A Review of the Best News of the Week on Cyber Threats & Defense

Chances of destructive BlueKeep exploit rise with new explainer posted online (Ars Technica, Jul 22 2019)
Slides give the most detailed publicly available technical documentation seen so far.

China-Linked Threat Actor Using New Backdoor (SecurityWeek, Jul 23 2019)
The China-linked threat actor known as APT15 has been using a previously undocumented backdoor for more than two years, ESET’s security researchers have discovered. 

A VxWorks Operating System Bug Exposes 200 Million Critical Devices (Wired, Jul 29 2019)
WHEN MAJOR VULNERABILITIES show up in ubiquitous operating systems like Microsoft Windows, they can be weaponized and exploited, the fallout potentially impacting millions of devices. Today, researchers from the enterprise security firm Armis are detailing just such a group of vulnerabilities in a popular operating system that runs on more than two billion devices worldwide. But unlike Windows, iOS, or Android, this OS is one you’ve likely never heard of. It’s called VxWorks.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Planning a Bug Bounty Program? Follow Shopify’s Example (Dark Reading, Jul 23 2019)
Four years, $1 million in payouts, and the identification of 950 bugs later, Shopify provides an excellent example for organizations looking to launch their own programs.

APT34 spread malware via LinkedIn invites (SC Magazine, Jul 23 2019)
FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents. Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families…

EvilGnome – Linux malware aimed at your laptop, not your servers (Naked Security – Sophos, Jul 25 2019)
EvilGnome was written to target the comparatively small but committed community who use Linux on their laptops.

Russian Threat Group May Have Devised a ‘Man-on-the-Side’ Attack (Dark Reading, Jul 25 2019)
“The difference between MITM and MOTS is straightforward,” says Don Smith, senior director of the Counter Threat Unit at Secureworks. “With MITM, the attacker is present on infrastructure the traffic is traversing and can tamper with it,” he says. “With MOTS, the attacker has sufficient access to observe and inject traffic which through timing/bandwidth is consumed by the victim before the legitimate reply arrives.”

The Marines’ New Drone-Killer Aces Its First Test in Iran (Wired, Jul 22 2019)
Last week’s US strike of an Iranian drone is the first reported successful use of the Marines’ new energy weapon.

Ransomware attack leaves Johannesburg residents without electricity (Help Net Security, Jul 26 2019)
A ransomware attack aimed at City Power, the electricity provider for Johannesburg (aka Joburg), South Africa, has resulted in some residents temporarily without power. While the provider’s operational technology (OT) network hasn’t been hit, the IT disruption prevented customers from buying electricity through its pre-paid vending system.

Penetration Test Data Shows Risk to Domain Admin Credentials (Dark Reading, Jul 23 2019)
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.

Firmware Vulnerabilities Show Supply Chain Risks (Dark Reading, Jul 22 2019)
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk.

Several Vulnerabilities Found in Comodo Antivirus (SecurityWeek, Jul 23 2019)
Several vulnerabilities have been discovered in Comodo Antivirus, including one that allows an attacker to escape the sandbox and escalate privileges, and the vendor does not appear to have released any patches.

New IPS Architecture Uses Network Flow Data for Analysis (Dark Reading, Jul 23 2019)
Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is ‘yes.’

FIN8 Reappears with BADHATCH Malware (Infosecurity Magazine, Jul 23 2019)
A financially motivated threat group continues to adapt its tools.

The Commoditization of Multistage Malware Attacks (Dark Reading, Jul 24 2019)
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.

Banner vulnerability allows remote access to records of more than 60 colleges (SC Magazine, Jul 24 2019)
At least 62 colleges were affected by a software vulnerability in a program called Banner, operated by Ellucian, that allows threat actors to infiltrate colleges’ private records.

What Every Security Team Should Know About Internet Threats (Dark Reading, Jul 26 2019)
Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic.

93% of Organizations Cite Phishing as Top Threat (, Jul 25 2019)
More than four-fifths of companies have had an attempted email-based threat, report says.

NAS vendors hit by brute force ransomware attacks (Naked Security – Sophos, Jul 29 2019)
Cybercriminals are targeting numerous Network Attached Storage vendors with a new wave of ransomware.