Inside | Real news, curated by real humans
Inside Security

Inside Security (Oct 11th, 2018)

Today’s premium story is about the delays in ISPs reporting malware abuses across their networks. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account

-- David Strom

  • Email gray
  • Permalink gray

1. Almost all of the advanced US government weapons systems suffer from a wide collection of security issues. This is the conclusion of a new report from the GAO. “Weapon systems have a wide variety of interfaces, some of which are not obvious, that could be used as pathways for adversaries to access the systems,” the authors state.  -- GAO

  • Email gray
  • Permalink gray

2. Yet more news on the Chinese spy chips. Another user of hacked Supermicro servers has been reported by Bloomberg, this time a major telecom provider. Their source clarifies the situation in this rebuttal post, while a second source used in the first story issues other clarifications.

  • Email gray
  • Permalink gray

Learn about the state of hacker-powered security in a new 2018 study analyzing 78,000+ security vulnerabilities reported to 1,000+ companies. Explore why more and more companies flag critical vulnerabilities in a cost-effective and high-ROI way.

CLICK HERE for the Free Report. 

4. A new malware campaign using Ursnif shows enhancements to the banking Trojan. Now it is being used to compromise discussion threads and there are several warning signs, such as switching languages in mid-conversation and verbose signature blocks. The malware looks for email credentials, cookies, and certificates. -- TREND MICRO BLOG

  • Email gray
  • Permalink gray

4 ways to improve collaboration on your team today

Our collaboration eBook shows you the four things your team can do right now to improve the way they work together and gives examples of what strong collaborative cultures across industries have in common. You’ll also learn how Dropbox Business can power your team’s best work.

Download now

5. Microsoft has joined the Open Invention Network, an open-source patent consortium. It is placing its 60,000 patents into the repository. In the announcement, with perhaps the understatement of the year, a representative stated: “There has been friction in the past between Microsoft and the open-source community over the issue of patents." -- MICROSOFT BLOG

  • Email gray
  • Permalink gray

6. Many of the world’s cheap digital video recorders are made by the Chinese vendor Xiongmai. The lack of their interest in device security is appalling, such as having blank admin passwords. -- KREBS ON SECURITY

7. Microsoft has recently fixed a serious zero-day Windows flaw. Called FruityArmor, it would allow privilege escalation and remote code execution. -- SECURITY AFFAIRS (KASPERSKY)

8. Garmin Navionics exposed 19 GB of its customer navigation data thanks to an improperly configured MongoDB storage bucket. The flaw was fixed when they were notified and the company says no data was accessed improperly. -- HACKEN BLOG

9. Here is how Microsoft’s Windows Defender detects fileless malware attacks. The tool relies on the Sharpshooter utility, which has its origins in Google-funded research.  MICROSOFT BLOG

10. Speaking of fileless attacks, this post goes into details on how they are constructed. There are three basic techniques, using existing documents, scripts and OS routines to hid their mischief.  -- MINERVA LABS BLOG

  • Email gray
  • Permalink gray

This isn’t what Josiah Bluetooth intended. While no such person actually existed,  Harald “Bluetooth” Gormsson was a ruler of Denmark and Norway who died more than a thousand years ago and was the original namesake used by the technology’s inventors.  - XKCD

  • Email gray
  • Permalink gray

ISPs need to be more vigilant when it comes to reporting malware issues observed across their networks. In this premium feature, I go into more details from a new report.

Content for premium users only

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

 

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   

Invest in Ring4, the 2nd phone number startup that was voted best product on ProductHunt. 

 

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

Subscribe to Inside Security

MORE NEWSLETTERS

A hand-picked selection of products, deals, and ways to save money.

Inside Deals

A hand-picked selection of products, deals, and ways to save money.

TWICE WEEKLY
A hand-picked selection of products, deals, and ways to save money.

Inside Deals

TWICE WEEKLY

SUBSCRIBED!

Share via

For those in the business of buying, selling, and developing real estate.

Inside Real Estate

For those in the business of buying, selling, and developing real estate.

DAILY
For those in the business of buying, selling, and developing real estate.

Inside Real Estate

DAILY

SUBSCRIBED!

Share via

A concise presentation of the world's most important, interesting news

Inside Daily Brief

A concise presentation of the world's most important, interesting news

DAILY
A concise presentation of the world's most important, interesting news

Inside Daily Brief

DAILY

SUBSCRIBED!

Share via

News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

News, people, culture, events and the trends shaping the Bay area

DAILY
News, people, culture, events and the trends shaping the Bay area

Inside San Francisco

DAILY

SUBSCRIBED!

Share via