Inside Security | Inside
Inside Security

David Strom's in-depth cybersecurity news and analysis

Today’s premium story is about the continued woes of MikroTik routers being exploited by hackers. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account

We want to highlight the efforts of our sponsors. On Endgame’s blog this month is an analysis of how attackers can hide their techniques using PowerShell commands. They review the various ways these commands can be encoded and manipulated to make them harder to parse. They also suggest how you can decode them with some simple tools.

-- David Strom


1. We have more details about last month’s Facebook data breach. The company claims 30 million users were hit, which was less than the initial estimate. There are two posts on their site: a security notice where users will see if their accounts were part of the breach and a blog post that explains what happened. It has been busy cleansing fake accounts, including several tied to Russian hackers. The accounts have been removed for scraping data in violation of its policies. -- NY TIMES


2. A recent report cited that the majority of PHP websites will have security issues next year. It is based on statistics showing that many of them are running outdated versions. Here is a checklist of things to do to harden your implementation, and other suggestions from Wordpress (which runs on PHP) to upgrade.


Subscribe to Inside Security


Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 
   
   

1. Researchers have discovered links between the Telebots hacking group and Black Energy, Industroyer and NotPetya attacks. The key is the malware deployed in all three instances points to the same creators.   -- WE LIVE SECURITY (ESET)


2. Organizations have lost track of where employees and other insiders are storing unstructured data. This could be caused by a number of factors, such as changing IT policies and procedures and lack of visibility into how applications store this data. Even when they deploy various security tools, these create too many false positive alerts to be useful. -- STEALTHBITS PONEMON REPORT


3. Researchers found a new online malware builder called Gazorp. It works in conjunction with Azorult, an infostealer used for stealing user passwords and credit card data.Users of the tool have access to a Telegram chat channel to discuss deployment and updates. -- CHECKPOINT BLOG


Learn about the state of hacker-powered security in a new 2018 study analyzing 78,000+ security vulnerabilities reported to 1,000+ companies. Explore why more and more companies flag critical vulnerabilities in a cost-effective and high-ROI way.

CLICK HERE for the Free Report. 


3. The entire country of Iceland has experienced a massive phishing attack this past weekend. Emails were sent mimicking police inquiries that contained a remote access Trojan, aimed at stealing banking credentials. The attackers used a homographic domain name and copied the real police website. -- CYREN


4. A malicious photo app pretending to come from Google has been found and eliminated in the Microsoft App Store. It is actually an ad clicker that repeatedly opens hidden advertisements in Windows 10. This post takes apart the malware and shows how it works. -- BLEEPING COMPUTER


Gain cybersecurity expertise from Harvard's VPAL in 8 weeks.

Learn to identify the cybersecurity vulnerabilities threatening your most valuable business systems and assets, and prepare your business to mitigate the chance of cyberattacks. Learn more.  


5. A new $1.3M state-of-the-art cyber lab has been built at the US Coast Guard Academy in New London, Conn. It will house cyber studies and a related major for cadets. -- NBC CT TV


6. After Trend Micro reported a bug, Microsoft patched its Jet database engine earlier this month. But it didn’t completely fix the security vulnerability.  -- 0PATCH

7. Another Microsoft bug concerns how its Edge browser handles embedded hyperlinks. They can exploit a remote code execution bug, which has since been patched. -- TREND MICRO ZERO DAY INITIATIVE

8. A third-party provider of travel servi10. ces to the Pentagon has suffered a breach last week. Records from more than 30,000 personnel could be at risk. -- MILITARY TIMES

9. Here is an analysis of the Necurs botnet. At over a million infected devices, it is used to send ransomware and cryptomining malware and lately blackmail messages. -- SECURITY INTELLIGENCE (IBM)

10. A cache of 119GB of data belonging to Fitmetrix was found unprotected on AWS Elasticsearch by a security researcher. Eventually, the millions of data records were secured by the vendor. -- INFOSECURITY MAGAZINE


So now we all know Kanye’s phone’s PIN. I guess we should be glad it wasn’t “just” 0000. Hopefully he has changed it to something more difficult by now, like "87654321." 


If you own a MikroTik home router, chances are it has been infected by one or more pieces of malware. In our premium feature, we discuss what has happened lately, including an interesting turn of events.

Content for premium users only

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).


Learn about the state of hacker-powered security in a new 2018 study analyzing 78,000+ security vulnerabilities reported to 1,000+ companies. Explore why more and more companies flag critical vulnerabilities in a cost-effective and high-ROI way.

CLICK HERE for the Free Report. 


4. Wombat/Proofpoint surveyed thousands of adults around the world to determine their cybersecurity practices. Only a third got correct answers on basic security knowledge questions, such as trusting pages on Facebook, knowing what a VPN does or thinking that their anti-virus software was sufficient protection.


4 ways to improve collaboration on your team today

Our collaboration eBook shows you the four things your team can do right now to improve the way they work together and gives examples of what strong collaborative cultures across industries have in common. You’ll also learn how Dropbox Business can power your team’s best work.

Download now


5. A study for One Identity of 1000 IT professionals shows some poor security practices in place in several countries. Admin passwords are often shared and a small number of respondents have no way of knowing if users retain access even after they’ve left their organizations. And two thirds of users’ password resets take five minutes or longer to resolve.


6. Specially created PDFs can trigger data leaks thanks to a bug in the Google JBIG2 code library. That code is used by Chrome browsers to render PDF images. Google has issued a patch.-- TALOS BLOG (CISCO)

7. A new phishing attack method has been discovered that leverages Azure Blobs. The attacker places credential-harvesting forms on that Azure service and signs the web forms with legitimate Microsoft SSL certificates. -- NETSKOPE

8. Yanjun Xu has been arrested in Belgium and charged with spying for the Chinese. He was supposedly targeting employees of US-based aerospace firms. -- INFOSECURITY MAGAZINE

9. Here is a description of a new threat group called Gallmaker that recycles well-known malware and hacking tools. They target mideast defense organizations. -- SECURITY AFFAIRS

10. Attacks leveraging IIS have made a big jump in the past quarter from thousands to more than a million. This according to telemetry from eSentire. There are millions of exposed IIS servers, according to Shodan. -- ESENTIRE (PDF, reg. req.)


Many thanks to Inside Security's corporate supporters.  Please go check them out!

 

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   

Invest in Ring4, the 2nd phone number startup that was voted best product on ProductHunt. 

 

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

load more stories