A Review of the Best News of the Week on Cyber Threats & Defense

Attackers exploit an iTunes zeroday to install ransomware (Ars Technica, Oct 10 2019)
Apple patches actively exploited flaw that let ransomware crooks evade AV protection.

McAfee, IBM join forces for global open source cybersecurity initiative (Tech Republic, Oct 10 2019)
IBM, McAfee and international consortium OASIS are coming together to offer the world a way to develop open source security technologies.

FBI: Phishing Can Defeat Two-Factor Authentication (Dark Reading, Oct 11 2019)
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim’s browser into a credential-stealing zombie.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Magecart Skimmers Spotted on 2M Websites (Dark Reading, Oct 07 2019)
Researchers say supply chain attacks are responsible for the most significant spikes in Magecart detections.

Needles in a haystack: Picking unwanted UEFI components out of millions of samples (WeLiveSecurity, Oct 08 2019)
ESET experts describe how they trained a machine-learning model to recognize a handful of unwanted UEFI components within a flood of millions of harmless samples

Leveraging DNS to Enhance Your Networks Security (PerezBox, Oct 07 2019)
This article will introduce the concept of a DNS Firewall (Protective DNS) and encourage you to think of it as an additional layer in your security governance program.

NSA Issues Advisory on VPN Vulnerability Trio (Dark Reading, Oct 08 2019)
Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory.

Microsoft NTLM vulnerabilities could lead to full domain compromise (Help Net Security, Oct 10 2019)
Preempt researchers have discovered two vulnerabilities that may allow attackers to bypass a number of protections and mitigations against NTLM relay attacks and, in some cases, to achieve full domain compromise of a network.

Attackers Hide Behind Trusted Domains, HTTPS (Dark Reading, Oct 10 2019)
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.

Flaw in Cyberoam firewalls exposed corporate networks to hackers (TechCrunch, Oct 10 2019)
Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password.

BEC explodes as attackers exploit email’s identity crisis (Valimail, Oct 08 2019)
The Summer 2019 Email Fraud Landscape report shows that despite a 5X increase in the number of DMARC records worldwide, there is still a long way to go. DMARC, even when it’s used, is usually not deployed with an enforcement policy (one that directs mail receivers to keep unauthenticated email out of recipients’ inboxes).

University to Create New Cybersecurity Approach Inspired by the Human Body (Infosecurity Magazine, Oct 08 2019)
A cyber-safety method modeled on the human nervous system is being developed in Arizona

Code Execution Vulnerability Impacts NSA Reverse Engineering Tool (SecurityWeek, Oct 08 2019)
Developed by the NSA’s Research Directorate for the agency’s cybersecurity missions, Ghidra is designed to help with malware analysis. The framework supports multiple platforms, including Windows, macOS, and Linux, and was released in open source earlier this year.

At the end of September, security researchers discovered a vulnerability in the tool that could allow an attacker to execute arbitrary code within the context of the affected application.

Majority of IT departments leave major holes in their USB drive security (Help Net Security, Oct 09 2019)
The report indicated that even though 87% of organizations use USB drives, the majority of IT departments aren’t implementing tools to manage USB device usage. For example:
Nearly 6 out of 10 organizations (58%) do not use port control / whitelisting software to manage USB device usage.

#DTXEurope: Defense Now Far Harder Than Attack, Warns Security Researcher (Infosecurity Magazine, Oct 10 2019)
‘Samy’ MySpace worm creator discusses the difficulties of defending against attacks

Ransomware Attacks ‘Getting Bolder’: Europol (SecurityWeek, Oct 10 2019)
Global ransomware attacks are on the decline, but such malicious cyber strikes are getting bolder and homing in on more profitable companies, with data encryption a key target, Europe’s police agency said Wednesday.

Researchers may have found a way to trace serial IP hijackers (Help Net Security, Oct 14 2019)
Hijacking IP addresses is an increasingly popular form of cyberattack. This is done for a range of reasons, from sending spam and malware to stealing Bitcoin. It’s estimated that in 2017 alone, routing incidents such as IP hijacks affected more than 10 percent of all the world’s routing domains.

Microsoft and NIST Team Up on Patching Guide (Infosecurity Magazine, Oct 14 2019)
Initiative will produce common reference architectures and processes

Soldering spy chips inside firewalls is now a cheap hack, shows researcher (Naked Security – Sophos, Oct 14 2019)
The tiny ATtiny85 chip doesn’t look like the next big cyberthreat facing the world, but sneaking one on to a firewall motherboard would be bad news for security were it to happen.

COMpfun successor Reductor infects files on the fly to compromise TLS traffic (Securelist, Oct 14 2019)
“In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. We called these new modules ‘Reductor’ after a .pdb path left in some samples.”