Inside
Inside Security

Inside Security (Nov 21st, 2017)

David’s Take

Our top story today is some research from Palo Alto Networks about a group they call MuddyWater. It shows that malware authors are moving quickly and targeting their victims very precisely. The report shows that the authors also planted a “false flag” of another piece of malware on their control servers to divert attention from their actions, and how Palo Alto builds on the work of other research groups around the world. Threat hunting is a very collaborative business.

Happy holidays for those of you celebrating. Our next newsletter will arrive next Monday.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story

There have been various targeted attacks against Middle Eastern entities over the past six months by a group labeled MuddyWater, named as such because of attribution difficulties. The attacks have PowerShell exploits (that have been previously documented by other researchers) in common, along with similar document delivery mechanisms. What is worrisome is that attackers stole and modified a legitimate document from the compromised user account, crafted a malicious decoy Word macro document using this stolen document and sent it to the target recipient who might be expecting the email from the original account user before the real sender had time to send it.  – PALO ALTO NETWORKS RESEARCH

Email x1 muddy
  • Email gray
  • Permalink gray

Attacks and vulnerabilities

The way Microsoft patched a recent security bug in its equation editor has made several security and software experts believe the company might have lost its source codeThe editor component was replaced with a newer version in 2007, but the older version is still packaged with newer Office versions for compatibility reasons. – BLEEPING COMPUTER

  • Email gray
  • Permalink gray

The Medical College of Wisconsin says it was recently hit with a data security breach, and thousands of patients’ confidential information may have been compromised after a spear phishing incident in July. Forensics weren't clear on whether any sensitive data was actually leaked to attackers. – MCW STATEMENT  (pdf)

  • Email gray
  • Permalink gray

The US CERT is warning of a flaw in Windows Address Space Layout Randomization that could allow a remote attacker to take control of an affected system. Researchers found the flaw back in 2012 with the release of Windows 8. The routine is part of Windows Defender code and Microsoft has acknowledged the issue and working on a fix. -- THREATPOST

  • Email gray
  • Permalink gray

Reports

This report examines all threats that appeared across the company’s monitoring network in the past quarter. Unlike numerous other collections, overall threat volume declined from the second quarter. The most targeted vulnerability were OpenSSL attacks. ESENTIRE REPORT

Email x1 esentire
  • Email gray
  • Permalink gray

If you need to hire an MSSP, you might consider this handy guide on picking the right provider. Most of this is common sense, but still worthy of review, including understanding operational readiness, onboarding best practices, and SLAs. – HERJAVEC GROUP (pdf)

  • Email gray
  • Permalink gray

Here is an interview with Victoria Walberg, a freelance security consultant that has been working in IT for 17 years in the UK. She says, “researchers should work on gaining a better understanding of who their consumers are and how organizations manage risk.” She ranks IoT threats as her top concern, saying “there are lessons that haven’t been learned from the past.” How true. – TRIPWIRE BLOG

  • Email gray
  • Permalink gray

Here is a report on DDoS trends during the middle of this year, collected from customer networks protected by Corero security systems. It is bad news across the board, with increases in the number of daily attacks (as shown here), the size or network volume of the attack and the the attack duration.  – CORERO  (reg. req.)

Email x1 ddos
  • Email gray
  • Permalink gray

My colleague and podcasting partner Paul Gillin has written a very common sense description of his attempt to find and prevent the KRACK WPA2 vulnerability with his ISPs and other technology suppliers. It didn’t go well. – SECURITY INTELLIGENCE BLOG

  • Email gray
  • Permalink gray

APIs have become a new attack vector for cybercriminals and can make your applications and databases vulnerable to many web application attacks. While this post is somewhat self-serving (the vendor sells a web app firewall, among other tools), the way they classify six different kinds of API attacks and how to prevent them is worth your time to review your own approaches. The author touches on API parameter and session cookie tampering, DDoS, and man-in-the-middle attacks. – IMPERVA BLOG

  • Email gray
  • Permalink gray

Fileless malware attacks are almost 10 times more likely to succeed in infecting a machine than file-based attacks, according to a new report from the Ponemon Institute that interviewed more than 600 IT leaders. Half of them have experienced a successful endpoint attack. More than three quarters of the attacks used fileless techniques. – BARKLY/PONEMON

  • Email gray
  • Permalink gray

Just for fun

Yes, I feel this way almost every time I update my own iThings too. -- 50 NERDS OF GREY @ TWITTER

Email x1 nerds
  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Small x2 screen shot 2016 09 18 at 8.55.07 pm

Inside Retail

The news, trends and tech that is reshaping the rapidly changing world of retail

TWICE WEEKLY
Small x2 1auw39

Inside Retail

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 screen shot 2016 08 22 at 4.24.01 pm

Inside Drones

Drone news for hobbyists, professionals, and investors

TWICE WEEKLY
Missing

Inside Drones

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 screen shot 2016 09 13 at 5.04.07 pm

Inside Amazon

The best source of in-depth news and analysis about Amazon

TWICE WEEKLY
Small x2 giphy 28

Inside Amazon

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 screen shot 2016 10 04 at 4.44.03 pm

Inside AI

Bringing you the latest in Artificial Intelligence, Robotics, and Neurotechnology

WEEKLY
Small x2 giphy 31

Inside AI

WEEKLY

SUBSCRIBED!

Share via