Inside | Real news, curated by real humans
Inside Security

Inside Security (Nov 21st, 2017)

David’s Take

Our top story today is some research from Palo Alto Networks about a group they call MuddyWater. It shows that malware authors are moving quickly and targeting their victims very precisely. The report shows that the authors also planted a “false flag” of another piece of malware on their control servers to divert attention from their actions, and how Palo Alto builds on the work of other research groups around the world. Threat hunting is a very collaborative business.

Happy holidays for those of you celebrating. Our next newsletter will arrive next Monday.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story

There have been various targeted attacks against Middle Eastern entities over the past six months by a group labeled MuddyWater, named as such because of attribution difficulties. The attacks have PowerShell exploits (that have been previously documented by other researchers) in common, along with similar document delivery mechanisms. What is worrisome is that attackers stole and modified a legitimate document from the compromised user account, crafted a malicious decoy Word macro document using this stolen document and sent it to the target recipient who might be expecting the email from the original account user before the real sender had time to send it.  – PALO ALTO NETWORKS RESEARCH

  • Email gray
  • Permalink gray

Attacks and vulnerabilities

The way Microsoft patched a recent security bug in its equation editor has made several security and software experts believe the company might have lost its source codeThe editor component was replaced with a newer version in 2007, but the older version is still packaged with newer Office versions for compatibility reasons. – BLEEPING COMPUTER

  • Email gray
  • Permalink gray

The Medical College of Wisconsin says it was recently hit with a data security breach, and thousands of patients’ confidential information may have been compromised after a spear phishing incident in July. Forensics weren't clear on whether any sensitive data was actually leaked to attackers. – MCW STATEMENT  (pdf)

  • Email gray
  • Permalink gray

The US CERT is warning of a flaw in Windows Address Space Layout Randomization that could allow a remote attacker to take control of an affected system. Researchers found the flaw back in 2012 with the release of Windows 8. The routine is part of Windows Defender code and Microsoft has acknowledged the issue and working on a fix. -- THREATPOST

  • Email gray
  • Permalink gray

Reports

This report examines all threats that appeared across the company’s monitoring network in the past quarter. Unlike numerous other collections, overall threat volume declined from the second quarter. The most targeted vulnerability were OpenSSL attacks. – ESENTIRE REPORT

  • Email gray
  • Permalink gray

If you need to hire an MSSP, you might consider this handy guide on picking the right provider. Most of this is common sense, but still worthy of review, including understanding operational readiness, onboarding best practices, and SLAs. – HERJAVEC GROUP (pdf)

  • Email gray
  • Permalink gray

Here is an interview with Victoria Walberg, a freelance security consultant that has been working in IT for 17 years in the UK. She says, “researchers should work on gaining a better understanding of who their consumers are and how organizations manage risk.” She ranks IoT threats as her top concern, saying “there are lessons that haven’t been learned from the past.” How true. – TRIPWIRE BLOG

  • Email gray
  • Permalink gray

Here is a report on DDoS trends during the middle of this year, collected from customer networks protected by Corero security systems. It is bad news across the board, with increases in the number of daily attacks (as shown here), the size or network volume of the attack and the the attack duration.  – CORERO  (reg. req.)

  • Email gray
  • Permalink gray

My colleague and podcasting partner Paul Gillin has written a very common sense description of his attempt to find and prevent the KRACK WPA2 vulnerability with his ISPs and other technology suppliers. It didn’t go well. – SECURITY INTELLIGENCE BLOG

  • Email gray
  • Permalink gray

APIs have become a new attack vector for cybercriminals and can make your applications and databases vulnerable to many web application attacks. While this post is somewhat self-serving (the vendor sells a web app firewall, among other tools), the way they classify six different kinds of API attacks and how to prevent them is worth your time to review your own approaches. The author touches on API parameter and session cookie tampering, DDoS, and man-in-the-middle attacks. – IMPERVA BLOG

  • Email gray
  • Permalink gray

Fileless malware attacks are almost 10 times more likely to succeed in infecting a machine than file-based attacks, according to a new report from the Ponemon Institute that interviewed more than 600 IT leaders. Half of them have experienced a successful endpoint attack. More than three quarters of the attacks used fileless techniques. – BARKLY/PONEMON

  • Email gray
  • Permalink gray

Just for fun

Yes, I feel this way almost every time I update my own iThings too. -- 50 NERDS OF GREY @ TWITTER

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

TWICE WEEKLY
Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

Inside Facebook

TWICE WEEKLY

SUBSCRIBED!

Share via

A hand-picked selection of products, deals, and ways to save money.

Inside Deals

A hand-picked selection of products, deals, and ways to save money.

TWICE WEEKLY
A hand-picked selection of products, deals, and ways to save money.

Inside Deals

TWICE WEEKLY

SUBSCRIBED!

Share via

A thoughtful roundup of news and links for developers

Inside Dev

A thoughtful roundup of news and links for developers

WEEKLY
A thoughtful roundup of news and links for developers

Inside Dev

WEEKLY

SUBSCRIBED!

Share via

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

TWICE WEEKLY
Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

TWICE WEEKLY

SUBSCRIBED!

Share via