A Review of the Best News of the Week on Cyber Threats & Defense
The Rise of “Bulletproof” Residential Networks (Krebs on Security, Aug 19 2019)
“Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers. But this story is about so-called “bulletproof residential VPN services” that appear to be built by purchasing or otherwise acquiring discrete chunks of Internet addresses from some of the world’s largest ISPs and mobile data providers.”
Formjacking Now Accounts For Most Web Breaches (Infosecurity Magazine, Aug 16 2019)
Magecart and similar attacks siphon payment details direct from websites
Threat actors are adapting and switching their operations strategically and technically (Help Net Security, Aug 16 2019)
Cybercrime campaigns and high-profile advanced persistent threat groups are shifting how they target victims and focusing more on intricate relationships with “secure syndicate” partnerships to disguise activity, according to the latest 2019 Cyber Threatscape Report from Accenture.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
HTTP/2 Implementation Vulnerabilities Expose Servers to DoS Attacks (SecurityWeek, Aug 14 2019)
Researchers at Netflix and Google have discovered a total of eight denial-of-service (DoS) vulnerabilities affecting various HTTP/2 implementations, including from major tech companies such as Amazon, Apple, Facebook and Microsoft.
New Research Finds More Struts Vulnerabilities (Dark Reading, Aug 15 2019)
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known — and new — vulnerabilities.
Ransomware Attack Hits Local Governments In Texas (KUT , Aug 18 2019)
Update: The number of local government entities in Texas affected by a ransomware attack is now up to 23. In a release Saturday afternoon , the Texas
European Central Bank shuts down website following hack, data theft (Help Net Security, Aug 19 2019)
The European Central Bank (ECB) confirmed on Thursday that its Banks’ Integrated Reporting Dictionary (BIRD) website has been compromised by attackers and taken down until the situation is brought under control. The compromise may have resulted in the attackers harvesting the email addresses, names and position titles of 481 subscribers to the BIRD newsletter, but not their passwords.
Security Flaws Discovered in 40 Microsoft-Certified Device Drivers (Dark Reading, Aug 12 2019)
Attackers can use vulnerable drivers to escalate privilege and execute malicious code in every part of the system.
Hackers Can Hurt Victims with Noise (Dark Reading, Aug 12 2019)
Research presented at DEF CON shows that attackers can hijack Wi-Fi- and Bluetooth-connected speakers to produce damaging sounds.
Researchers Show How SQLite Can Be Modified to Attack Apps (Dark Reading, Aug 12 2019)
New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says.
Unsolicited Blank Emails Could Portend BEC Attacks (Infosecurity Magazine, Aug 13 2019)
Agari warns organizations to be on the lookout for reconnaissance efforts
Saefko RAT peeks at browser histories to help adversaries form optimal attack plan (SC Magazine, Aug 12 2019)
Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information.
Cloud Atlas’ Cyberspies Use Polymorphic Malware in Government Attacks (SecurityWeek, Aug 12 2019)
The Cloud Atlas threat group has continued conducting cyber espionage operations and its recent attacks have involved a new piece of polymorphic malware.
A look at the Windows 10 exploit Google Zero disclosed this week (Ars Technica, Aug 15 2019)
This privilege escalation vulnerability has lurked within Windows for 20 years.
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace? (Dark Reading, Aug 15 2019)
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
Security by Sector: Cyber-Attackers Targeting the Education System (Infosecurity Magazine, Aug 14 2019)
Education sector under threat from Adware, Trojans, ransomware and backdoors
Microsoft Warns of New Wormable RDP Flaw (Infosecurity Magazine, Aug 13 2019)
Three months after BlueKeep, there’s a new set of RDP vulnerabilities in town—and this time, they affect Windows 10.
Side-Channel Attack against Electronic Locks (Schneier on Security, Aug 14 2019)
Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring….
Cyber Command posts code from Electric Fish tunneling malware (SC Magazine, Aug 19 2019)
U.S. Cyber Command posted the code to the recently discovered tunneling malware called Electric Fish to VirustTotal. The move is part of Cyber Command’s on-going effort fight nation-state cyberattacks.
Organizations Expose Sensitive Data via Malware Analysis Sandboxes (SecurityWeek, Aug 19 2019)
Researchers at UK-based threat intelligence firm Cyjax have studied files submitted to three popular online malware analysis sandboxes and found that many of the publicly accessible files contain sensitive information