Inside Security | Inside
Inside Security

David Strom's in-depth cybersecurity news and analysis

I have a wide range of topics today. This edition includes patches for Oracle servers, new variants of Keypass and DarkHydrus, new Android security issues, and the not-so-shocking finding that a third of Congressional websites are vulnerable to attacks. 

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).


1. DarkHydrus uses the open-source Phishery tool to create two Word documents used in the attacks. The tool is part of previous credential harvesting attempts using the same infrastructure dating back to 2017. These attacks were targeting government entities and educational institutions in the Middle East. -- PALO ALTO NETWORKS BLOG   


2. It is possible for remote attackers to take control of airborne SATCOM equipment on in-flight commercial aircrafts and other vessels. This includes those used by the US military in conflict zones. -- HELPNET SECURITY


Subscribe to Inside Security


Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 
   
   

I apologize for all my distractions last week, but it couldn’t be helped. I had two hard drive crashes that claimed my attention. That is still no excuse to not catch this error, where I omitted the link to the Cisco/WordPress item in Friday’s newsletter. And, by my rather odd accounting, this represents the 400th edition of Inside Security. Lots to talk about today as always, including malware delivered via a fax page and Microsoft finally getting around to doing sandboxing. Enjoy.

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).


1. Microsoft is building a new Windows 10 sandboxing feature that will let users run untrusted software in a virtualized environment that's discarded when the program finishes running. The new feature was revealed  in a bug-hunting quest for members of the Insider program and will carry the name "InPrivate Desktop." There is more information at the link above. The feature is similar to many protected browser products, such as Spikes' AirGap and Silo's Authentic8 that I once reviewed for Network World here.


2. Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU. Security researcher Christopher Domas revealed this at the Black Hat show last week. This backdoor exists only on VIA C3 Nehemiah chips made in 2003 and used in embedded systems and thin clients. – TOMS HARDWARE


3. Oracle has posted a security alert for two Windows versions of its database software, 11.2.0.4 and 12.2.0.1. There is a patch. All Linux versions that haven’t applied the July patch are also at risk of allowing command-line server access. -- ORACLE


4. Here is a tutorial on how to implement OAuth v2 with Spring development environment tools. There is a lot of code to write, but hopefully you will get the idea with the examples provided. -- DZONE


5. Security researchers at Defcon presented details of 47 vulnerabilities in the firmware and default apps of 25 Android smartphone models, 11 of which are also sold in the US. -- BLEEPING COMPUTER


6. Three of every 10 candidates running for the U.S. House of Representatives have significant security problems with their websites. A group of researchers used automated scans to look for these vulnerabilities, including cert issues, according to the work by Joshua Franklin, who has studied various election-related cybersecurity topics. He presented this at Defcon and has been developing an open source tool called Election Buster that identifies malicious domains that appear to be genuine candidate websites. -- DEFCON 


7. Hospital central patient monitoring systems aren’t much more than a WinXP embedded computer with very weak security. This is especially true of the communications protocols to the patient devices. Attackers can readily make changes to patient stats and thereby influence care and treatment decisions. -- SECURING TOMORROW (MCAFEE)


8. Here is a helpful post that shows understanding how to deploy your legal team after a breach means understanding how to use them and knowing what privilege of their work product means. -- LAW.COM


9. Australia proposed a new law requiring technology firms to give police access to private encrypted data linked to suspected illegal activities. Warrants would be required, and fines and jail time were set for vendors that don’t comply. Some useful commentary can be found here. -- REUTERS


10. Multiple researchers have identified a dangerous new variant of KeyPass ransomware. It features a manual-control functionality. Most of the current targets are in Brazil and Vietnam. It propagates using fake installers. -- SECURELIST (KASPERSKY)


The blockchain will secure everything. -- XKCD


3. Samsung S7 phones have a new vulnerability. Researchers at Black Hat have figured out a way to exploit the Meltdown vulnerability. Samsung says they have issued patches earlier this year that prevents this.  -- REUTERS


4. One other highlight from last week’s Vegas security conferences. Researchers presented a new technique using faxes to take control over all-in-one HP printers using malicious image files. Since the scans are held in memory, the images are processed and can result in ransomware or cryptominers. HP has issued a fix. -- CHECKPOINT BLOG


5. The latest version of TLS, TLS 1.3/RFC 8446 was published last week. It is the first major overhaul of the protocol, bringing significant security and performance improvements. This article provides a deep dive into the changes introduced in the update and its impact on the future of internet security. –  CLOUDFLARE BLOG


6. RiskSense raises $12M in a B round. It was led by Spring Mountain Capital. They do threat and vulnerability management, are based in Albuquerque and their CEO is Srinivas Mukkamala.

RiskRecon raised $25M in a B round led by Accel Partners. They do third party risk management, are based in Salt Lake City and their CEO is Kelly White.

iS5 Communications raised $16.9 M in funding led by Phoenix. They secure industrial infrastructure, are based near Toronto and their CEO is Clive Dias.

Capsule8 raised $15M in a B round led by ClearSky Security. They have a zero-day detection tool, are based in NYC and their CEO is John Viega.


7. Iran-based security threats are on the rise. State-sponsored groups and Iranian hacktivists use new types of malware to attack companies’ networks for espionage and financial gain, according to a new Accenture report.-- SDXCENTRAL BLOG


 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

load more stories