Inside | Real news, curated by real humans
Inside Security

Inside Security (Apr 10th, 2018)

David’s Take

Can it really be 50 years since the movie 2001 was released? I remember watching it several times as a teen back then, and now there is a short film that interviews major film directors and others who attribute the movie to near mythic proportions. The 1968 movie was ahead of its time, influencing Star Wars and Star Trek, along with seeding the idea that its director, Stanley Kubrick, was the source of the visuals behind the actual Apollo moon landing the following year. (You can look for clues in The Shining if you want to join the conspiracy.) A new print has been released for those of you that want to re-watch (and listen to its wonderful score), but be warned it moves very slowly compared to today’s flash-cut action and sci-fi films.

If you aren’t a conspiracy nut and do believe in science fact, you might want to take a few moments to read the entire Verizon Data Breach Investigations Report, probably the best annual infosec report of the year.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Attacks

In the style of a vulnerability with the Panera Bread exploit from last week comes this new flaw with the PF Chang’s restaurant chain. The flaws are in their rewards website APIs that are used to retrieve member records and give access to restaurant location data. It is a proof of concept explanation at the moment. But unlike Panera, PF Chang’s security staff responded quickly to fix the flaw. – AKSHAY SHARMA @ MEDIUM

  • Email gray
  • Permalink gray

There is a new wave of document attacks targeting inboxes which do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. The malware is targeting financial and information service sectors in the Middle East and United States. The method of infection includes a new multi-stage infection technique. -- THREATPOST

  • Email gray
  • Permalink gray

Researchers have recently discovered new kind of “jackpotting” malware that forces ATMs to spit out huge volumes of cash. The malware appears to share some functional similarities with ATM Ripper that was observed last year robbing Thai ATMs. – NETSKOPE BLOG

  • Email gray
  • Permalink gray

The CyberArk Enterprise Password Vault application can allow an attacker to gain unauthorized access to the system with the privileges of the web application. Users are urged to upgrade to a new version with this flaw fixed by the vendor. – RED TEAM PENTESTING

  • Email gray
  • Permalink gray

Researchers are closely tracking an email-borne threat in which attackers are attempting to launch a Quant Loader Trojan that is capable of distributing ransomware and password stealers. The malware hides its malicious scripts to delay analysis of its purpose. – BARRACUDA BLOG

  • Email gray
  • Permalink gray

New standards watch

The FIDO Alliance and the W3C announced a major standards milestone that will bring simpler yet stronger web authentication to users around the world. It is called Web Authentication. It enables online service providers to offer FIDO Authentication through web browsers, and all the major browser vendors also announced their support. This means that once you implement the FIDO2 infrastructure, as it is being called, you can authenticate yourself with a fingerprint reader or some other method to various web apps. The various supporting vendors, including Nok Nok, will demonstrate support and interoperability at the RSA conference next week. – FIDO ALLIANCE

  • Email gray
  • Permalink gray

Tools

Mozilla will follow in the steps of Google Chrome and start blocking the loading of FTP subresources inside HTTP and HTTPS pages with the expected release of Firefox v61 in June. These are the files loaded via the FTP protocol inside img, script, or iframe HTML tags. FTP links placed inside normal links or typed directly in the browser's address bar will continue to work. Google made the same call with Chrome v63 in September. – BLEEPING COMPUTER

  • Email gray
  • Permalink gray

Report

A new report shows that infected Wordpress installations rapidly rose last year, while rates on Joomla-based sites dropped. Nearly 40 percent of Wordpress sites is running outdated software, which makes them particularly susceptible to attack. Keep those patches coming! – SUCURI BLOG

  • Email gray
  • Permalink gray

The Docket

Carbon Black has agreed to pay $3.9M in license fees to Finjan, settling patent infringement allegations brought by the latter in California federal court just over two weeks ago. Just in time: CB is planning an IPO. – LAW360 BLOG

  • Email gray
  • Permalink gray

 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

Subscribe to Inside Security

MORE NEWSLETTERS

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

DAILY
Financial, legislative, agricultural, and all the other most important news about the cannabis industry

Inside Cannabis

DAILY

SUBSCRIBED!

Share via

Digging into the Trump Presidency, issue by issue

Inside Trump

Digging into the Trump Presidency, issue by issue

DAILY
Digging into the Trump Presidency, issue by issue

Inside Trump

DAILY

SUBSCRIBED!

Share via

News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

News, people, culture, events and the trends shaping the Bay area

DAILY
News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

DAILY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

TWICE WEEKLY
Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

TWICE WEEKLY

SUBSCRIBED!

Share via