A Review of the Best News of the Week on Cyber Threats & Defense

U.S. Escalates Online Attacks on Russia’s Power Grid (The New York Times, Jun 15 2019)
The Trump administration is using new authority to take more aggressive digital action in a warning to Moscow and in a demonstration of its abilities.

The Highly Dangerous ‘Triton’ Hackers Have Probed the US Grid (Wired, Jun 14 2019)
The same hackers behind a potentially lethal 2017 oil refinery cyberattack are now sniffing at US electrical utility targets.

APT34 Tools Leak (Nick Hutton’s Blog, Jun 17 2019)
APT34 is an Advanced Persistent Threat group associated with the Islamic Republic of Iran. Its source code and tools were recently leaked via a Telegram channel. In addition to those tools, information was divulged about the group’s targets which included companies and governments in the United Arab Emirates, Kingdom of Saudi Arabia, China, Qatar, and Turkey among others. The “Dookhtegan” group leaking APT34’s information expressed particular animus towards the Iranian Ministry of Intelligence. As of mid-May 2019, the leaks continue via a Telegram channel.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Getting Up to Speed on Magecart (Dark Reading, Jun 11 2019)
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.

XSS Vulnerability Exposed Google Employees to Attacks (SecurityWeek, Jun 13 2019)
A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to invoices and other sensitive information.

Researchers crack digital safe using HSM flaw (Naked Security – Sophos, Jun 11 2019)
French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets.

Researchers devise RAMBleed attack to grab secret data from memory (Help Net Security, Jun 12 2019)
Researchers have demonstrated a new variation of the Rowhammer attack: dubbed RAMBleed, it may allow attackers to read data stored inside the computer’s physical memory.

The Multibillion-Dollar Problem Of Weak Cybersecurity in Real Estate (Forbes, Jun 12 2019)
With huge fund transfers happening on a daily basis in real estate, the sector has always been a lucrative target, especially due to its relative technological unsophistication.

SQL Injection Attacks Represent Two-Third of All Web App Attacks (Dark Reading, Jun 13 2019)
When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.

Ransomware disrupts worldwide production for Belgian aircraft parts maker (Help Net Security, Jun 13 2019)
ASCO Industries, a manufacturer of aerospace components with headquarters in Zaventem, Belgium, has been hit with ransomware, which ended up disrupting its production around the world.

Code signing keys and certificates are crucial security assets, are you protecting them? (Help Net Security, Jun 13 2019)
Only 28 percent of organizations consistently enforce a defined security process for code signing certificates

Microsoft’s battle with SandboxEscaper zero days turns into grim Groundhog Day (Naked Security – Sophos, Jun 13 2019)
Why is SandboxEscaper releasing vulnerabilities in such an irresponsible way? It matters not – Microsoft must patch what’s in front of it whatever the backstory.

Google’s Push to Close a Major Encrypted Web Loophole (Wired, Jun 13 2019)
By building security into top-level domains, Google makes it harder for HTTPS to fall short.

BlueKeep RDP Vulnerability a Ticking Time Bomb (Dark Reading, Jun 14 2019)
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.

Linux servers under attack via latest Exim flaw (Help Net Security, Jun 14 2019)
It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149).

Vulnerabilities in Thunderbird Email Client Allow Code Execution (SecurityWeek, Jun 14 2019)
Security updates released by Mozilla this week for the Thunderbird email client address vulnerabilities that could be exploited to execute arbitrary code on impacted systems. 

New Malware Lays P2P Network on Top of IPFS’ (SecurityWeek, Jun 13 2019)
A newly discovered piece of malware uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network, Anomali’s security researchers report. 

Common Hacker Tool Hit with Hackable Vulnerability (Dark Reading, Jun 14 2019)
A researcher has found a significant exploit in one of the most frequently used text editors.

Human error still the cause of many data breaches (Help Net Security, Jun 17 2019)
When assessing additional causes of data breaches, the report found that nearly half of all C-Suites (47%) and one in three SBOs (31%) say human error or accidental loss by an employee/insider was the cause.

Malware a Serious Threat for Industrial Orgs (Infosecurity Magazine, Jun 14 2019)
Cryptolocker malware increased by 167% in Q1 2019, report says.