A Review of the Best News of the Week on Cyber Threats & Defense

Five strategies to stop Magecart (SC Magazine, Aug 26 2019)
The success of these Magecart campaigns comes from attackers picking the weakest link of a web supply chain: infecting third-party code suppliers rather than infecting target companies’ own code. With this methodology, attackers breach a small company with lesser security and inject their malicious code into a script that is sourced to multiple other companies.

Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs (Help Net Security, Aug 26 2019)
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations.

NotPetya Ushered In a New Era of Malware (VICE, Aug 26 2019)
EternalBlue and NotPetya through the eyes of influence. In the summer of 2017, a software update for a popular Ukrainian accounting software pushed malware onto systems of companies doing business in Ukraine. The attack stopped life in Ukraine and crippled the Western logistics supply chain, hitting shipping giant Maersk, postal company FedEx, and the Port of Rotterdam. That was just the beginning effect of a chain reaction, masterminded by the Kremlin.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Webmin Backdoored for Over a Year (SecurityWeek, Aug 19 2019)
Webmin, the open source web-based interface for managing Linux and UNIX systems, contained a remote code execution vulnerability for more than a year and it’s believed to be an intentional backdoor.

This trojan malware being offered for free could cause hacking spike (ZDNet, Aug 21 2019)
NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Windows users.

Human Error Caused 52 Percent of Cybersecurity Incidents in the Industrial Sector in 2018 (Security Magazine, Aug 26 2019)
The most common types of vulnerabilities within industrial control systems:
Misconfigurations (34.7 percent)
Vulnerabilities, patches and updates (26.7 percent)
Identity and access management (12.9 percent)
Insecure services enabled (7.9 percent)
Architecture and network segmentation (7.9 percent)
Encryption and authentication (5.9 percent)
Other (2 percent)

Account Takeover Cases Hitting UK Courts Soar 57% (Infosecurity Magazine, Aug 21 2019)
KPMG fraud report warns of increasing professionalization of cybercrime

Fake VPN and office software websites spread Bolij.2 banking trojan (SC Magazine, Aug 20 2019)
Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers.

Internet-Exposed Sphinx Servers at Risk of Attacks (SecurityWeek, Aug 21 2019)
All Sphinx servers that are exposed to the Internet are prone to abuse by cybercriminals, as they can be accessed by anyone, CERT-Bund warns.

Google Finds 20-Year-Old Microsoft Windows Vulnerability (Schneier on Security, Aug 21 2019)
There’s no indication that this vulnerability was ever used in the wild, but the code it was discovered in — Microsoft’s Text Services Framework — has been around since Windows XP….

Phoning Home’: Your Latest Data Exfiltration Headache (Dark Reading, Aug 21 2019)
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.

Identifying evasive threats hiding inside the network (Help Net Security, Aug 21 2019)
The most important step is to correlate all this data. The signs of an evasive intruder will often be too subtle if data sets are viewed in isolation, and many patterns of suspicious behavior are only apparent with a unified view.

DLL Hijacking Flaw Found in Bitdefender Antivirus Free 2020 (SecurityWeek, Aug 22 2019)
A DLL hijacking vulnerability affecting Bitdefender Antivirus Free 2020 could have been exploited for privilege escalation and other malicious purposes, SafeBreach researchers revealed on Wednesday.

New Malware Variant Targets Old Adobe, Office Vulnerabilities (Dark Reading, Aug 22 2019)
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.

Syrk ransomware comes disguised as Fortnite cheat tool to ambush gamers (SC Magazine, Aug 23 2019)
Cybercriminals have set a trap for Fortnite gamers, creating a ransomware program that comes disguised as a cheat hack, but actually encrypts files and then deletes them every two hours unless the victim pays up.

Remote Code Execution Flaws Impact Aspose APIs (SecurityWeek, Aug 22 2019)
Vulnerabilities that Cisco Talos security researchers have discovered in various Aspose APIs could allow a remote attacker to execute code on affected machines.

Fortifying Supply Chain Cybersecurity (Gartner Blog Network, Aug 16 2019)
At the same time, while the NIST CSF update offers direction on the “how” of protection, we are starting to understand more deeply the “what” that supply chain is trying to protect. We now have significant quantitative data that tells us that leaders are working to mitigate the risks. Given the complexity and fragmentation of the threat vectors, we see a definite deployment curve in risk mitigation approaches.

Five vendors accounted for 24.1% of vulnerabilities in 2019 so far (Help Net Security, Aug 26 2019)
Risk Based Security reported today that VulnDB aggregated 11,092 vulnerabilities with disclosure dates during the first half of 2019, with CVE/NVD falling behind by 4,332 entries, according to their 2019 Mid-Year Vulnerability QuickView Report.