Inside | Real news, curated by real humans
Inside Security

Inside Security (Oct 11th, 2018)

Today’s premium story is about the delays in ISPs reporting malware abuses across their networks. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account

-- David Strom

  • Email gray
  • Permalink gray

1. Almost all of the advanced US government weapons systems suffer from a wide collection of security issues. This is the conclusion of a new report from the GAO. “Weapon systems have a wide variety of interfaces, some of which are not obvious, that could be used as pathways for adversaries to access the systems,” the authors state.  -- GAO

  • Email gray
  • Permalink gray

2. Yet more news on the Chinese spy chips. Another user of hacked Supermicro servers has been reported by Bloomberg, this time a major telecom provider. Their source clarifies the situation in this rebuttal post, while a second source used in the first story issues other clarifications.

  • Email gray
  • Permalink gray

Learn about the state of hacker-powered security in a new 2018 study analyzing 78,000+ security vulnerabilities reported to 1,000+ companies. Explore why more and more companies flag critical vulnerabilities in a cost-effective and high-ROI way.

CLICK HERE for the Free Report. 

4. A new malware campaign using Ursnif shows enhancements to the banking Trojan. Now it is being used to compromise discussion threads and there are several warning signs, such as switching languages in mid-conversation and verbose signature blocks. The malware looks for email credentials, cookies, and certificates. -- TREND MICRO BLOG

  • Email gray
  • Permalink gray

4 ways to improve collaboration on your team today

Our collaboration eBook shows you the four things your team can do right now to improve the way they work together and gives examples of what strong collaborative cultures across industries have in common. You’ll also learn how Dropbox Business can power your team’s best work.

Download now

5. Microsoft has joined the Open Invention Network, an open-source patent consortium. It is placing its 60,000 patents into the repository. In the announcement, with perhaps the understatement of the year, a representative stated: “There has been friction in the past between Microsoft and the open-source community over the issue of patents." -- MICROSOFT BLOG

  • Email gray
  • Permalink gray

6. Many of the world’s cheap digital video recorders are made by the Chinese vendor Xiongmai. The lack of their interest in device security is appalling, such as having blank admin passwords. -- KREBS ON SECURITY

7. Microsoft has recently fixed a serious zero-day Windows flaw. Called FruityArmor, it would allow privilege escalation and remote code execution. -- SECURITY AFFAIRS (KASPERSKY)

8. Garmin Navionics exposed 19 GB of its customer navigation data thanks to an improperly configured MongoDB storage bucket. The flaw was fixed when they were notified and the company says no data was accessed improperly. -- HACKEN BLOG

9. Here is how Microsoft’s Windows Defender detects fileless malware attacks. The tool relies on the Sharpshooter utility, which has its origins in Google-funded research.  MICROSOFT BLOG

10. Speaking of fileless attacks, this post goes into details on how they are constructed. There are three basic techniques, using existing documents, scripts and OS routines to hid their mischief.  -- MINERVA LABS BLOG

  • Email gray
  • Permalink gray

This isn’t what Josiah Bluetooth intended. While no such person actually existed,  Harald “Bluetooth” Gormsson was a ruler of Denmark and Norway who died more than a thousand years ago and was the original namesake used by the technology’s inventors.  - XKCD

  • Email gray
  • Permalink gray

ISPs need to be more vigilant when it comes to reporting malware issues observed across their networks. In this premium feature, I go into more details from a new report.

Content for premium users only

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

Find out why Global Leaders are trusting HackerOne to test and secure their mission-critical applications

 
   

[YOUR LOGO HERE – click for details]

Subscribe to Inside Security

MORE NEWSLETTERS

Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

A thoughtful roundup of news and links for developers

Inside Dev

A thoughtful roundup of news and links for developers

DAILY
A thoughtful roundup of news and links for developers

Inside Dev

DAILY

SUBSCRIBED!

Share via

Explaining the business and consumer sides of social media networks

Inside Social

Explaining the business and consumer sides of social media networks

DAILY
Explaining the business and consumer sides of social media networks

Inside Social

DAILY

SUBSCRIBED!

Share via

Tracking trends, news, and analysis around Bitcoin and cryptocurrencies

Inside Bitcoin

Tracking trends, news, and analysis around Bitcoin and cryptocurrencies

DAILY
Tracking trends, news, and analysis around Bitcoin and cryptocurrencies

Inside Bitcoin

DAILY

SUBSCRIBED!

Share via