A Review of the Best News of the Week on Cyber Threats & Defense
New election systems use vulnerable software (AP NEWS, Jul 15 2019)
An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.
Apple quietly removes Zoom’s hidden web server from Macs (Naked Security – Sophos, Jul 15 2019)
In the latest twist in the saga of the web-conferencing app, Apple has issued a ‘silent’ update removing Zoom’s hidden web server from Macs.
Buhtrap group uses zero‑day in latest espionage campaigns (WeLiveSecurity, Jul 11 2019)
ESET research reveals notorious crime group also conducting espionage campaigns for the past five years. The Buhtrap group is well known for its targeting of financial institutions and businesses in Russia. However, since late 2015, we have witnessed an interesting change in its traditional targets. From a pure criminal group perpetrating cybercrime for financial gain, its toolset has been expanded with malware used to conduct espionage in Eastern Europe and Central Asia.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
U.S. Coast Guard Issues Cybersecurity Warnings for Commercial Vessels (SecurityWeek, Jul 09 2019)
The U.S. Coast Guard on Monday issued a safety alert advising commercial vessel owners and operators to ensure that effective cybersecurity measures are in place to protect the network and important control systems on their ships.
Vulnerability Found in GE Anesthesia Machines (Dark Reading, Jul 10 2019)
GE Healthcare has released a statement claiming the bug is not in the machine itself and does not pose direct risk to patients.
DOE, Industry Collaborate to Defend Power Utilities (Infosecurity Magazine, Jul 08 2019)
Industry partners work with DOE to improve cybersecurity of critical infrastructure.
New Ransomware Targets QNAP’s Network-Attached Storage Devices (Dark Reading, Jul 10 2019)
More than 19,000 systems in the US are potentially at risk from eCh0raix.
Sea Turtle DNS hijackers linked to breach of Greece’s ccTLD organization (SC Magazine, Jul 10 2019)
The group made waves last April when researchers at Cisco’s Talos unit reported that the attackers have been compromising internet and DNS service providers in order to reroute some of their clients’ website visitors to a malicious man-in-the-middle server. This server, which spoofs the legitimate website or online service, secretly captures these visitors’ website credentials so they can be harvested. Targeted customers have primarily consisted of Middle Eastern and North African government institutions, military units and energy organizations. In a new report, Talos revealed that the same group, from April 19 – 24, accessed the network of The Institute of Computer Science of the Foundation for Research and Technology – Hellas (ICS-Forth), the organization that oversees the ccTLD for Greece.
New eCh0raix ransomware now hitting QNAP NAS drives (SC Magazine, Jul 10 2019)
Anomali has unveiled a new ransomware variant that is targeting network attached storage (NAS) devices made by QNAP Systems.
Multi-stage attack techniques are making network defense difficult (Help Net Security, Jul 15 2019)
One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet.
Attacks in Turkey Used Excel Formula Injection (Infosecurity Magazine, Jul 12 2019)
Malicious spam attacks on Turkish organizations flew under the radar.
Bust the password for an air-gapped machine – with its keyboard LEDs (Naked Security – Sophos, Jul 15 2019)
Researchers have developed a technique for reading data from air-gapped PCs using LEDs. Cue dynamic hacker music now!