A Review of the Best News of the Week on Cyber Threats & Defense

IBM’s Warshipping Attacks Wi-Fi Networks From Afar (Infosecurity Magazine, Aug 07 2019)
You’ve heard about wardriving, but what about warshipping? Researchers at IBM X-Force Red have detailed a new tactic that they say can break into victims’ Wi-Fi networks from far.

Election systems by leading vendor connected to internet in some states, researchers find (SC Magazine, Aug 09 2019)
Despite claims by voting machine makers and election officials that election systems are immune to hackers because they’re not connected to the internet, the Election Systems & Software voting systems in 10 states, some of them swing states, were found to be just that – connected, a team of security researchers found.

Vulnerability Has Been Lurking in Avaya Phones for 10 Years (SecurityWeek, Aug 09 2019)
A security vulnerability discovered and patched 10 years ago has remained unaddressed in various Avaya phones until recently, McAfee security researchers have discovered. 

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

State Farm Reports Credential-Stuffing Attack (Dark Reading, Aug 09 2019)
The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.

Rethinking Website Spoofing Mitigation (Dark Reading, Aug 07 2019)
Deception technology is evolving rapidly, making it easier for organizations to turn the tables on their attackers. Here’s how.

Security flaw could turn load balancers into beachheads for cyber attacks (Help Net Security, Aug 09 2019)
Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product.

Critical holes plugged in Cisco 220 Series smart switches (Help Net Security, Aug 07 2019)
Cisco has fixed three vulnerabilities in its Cisco 220 Series smart switches and is urging owners to upgrade their firmware as soon as possible.

#BHUSA: Defending Against Morphing DDoS with SODA (Infosecurity Magazine, Aug 08 2019)
F5 Labs researchers release a new open source tool and model to help organizations prepare for and defend against an emerging form of disruptive attack.

#BHUSA: Phishing Attacks Categorized as Extreme, Boutique and Bulk (Infosecurity Magazine, Aug 08 2019)
Reclassifying phishing attacks, and the ways to help users spot them

Microsoft puts another nail in VBScript coffin (Naked Security – Sophos, Aug 08 2019)
Listen up, VBScript fans: your favourite scripting language’s days are numbered.

Destructive malware attacks double as attackers pair ransomware with disk wipers (SC Magazine, Aug 08 2019)
IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. These malware attacks typically incorporated a disk wiper component to them.

Repurposing Mac Malware Not Difficult, Researcher Shows (SecurityWeek, Aug 09 2019)
Repurposing Mac malware is not a difficult task for someone with reverse-engineering skills, and it’s a far simpler approach compared to writing malware from scratch, a researcher has demonstrated.

How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace (Wired, Aug 09 2019)
At Defcon this week, security researcher Mike Davis will show how he can pick the lock of an ATM safe in no time, thanks to its electric leaks.

Ongoing Campaign Spoofs Walmart, Dating, Movie Sites (Dark Reading, Aug 06 2019)
A new investigation detects more than 540 domain names linked to the Walmart brand and camouflaged as career, dating, and entertainment websites.

Mimecast Rejected Over 67 Billion Emails. Here’s What It Learned (Dark Reading, Aug 06 2019)
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.

Recovering Wi-Fi Password via Dragonblood Attack Costs $1 of Computing Power (SecurityWeek, Aug 06 2019)
Some of the mitigations recommended by the Wi-Fi Alliance in response to Dragonblood, a set of WPA3 vulnerabilities that can be exploited to obtain a Wi-Fi network’s password, are not efficient in preventing attacks, and launching an attack is much cheaper than initially estimated.

Ransomware Shifts Focus from Consumers to Businesses (Dark Reading, Aug 08 2019)
In addition, ransomware seems likely to continue its evolution in the second half of 2019.

Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says (Dark Reading, Aug 07 2019)
Boeing disputes IOActive findings ahead of security firm’s Black Hat USA presentation.

New Windows Process Injection Can Be Useful for Stealthy Malware (SecurityWeek, Aug 08 2019)
Researchers at SafeBreach, a cybersecurity firm that specializes in breach and attack simulations, have catalogued most known Windows process injection techniques. They also discovered a new method, which they claim is stealthy and can bypass all protections implemented by Microsoft.

Network Shares Are a Primary Target for Ransomware (SecurityWeek, Aug 07 2019)
The evolution of ransomware from high volume, low return, spray and pray consumer attacks to lower volume, high value, targeted attacks against business is well documented. The intent now is not to simply encrypt local files, but to find and encrypt network shares in order to inflict the greatest harm in the shortest time.