A Review of the Best News of the Week on Cyber Threats & Defense
Trump approved cyber-strikes against Iran’s missile systems (The Washington Post, Jun 24 2019)
Operation comes as the administration tells industry to be on alert for Iranian cyberattacks.
Google launches new Chrome protection from bad URLs (Naked Security – Sophos, Jun 20 2019)
Google on Tuesday launched two new security features to protect Chrome users from deceptive sites: an extension that offers an easy way to report suspicious sites, and a new warning to flag sites with deceptive URLs.
Millions of Devices Exposed to Attacks Due to Flaw in PC-Doctor Software (SecurityWeek, Jun 21 2019)
More than 100 million computers from Dell and other vendors may have been exposed to hacker attacks due to a serious vulnerability in software made by hardware diagnostic tools provider PC-Doctor.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
A rogue Raspberry Pi helped hackers access NASA JPL systems (Engadget, Jun 21 2019)
NASA’s Jet Propulsion Laboratory suffers from multiple cybersecurity weaknesses, according to investigators.
U.S. businesses are preparing for Iranian hacks after American cyber attack (The Washington Post, Jun 24 2019)
U.S. businesses should get ready for a barrage of digital retaliation from Iran after the Trump administration launched a cyberattack against the Islamic Republic’s rocket and missile launching systems, current and former U.S. government officials said this weekend.
How past threats and technical developments influence the evolution of malware (Help Net Security, Jun 24 2019)
“During his long career, Beek learned many things. One of these is that if you don’t learn each day, you’ve lost an opportunity to change something. Also, that making mistakes is ok – it’s part of the learning curve of success – and that having a diverse team with a serving attitude creates a culture that helps to solve all challenges.”
Election Security (Schneier on Security, Jun 24 2019)
Stanford University’s Cyber Policy Center has published a long report on the security of US elections. Summary: it’s not good….
Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks (Ars Technica, Jun 18 2019)
Free service prevents BGP hijackers from fraudulently obtaining browser-trusted certs.
DHS Tests Remote Exploit for BlueKeep RDP Vulnerability (Dark Reading, Jun 17 2019)
Agency urges organizations with vulnerable systems to apply mitigations immediately.
New Decryptor Unlocks Latest Versions of Gandcrab (Dark Reading, Jun 17 2019)
The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.
SACK TCP flaws can crash, slow down Linux-based systems (Help Net Security, Jun 18 2019)
They all affect the Selective Acknowledgments (SACK) TCP mechanism, which allows a receiving machine to acknowledge which data/packets it has received so that the sending machine will only resend the missing data segments. The mechanism is aimed at speeding up the transfer of data between computers.
New Variant of the Houdini Worm Emerges (SecurityWeek, Jun 18 2019)
A new variant of the well-known Houdini Worm has been spotted in phishing attacks earlier this month, Cofense’s security researchers report.
Research shows Tesla Model 3 and Model S are vulnerable to GPS spoofing attacks (Help Net Security, Jun 19 2019)
The researchers found that spoofing attacks on the Tesla GNSS (GPS) receiver could easily be carried out wirelessly and remotely, exploiting security vulnerabilities in mission-critical telematics, sensor fusion, and navigation capabilities.
Google Turns to Retro Cryptography to Keep Data Sets Private (Wired, Jun 19 2019)
Google’s Private Join and Compute will let companies compare notes without divulging sensitive information.
Attackers Exploit MSP’s Tools to Distribute Ransomware (Dark Reading, Jun 20 2019)
Early information suggests threat actors gained access to the managed service provider’s remote monitoring and management tools and used them to attack the firm’s clients.
Hacking Hardware Security Modules (Schneier on Security, Jun 20 2019)
“Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers.”
Insider exposes PII of 2.9 million Desjardins customers (SC Magazine, Jun 21 2019)
The Canadian financial institution Desjardins was the victim of an insider threat resulting in the data of 2.9 million customers being exposed, including crucial personal and business information. The Montreal-based credit union was told by the Laval Police Department the information of 2.7 million individual customers, along with 173,000 business clients had been leaked.
New Attack Delivers FlawedAmmyy RAT Directly in Memory (SecurityWeek, Jun 24 2019)
A recently discovered malicious campaign is aiming at infecting victim machines by delivering the notorious FlawedAmmyy RAT directly in memory, Microsoft warns.
Mac Malware Delivered via Firefox Exploits Analyzed (SecurityWeek, Jun 24 2019)
A researcher has conducted a detailed analysis of the two pieces of Mac malware delivered recently by threat actors to cryptocurrency exchanges via two Firefox vulnerabilities.
Unit 42 Discovers 10 New Microsoft Vulnerabilities (Palo Alto Unit42, Jun 24 2019)
Unit 42 discovered one new vulnerability addressed by the Microsoft Security Response Center (MSRC) as part of their June 2019 security update release, as well as nine additional vulnerabilities that were addressed in May 2019.