A Review of the Best News of the Week on Cyber Threats & Defense
Another Attack Against Driverless Cars (Schneier on Security, Jul 31 2019)
“In this piece of research, attackers successfully attack a driverless car system — Renault Captur’s “Level 0″ autopilot (Level 0 systems advise human drivers but do not directly operate cars) — by following them with drones that project images of fake road signs in 100ms bursts. The time is too short for human perception, but long enough to fool the autopilot’s sensors.”
DHS Warns About Security Flaws in Small Airplanes (Dark Reading, Jul 30 2019)
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation.
94% of attacks hitting financial services use one of four methods (Help Net Security, Aug 01 2019)
Akamai’s findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period)
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
AWDL flaws open Apple users to tracking, MitM, malware planting (Help Net Security, Jul 31 2019)
Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in spite of MAC randomization, to intercept and modify transmitted files, and to prevent transmission or crash devices altogether.
Top Three Cross-Site Scripting Attacks You Need to Know Now (Infosec Island, Jul 31 2019)
Cross-Site scripting or XSS is and will remain to be a major pain for anyone trying to create a secure web application for their end-users.
New advanced malware, possibly nation sponsored, is targeting US utilities (Ars Technica, Aug 02 2019)
Dear Engineer. You failed your licensing exam. Open this document to learn more.
G Suite news: Anomalous alert activity for Google Drive, Advanced Protection for enterprise users (Help Net Security, Aug 01 2019)
Google is rolling out new security options for G Suite users and admins, aimed at alerting organizations about data exfiltration attempts on Google Drive and helping them protect their high-risk users. The options are both still in beta and some are currently only available to some G Suite customers, but wider availability is likely just a matter of time.
How Can We Stop Ransomware From Spreading? (Dark Reading, Jul 30 2019)
Almost all of the common ransomwares use domain name generation algorithms, so domains that look like random strings…
Deutsche Bank Email Vulnerability Left Ex-Employees with Access (Dark Reading, Jul 29 2019)
When Deutsche Bank left the equities trading business, employees in that division were let go. However, their access to their Deutsche Bank email accounts lasted for several weeks after they were shown the door.
Malware Cited As Exploit Most Seen By SOC Teams (Infosecurity Magazine, Jul 29 2019)
Respondents cited malware (98%), known vulnerabilities (80%), spear-phishing (69%) and insider threats (68%) as the most identified exploits in the SOC.
Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks (Dark Reading, Jul 31 2019)
Organizations using the utility should immediately install the latest version of the software, security vendor Trustwave says.
PCI Council & Retail ISAC Issue Magecart Warning (Infosecurity Magazine, Aug 01 2019)
PCI SSC and RH-ISAC issue joint alert on Magecart attacks
Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians (SC Magazine, Aug 01 2019)
Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively. Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017…