A Review of the Best News of the Week on Cyber Threats & Defense
CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency (Graham Cluley, Sep 18 2019)
the macOS-based malware can steal browser cookies from users’ Google Chrome and Apple Safari browsers. Specifically, cookies associated with the following cryptocurrency exchanges…The cookies are grabbed from the infected user’s browser, zipped up and then uploaded to a remote server under the control of the criminals.
Hotel websites infected with skimmer via supply chain attack (SC Magazine, Sep 18 2019)
A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out their online booking functionality is through a library module called “viewedHotels,” which saves viewed hotel information in visitors’ browser cookies.
WeWork’s Wi-Fi Exposed Files, Credentials, Emails (Dark Reading, Sep 20 2019)
For years, sensitive documents and corporate data have been easily viewable on the coworking space’s open network.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Most Port Vulnerabilities Are Found in Three Ports (Infosecurity Magazine, Sep 17 2019)
It claimed that 65% of vulnerabilities it found in Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports are linked to SSH (22/TCP), HTTPS (443/TCP) and HTTP (80/TCP).
Emotet Returns, Spreads via Hijacked Email Conversations (SecurityWeek, Sep 18 2019)
Also referred to as Geodo, Emotet emerged as a banking Trojan, but has evolved into stealing other types of sensitive information and into becoming a downloader for other malware families, such as the TrickBot Trojan and Ryuk ransomware.
Server-squashing zero-day published for phpMyAdmin tool (Naked Security – Sophos, Sep 20 2019)
A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages.
Researchers uncover 125 vulnerabilities across 13 routers and NAS devices (Help Net Security, Sep 16 2019)
In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices.
Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access (SC Magazine, Sep 16 2019)
Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system
Warner presses CBP on security best practices for third-party contractors (SC Magazine, Sep 16 2019)
After photos of travelers and vehicles crossing U.S. borders were nicked from a Customs and Border Patrol (CBP) subcontractor through a cyberattack, and Suprema BioStar 2 exposed more than 1 million fingerprint records along with facial recognition information and other sensitive data, Sen. Mark Warner, D-Va., pressed CBP for details on how it ensures third-party contractors are following security best practices.
DNSSEC fueling new wave of DNS amplification attacks (Help Net Security, Sep 18 2019)
“Due to the long responses they generate, attackers often abuse DNSSEC to launch amplification attacks that clog victim networks and hosts, which will remain a significant threat in the future.”
Clever New DDoS Attack Gets a Lot of Bang for a Hacker’s Buck (Wired, Sep 18 2019)
By exploiting the WS-Discovery protocol, a new breed of DDoS attack can get a huge rate of return.
A Beginner’s Guide to Microsegmentation (Dark Reading, Sep 20 2019)
In a world in which the data center perimeter has all but evaporated, traditional segmentation no longer is enough. Enter microsegmentation. Here’s what organizations need to do to maximize the benefits of this improved security architecture.
Key threats and trends SMB IT teams deal with (Help Net Security, Sep 20 2019)
The global survey, which polled 500 IT professionals across North America and Europe, also showed that top security concerns remain consistent year over year with 54 percent of IT professionals ranking malware as their number one security concern, followed by ransomware (46 percent) and employee behavior (44 percent).
How important is packet capture for cyber defense? (Help Net Security, Sep 23 2019)
“They had shorter breach detection and response time and they had more confidence in their workflows and processes,” and “…this creates a very strong story for the use of packet capture as one of the staples in the security program.”