Tuesday, April 23, 2019
Internet Storm Center Infocon Status

LATEST

Demonstration Showcase Brings DevOps to Interop19

Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
isBuzz

What Home Buying Can Teach Us About Continuous Monitoring

Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...
Security Weekly

Hacking for Lazy People – Application Security Weekly #58

This week, we welcome Thomas Hatch, the creator of the Salt open source software project, and is the CTO of SaltStack, the company behind Salt! In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file...
We Live Security

WannaCryptor ‘accidental hero’ pleads guilty to malware charges

Marcus Hutchins, who is best known for his inadvertent role in blunting the WannaCryptor outbreak two years ago, may now face a stretch behind bars The post WannaCryptor ‘accidental hero’ pleads guilty to malware charges appeared first on WeLiveSecurity
Security Weekly

Hack Naked News #215 – April 23, 2019

This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of...
The CyberWire Podcast

ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.

ISIS claims responsibility for the Sri Lankan bombings. The government maintains its declared state of emergency, and has arrested at least forty in the course of its investigation. Check Point describes a spearphishing campaign against embassies in Europe. It’s...

Dutch NCSC Releases Updated TLS Guidelines

Original release date: April 23, 2019The Dutch National Cyber Security Centre (NCSC) has published an update to their Transport Layer Security (TLS) protocol guidelines, which aim to improve TLS configuration security.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users...

City of Stuart Still Recovering from Ryuk Ransomware Attack

Officials are investigating an April 13 ransomware attack that targeted Stuart's city servers and forced it offline.
ZDNet

Academics hide humans from surveillance cameras with 2D prints

Couple it with some snazzy eyeglasses and you can become invisible to modern AI-powered surveillance systems.
SC Magazine

Flashpoint: Our site was not dishing malware

Flashpoint came out swinging today against an independent researcher who reported that the security company’s public-facing website was serving malware. In what Flashpoint called an “after action report,” the company denied the website was itself infected with malware, but did...
The Hacker News

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in...
SC Magazine

Washington state legislature passes data breach law, but punts on privacy law

The Washington state legislature went one-for-two this month in its attempt to pass major data breach and privacy regulations. Yesterday, lawmakers unanimously passed HB 1071, which firms up and expands requirements for public breach notifications, but the state apparently...

App Exposes Wi-Fi Credentials for Thousands of Private Networks

A database used by WiFi Finder was left open and unprotected on the Internet.

Exploits for Adobe Vulnerabilities Spiked in 2018

With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.

When Every Attack Is a Zero Day

Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
The Security Ledger

Podcast Episode 143: Tufin’s IPO with CEO Ruvi Kitov and Capsule8 on securing Linux at Scale

Tufin (TUFN) became the latest cyber security firm to have an initial public offering. In our first segment, we speak to its co-founder and CEO Reuven Kitov. Also: as more and more applications and workloads shift to the cloud,...
FireEye

CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis

In the previous installment, we wrote about how string hashing was used in CARBANAK to manage Windows API resolution throughout the entire codebase. But the authors used this same string hashing algorithm for ...
SC Magazine

WordPress Social Warfare plugin vulnerabilities abused in the wild

About 42,000 websites have not updated to the latest version of the Social Warfare WordPress plugin, leaving themselves open to a pair of vulnerabilities that are being exploited in the wild. Palo Alto’s Unit 42 research team is reporting that...
DHS

Fujifilm FCR Capsula X/Carbon X

This medical advisory includes mitigations for uncontrolled resource consumption and improper access control vulnerabilities reported in Fujifilm’s FCR Capsula X and Carbon X Computed Radiography cassette readers.
SecurityWeek

Kaspersky Links ShadowHammer Supply-Chain Attack to ShadowPad Hackers

The sophisticated supply-chain attack called Operation ShadowHammer that targeted ASUS users can be linked to the "ShadowPad" threat actor and the CCleaner incident, Kaspersky Lab’s security researchers say.  read more
DHS

Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers

This advisory includes mitigations for an open redirect vulnerability reported in Rockwell Automation’s MicroLogix 1400 and CompactLogix 5370 controllers.
The Security Ledger

Drive-By Malware Uses Google Sites for Drive by Download Attacks

New malware, LoadPCBanker, is leveraging Google's Sites to spread via drive-by download attacks, according to a new report. Companies are advised to block uploads and downloads from the service. The post Drive-By Malware Uses Google Sites for Drive by...
SecurityWeek

Banking Trojan Drive-by Download Leverages Trust in Google Sites

Brazilian hackers have developed a drive-by download attack leveraging the inherent trust in the Google name. A banking trojan known as LoadPCBanker is deployed using the file cabinets template in Google sites as a delivery vehicle. read more
SecurityWeek

Shifting to DevSecOps Is as Much About Culture as Technology and Methodology

This move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams.  read more
ZDNet

Malicious lifestyle apps found on Google Play, 30 million installs recorded

The adware-laden apps attempt to lure victims into installing additional software.
559FollowersFollow

LEADERS

Bruce Schneier

G7 Comes Out in Favor of Encryption Backdoors

From a G7 meeting of interior ministers in Paris this month, an "outcome document": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access...
Brian Krebs

Who’s Behind the RevCode WebMonitor RAT?

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product...
Bruce Schneier

Excellent Analysis of the Boeing 737 MAX Software Problems

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a...
Brian Krebs

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping...
Bruce Schneier

Friday Squid Blogging: New Squid Species off the New Zealand Coast

There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.