Inside Security | Inside
Inside Security

David Strom's in-depth cybersecurity news and analysis

Today’s premium story is our analysis of the past season's funding events in the security space. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account

-- David Strom


1.  Millions of tweets and other content that originated by state-sponsored 2016 election troll farms have been released by Twitter. These can be found on their Election Integrity hub. Ben Nimmo’s extensive four-part analysis of this trove begins with this post. -- DFRLAB @ MEDIUM


2. This post is full of great suggestions on how to improve the security of your apps. It includes advice such as to verify that third-party libraries use the most secure settings and the latest patches, to controlling your inputs to prevent cross-site scripting attacks and avoiding loading any dynamic code. -- HELPNET SECURITY


Subscribe to Inside Security


Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 
   
   

Today’s premium story is about the latest research on malware beware. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account

-- David Strom


1. Is the DMARC glass two-thirds full or one-third empty? A major milestone for its implementation by federal agencies has prompted posts from various interested parties. The graph shown here shows progress over the past year, although there is still room for improvement. Here is perspective on why DMARC matters. -- PROOFPOINT BLOG


2. A new threat group has been identified and is being called GreyEnergy. It has developed a series of malware modules that can be used to attack critical infrastructure that is more potent and difficult to track down. Its name belies its lineage with the BlackEnergy group that caused Ukraine power blackouts previously. -- WE LIVE SECURITY (ESET)


Learn about the state of hacker-powered security in a new 2018 study analyzing 78,000+ security vulnerabilities reported to 1,000+ companies. Explore why more and more companies flag critical vulnerabilities in a cost-effective and high-ROI way.

CLICK HERE for the Free Report. 


3. Web hosting provider VestaCP was hit with malware that inadvertently added DDoS botnets to their users websites. The malware is being called Linux/ChachaDDoS and it noticeably had slower performance of the hosted sites. All new accounts on VestaCP since May are at risk. -- WE LIVE SECURITY (ESET)


4. Polish academic researchers have discovered three vulnerabilities in some models of D-Link DWR series routers. Chained together, these could result in hackers taking control of them.  D-Link was notified of the issues but hasn’t yet offered a complete fix. -- SECURITY AFFAIRS


Gain cybersecurity expertise from Harvard's VPAL in 8 weeks.

Learn to identify the cybersecurity vulnerabilities threatening your most valuable business systems and assets, and prepare your business to mitigate the chance of cyberattacks. Learn more.  


5. And Linksys E Series of routers have three vulnerabilities of their own. Taken together, they can result in command injections. The latest firmware has fixed these issues. -- CISCO TALOS BLOG


6. The Onslow Water and Sewer Authority in North Carolina was hit with the Emotet and Ryuk ransomware last week. Their operation also had to deal with the aftermath of Florence too. -- THE REGISTER

7.  The Lawfare blog has been hit with a DDoS attack originating in the Seychelles. They use Cloudflare for protection but have struggled with keeping the site operating. -- CYBERSCOOP

8. Most of us have heard about Nigerian phishing scams. This post goes into details about how they came to be associated with the country. -- THE EPOCH TIMES

9. Tumblr fixed an authentication bug in their blogging platform quickly after notification. No data was compromised, according to the company. -- TUMBLR BLOG

10. The Donald Daters website began its life leaking its members data. A researcher found an open database after the site went live this week, and its chat forums were suspended while this was being fixed. The app has other drawbacks too. -- MOTHERBOARD


Mothers don't let your kids grow up and learn SUDO.

-- NIXCRAFT @ TWITTER


Since July, 66 security-related companies have received various funding events. In our premium edition, we break these numbers down.

Content for premium users only

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).


Learn about the state of hacker-powered security in a new 2018 study analyzing 78,000+ security vulnerabilities reported to 1,000+ companies. Explore why more and more companies flag critical vulnerabilities in a cost-effective and high-ROI way.

CLICK HERE for the Free Report. 


3. There is an issue with the libssh C libraries that support the SSH protocols.The bug has to do with an authentication bypass trick.  Here is the security announcement. There are at least two thousand servers that need upgrading, and you can download libssh v0.8.4 or v0.7.6 here


4. Researchers have detected a near-400% increase in crypto-mining malware attacks against iPhones. The surge was seen in the last two weeks of September. The attacks used the Coinhive mining malware tool. -- CHECKPOINT


Gain cybersecurity expertise from Harvard's VPAL in 8 weeks.

Learn to identify the cybersecurity vulnerabilities threatening your most valuable business systems and assets, and prepare your business to mitigate the chance of cyberattacks. Learn more.  


5. The Security Industry Association has identified its 2019 megatrends here. Heading the list are the relationship of physical to cyber security, IoT security, and cloud security.


Many thanks to Inside Security's corporate supporters.  Please go check them out!

 

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   

Gain cybersecurity expertise from Harvard's VPAL in 8 weeks. Learn More.

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

load more stories