam apps on a device that displays ads. The creators of Triada collected revenue from the ads displayed by the spam apps. The methods Triada used were complex and unusual for these types of apps. Triada apps started as rooting trojans, but as Google Play Protect strengthened defenses against rooting exploits, Triada apps were forced to adapt, progressing to a system image backdoor. However, thanks to OEM cooperation and our outreach efforts, OEMs prepared system images with security updates that removed the Triada infection.”

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Hack The Sea: Bridging the gap between hackers and the maritime sector (Help Net Security, Jun 04 2019)
There’s a not a lot of researchers probing the security of computer systems underpinning the maritime industry. The limitations that keep that number low are obvious: both the specialized knowledge and equipment is difficult to come by. And, as Ken Munro of UK-based Pen Test Partners told us a year ago, not many people move from shipping into pentesting (and into information security in general). But things are looking up for those who are interested…

Carbanak Attack: Two Hours to Total Compromise (Dark Reading, Jun 04 2019)
Investigation of the cybercrime group’s attack on an East European bank shows how some attackers require very little time to broaden their access and establish persistence on a network.

NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows (National Security Agency, Jun 06 2019)
NSA advisory urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing cybersecurity threats.

Chinese Military Wants to Develop Custom OS (Schneier on Security, Jun 06 2019)
Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system

What’s the best approach to patching vulnerabilities? (Naked Security – Sophos, Jun 07 2019)
Researchers ask: with only 1 in 20 vulnerabilities exploited, what’s the best approach to patching?

500 million email servers running vulnerable Exim software (SC Magazine, Jun 06 2019)
Qualys researchers went public with a remote command execution vulnerability (CVE-2019-10149) in the Exim mail server versions 4.87 to 4.91 possibly affecting more than half of all email servers now in use.

Microsoft Urges Businesses to Patch ‘BlueKeep’ Flaw (Dark Reading, Jun 03 2019)
Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.

BlackSquid malware wants to wrap its tentacles around web servers and drives (SC Magazine, Jun 03 2019)
Researchers have discovered a new malware family that uses a set of eight exploits to compromise web servers, network drives and removable drives. Dubbed BlackSquid, the malware has been observed dropping XMRig cryptominer programs, but attackers could easily use it to deliver other nasty payloads to infected devices, as well as obtain unauthorized access, escalate…

On the Horizon: Parasitic Malware Will Feast on Critical Infrastructure (Infosec Island, Jun 04 2019)
Unprepared organizations will have a wide (and often unmonitored) attack surface that can be targeted by parasitic malware.

Wajam: From start-up to massively-spread adware (WeLiveSecurity, Jun 05 2019)
How a Montreal-made “social search engine” application has managed to become widely-spread adware, while escaping consequences

Vietnam Rises as Cyberthreat (Dark Reading, Jun 05 2019)
The country’s rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.

Platinum Hackers Use Steganography to Mask C&C Communications (SecurityWeek, Jun 05 2019)
The attacks were observed in June 2018 targeting diplomatic, government and military entities in South and Southeast Asian countries, but the campaign may have started as far back as 2012. Featuring a multi-stage approach, the campaign was dubbed EasternRoppels. The attack started with WMI subscriptions to run an initial PowerShell downloader and fetch a small PowerShell backdoor for system fingerprinting and downloading additional code.

Criminals are selling hacking services targeting world’s biggest companies (Help Net Security, Jun 07 2019)
4 in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses

Attackers Piece Together Malicious Tools Used for Targeted Attacks (SecurityWeek, Jun 07 2019)
A recently detected cyberattack campaign utilized tools built by combining multiple open-source techniques, Cisco Talos security researchers say.

Malware peddlers hit Office users with old but reliable exploit (Help Net Security, Jun 10 2019)
Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, Microsoft researchers have warned. Exploit delivers backdoor The exploit takes advantage of a vulnerability in an older version of the Office Equation Editor, which was manually patched by Microsoft in November 2017.

Most e-commerce websites running Magento at high risk of cybercrime (Help Net Security, Jun 10 2019)
New research has found 87% of SME websites using the Magento platform are currently at high risk from cyber attacks.

The GoldBrute botnet is trying to crack open 1.5 million RDP servers (Naked Security – Sophos, Jun 10 2019)
Even its most optimistic users would have to concede that it’s been a bracing few weeks for anyone who relies on Microsoft’s Remote Desktop Protocol (RDP).