A Review of the Best News of the Week on Cyber Threats & Defense

Malware Linked to Ryuk Targets Financial & Military Data (Dark Reading, Sep 13 2019)
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.

Intel: SSH-stealing NetCAT bug not really a problem (Naked Security – Sophos, Sep 13 2019)
There’s another vulnerability in Intel chips, with another catchy name: NetCAT.

North Korean Hackers Use New Tricks in Attacks on U.S. (SecurityWeek, Sep 12 2019)
Hackers linked to North Korea have been targeting entities in the United States using evasion techniques that involve an uncommon file format, U.S.-based business compromise intelligence startup Prevailion reported on Wednesday.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

New clues show how Russia’s grid hackers aimed for physical destruction (Ars Technica, Sep 14 2019)
2016 Russian cyberattack on Ukraine intended to cause far more damage than it did.

Cyber risk assessment of U.S. election commissions finds critical areas for improvement (Help Net Security, Sep 12 2019)
During the July assessment, 27 commissions received a C grade or worse with all commissions averaging a D- for the management of security and other update patches for their operating systems. The second scan in August found that 43 of 56 commissions earned an A or B for their security posture.

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group (WeLiveSecurity, Sep 16 2019)
Analysis of a backdoor linked to Stealth Falcon, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East

Preventing GPS spoofing is hard—but you can at least detect it (Ars Technica, Sep 12 2019)
This GPS spoofing defense software looks promising, but it’s short on detail.

Office 365 security: Automated incident response based on playbooks (Help Net Security, Sep 10 2019)
Five months after introducing Automated Incident Response in Office 365 ATP, Microsoft has announced it’s making it more widely available. Customers who have opted for Office 365 ATP Plan 2, Office 365 E5 or Microsoft 365 E5 Security will now be able to make their SecOps team’s work easier through the use of security playbooks.

Critical TLS flaw opens Exim servers to remote compromise (Naked Security – Sophos, Sep 10 2019)
A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admins’ urgent attention.

Third-Party Features Leave Websites More Vulnerable to Attack (Dark Reading, Sep 10 2019)
A new report points out the dangers to customer data of website reliance on multiple third parties.

How Ethical Hackers Find Weaknesses and Secure Businesses (Infosec Island, Sep 11 2019)
Approaching your currently implemented security as a target to beat or bypass is the strongest and fastest way to find any flaws that may already exist.

Credential Leaking Vulnerabilities Impact Comba, D-Link Routers (SecurityWeek, Sep 12 2019)
Trustwave security researchers have discovered five new credential leaking vulnerabilities, two in a D-Link DSL modem and three in multiple Comba Telecom WiFi devices.

Indictments Do Little to Stop Iranian Group from New Attacks on Universities (Dark Reading, Sep 12 2019)
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.

North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants (Dark Reading, Sep 12 2019)
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.

APIs Get Their Own Top 10 Security List (Dark Reading, Sep 12 2019)
OWASP’s new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.

InnfiRAT malware hunts for cryptocurrency info, browser cookie data (SC Magazine, Sep 13 2019)
Researchers have discovered a previously unknown remote access trojan called InnfiRAT, capable of data exfiltration and digital spying. InnfiRAT searches for users’ cryptocurrency wallet information (Bitcoin and Litecoin included), and steals browser cookie data in order to obtain victims’ usernames, passwords and session data.

Sophos Makes Sandboxie Free in Transition to Open Source (SecurityWeek, Sep 13 2019)
Sophos removed the license check and activation requirements from Sandboxie, essentially making the isolation tool free.