Threats & Defense – The Week’s Best News – 2019.09.09

A Review of the Best News of the Week on Cyber Threats & Defense
Cyber-security incident at US power grid entity linked to unpatched firewalls (ZDNet, Sep 09 2019) Hackers used a DoS flaw to reboot firewalls at an electric power grid operator for hours.

Cisco Releases Guides for Analyzing Compromised Devices (SecurityWeek, Sep 03 2019) Cisco has released new guides to help first responders collect forensic evidence from potentially compromised or tampered with IOS, IOS XE, ASA, and Firepower Threat Defense (FTD) devices.

Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool (Dark Reading:, Sep 06 2019) APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own.


One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn
TrickBot Tricks U.S. Users into Sharing their PIN Codes (SecurityWeek, Sep 02 2019) The threat actor behind the infamous TrickBot botnet has added new functionality to their malware to request PIN codes from mobile users, Secureworks reports.

Ransomware attack against the 2020 election could disrupt statewide voting databases (Washington Post, Sep 06 2019) Top government cybersecurity officials are worried that ransomware, which has wreaked havoc by locking up the computer networks of businesses, schools and police stations, could be used to sow chaos during the 2020 election.

U.S. Cyber Command Adds North Korean Malware Samples to VirusTotal (SecurityWeek, Sep 09 2019) The U.S. Cyber Command (USCYBERCOM) this week released 11 malware samples to VirusTotal, all of which appear related to the notorious North Korean-linked threat group Lazarus.

BlueKeep Exploit Added to Metasploit (SecurityWeek, Sep 09 2019) An initial public exploit targeting the recently addressed BlueKeep vulnerability in Microsoft Windows has been added to Rapid7’s Metasploit framework. 

Protecting accounts from credential stuffing with password breach alerting (Elie Bursztein, Aug 18 2019) Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and identity providers remain in the dark as to which accounts require remediation. In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried.

Attackers are exploiting vulnerable WP plugins to backdoor sites (Help Net Security, Sep 03 2019) A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the vulnerable installations, Wordfence’s Mikey Veenstra warns.

BMC vulnerabilities in Supermicro servers allow remote takeover, data exfiltration attacks (Help Net Security, Sep 03 2019) A slew of vulnerabilities affecting the baseboard management controllers (BMCs) of Supermicro servers could be exploited by remote attackers to gain access to corporate networks, Eclypsium researchers have discovered.

How to reduce the attack surface associated with medical devices (Help Net Security, Sep 03 2019) As the number of connected medical devices continues to rise, so does healthcare organizations’ attack surface. “Most medical devices available in the healthcare system today were not built with security in mind and it will take years until they are replaced (if they are at all) with next-generation devices,” says Leon Lerman, CEO and co-founder of Cynerio.

Zyxel Devices Can Be Hacked via DNS Requests, Hardcoded Credentials (SecurityWeek, Sep 03 2019) Multiple security vulnerabilities have been discovered by SEC Consult in various Zyxel devices, including flaws that involve sending unauthenticated DNS requests and hardcoded FTP credentials.

Phishing Campaign Uses SharePoint to Slip Past Defenses (Dark Reading, Sep 04 2019) Cybercriminals targeting financial institutions in the UK bypassed Symantec email gateway and other perimeter technologies.

Cybersecurity: One in five schools says students have broken into computer systems (ZDNet, Sep 06 2019) The findings come from a cybersecurity audit of more than 430 schools across the UK carried out by the National Cyber Security Centre (the cybersecurity arm of surveillance agency GCHQ) and the London Grid for Learning (LGfL).

Why Businesses Fail to Address DNS Security Exposures (Dark Reading, Sep 06 2019) Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. It’s time to get proactive.

New Technique Makes Passwords 14M Percent Harder to Crack, Nonprofit Claims (Dark Reading, Sep 05 2019) Tide’s method for protecting passwords splinters them up into tiny pieces and stores them on distributed nodes.

#GartnerSEC: Trends and ‘Mega Trends’ Include Cloud, Passwords and Business Strategies (Infosecurity Magazine, Sep 09 2019) Security controls are shifting, focus must shift to new forms of controls

Three Strategies to Combat Anti-Analysis and Evasion Techniques (SecurityWeek, Sep 06 2019) “What happens if our network is compromised?” is a question that security professionals have been asking for some time. But for a variety of reasons – ranging from network transformation efforts to more sophisticated attack methods – this question has now become, “how do we even know if our network has been compromised?” 

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group (WeLiveSecurity, Sep 09 2019) ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn