A Review of the Best News of the Week on Cyber Threats & Defense

SQL Injection Errors No Longer the Top Software Security Issue (Dark Reading, Nov 27 2019)
In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.
[1] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
[2] CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
[3] CWE-20 Improper Input Validation
[4] CWE-200 Information Exposure
[5] CWE-125 Out-of-bounds Read
[6] CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Exploit kits are slowly migrating toward fileless attacks (ZDNet, Nov 27 2019)
Three out of the nine exploit kits active today are using fileless attacks to infect victims.

A decade of hacking: The most notable cyber-security events of the 2010s (ZDNet, Dec 02 2019)
ZDNet takes a look over the most important data breaches, cyber-attacks, and malware strains of the last decade.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Nursing Home Patients at Risk After Ransomware Attack (Infosecurity Magazine, Nov 26 2019)
CEO claims lives could be at risk following $14m demand

New Technique Allows Ransomware to Operate Undetected (SecurityWeek, Nov 25 2019)
Dubbed RIPlace, the technique allows malware to bypass defenses using the legacy file system “rename” operation, and the security researchers say it is effective even against systems that are timely patched and run modern antivirus solutions.

Security Giant Prosegur Struck by Ransomware (Infosecurity Magazine, Nov 29 2019)
Websites went down as rapid containment began

Accelerate your business without compromising security – API security best practices (SC Magazine, Dec 02 2019)
With the rise of APIs also comes the potential for more security holes, meaning coders need to understand the risk to keep corporate and customer data safe. According to Gartner, by 2022, API abuses will be the most–frequent attack vector for enterprise web applications data breaches. It is no wonder that many IT decision makers today are concerned about API security.

Official: Russian-Owned Company Attempted Ohio Election Hack (SecurityWeek, Dec 02 2019)
Ohio detected and thwarted an election-related cyber attack earlier this month, the state’s elections chief said. Republican Secretary of State Frank LaRose said the “relatively unsophisticated” hacking attempt on Nov. 5, which was Election Day, originated in Panama but was traced to a Russian-owned company.

Dexphot Malware Uses Randomization, Encryption, and Polymorphism to Evade Detection (SecurityWeek, Nov 27 2019)
Malware that Microsoft has been tracking for over a year has been leveraging numerous techniques for evasion, including random file names, fileless installation, and polymorphism.

Palo Alto Networks employee data breach highlights risks posed by third party vendors (Graham Cluley, Nov 29 2019)
The personal details of some past and present Palo Alto Networks employees – their names, dates of birth and social security numbers – have been exposed online. But is it really the company’s fault?

A Pennsylvania County’s Election Day Nightmare Underscores Voting Machine Concerns (The New York Times, Dec 02 2019)
How “everything went wrong” in Northampton County.

Port cybersecurity: Safeguarding operations against cyber attacks (Help Net Security, Nov 27 2019)
-Enforce the technical cybersecurity basics, like network segregation, updates management, password hardening, segregation of rights, etc.
-Consider security by design in applications, especially as ports use many systems, some of which are opened to third parties for data exchange.
-Enforce detection and response capabilities at port level to react as fast as possible to any cyberattack before it impacts port operation, safety or security.

Hotels Under Attack as Guest Data is Swiped from Front Desks (Infosecurity Magazine, Nov 29 2019)
Kaspersky warns of mounting global RevengeHotels campaign