A Review of the Best News of the Week on Cyber Threats & Defense

Avast breached by hackers who wanted to compromise CCleaner again (Help Net Security, Oct 21 2019)
Czech security software maker Avast has suffered another malicious intrusion into their networks, but the attackers didn’t accomplish what they apparently wanted: compromise releases of the popular CCleaner utility.

NordVPN confirms it was hacked (TechCrunch, Oct 21 2019)
NordVPN told TechCrunch that one of its data centers was accessed in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider, which NordVPN said it was unaware that such a system existed.

Connecting the dots: Exposing the arsenal and methods of the Winnti Group (WeLiveSecurity, Oct 21 2019)
ESET researchers describe updates to the malware arsenal and campaigns of the Winnti Group known for its supply-chain attacks.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Chrome rolls out new protections preventing password and data theft (Ars Technica, Oct 17 2019)
Site isolation debuts in Android Chrome while desktop versions extend it to new fronts.

Glitching: The Hardware Attack that can Disrupt Secure Software (Dark Reading, Oct 18 2019)
Glitching (or fault-injection) attacks aren’t easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.

Cozy Bear Emerges from Hibernation to Hack EU Ministries (Dark Reading, Oct 17 2019)
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.

Hackers Could Have Hijacked Trump Campaign Email Server: Researchers (SecurityWeek, Oct 18 2019)
The issue was related to Laravel, a popular open source PHP web application framework. The framework includes a debug mode that allows developers to find errors and misconfigurations on their websites.

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks (SC Magazine, Oct 17 2019)
Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic.

Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser (WeLiveSecurity, Oct 18 2019)
ESET researchers discover a trojanized Tor Browser distributed by cybercriminals to steal bitcoins from darknet market buyers

Tamper Protection prevents malware from disabling Microsoft Defender AV (Help Net Security, Oct 15 2019)
Microsoft Defender, the anti-malware component of Microsoft Windows, has been equipped with a new protective feature called Tamper Protection, which should prevent malware from disabling it.

Fake company pushes phony cryptocurrency app to spread Mac malware (SC Magazine, Oct 15 2019)
It appears North Korean hackers have revisited a tried-and-true scheme to attack Mac owners who work at cryptocurrency exchanges: creating a fake company and corresponding cryptocurrency trading app that actually infects users with malware.

WAV files spotted delivering malicious code (Help Net Security, Oct 16 2019)
Attackers have embedded crypto-mining and Metasploit code into WAV audio files to stymie threat detection solutions.

Pen testers find mystery black box connected to ship’s engines (Naked Security – Sophos, Oct 17 2019)
It turned out that the box had been put there legitimately for monitoring fuel and engine efficiency by a third party some years before, forgotten about, but left running despite the arrangement having ended.

Adding a Hardware Backdoor to a Networked Computer (Schneier on Security, Oct 18 2019)
Interesting proof of concept: At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access….

We asked a hacker to try and steal a CNN tech reporter’s data. Here’s what happened (CNN, Oct 19 2019)
I thought my social media posts merely betrayed my desperate need for attention and likes. It turns out, though, that they’re also a goldmine for hackers.