Week in review: Cyber threat hunting, Android DDoS botnet, drone bug bounty

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

New, custom ransomware delivered to orgs via extremely targeted emails
Ransomware campaigns are usually wide-flung affairs: the attackers send out as many malicious emails as possible and hope to hit a substantial number of targets. But more targeted campaigns are also becoming a trend.

Getting a start on cyber threat hunting
We live in a world where the adversaries will persist in getting into an organizations environment, and they only have to be successful once.

Canadian university scammed out of $11.8 million
MacEwan University in Edmonton, Alberta, is the latest confirmed victim of scammers.

Integrating GDPR into your day to day IT practices
GDPR, four letters that when combined strike fear into the heart of any sysadmin. Luckily, there is quite some time before it comes into force, which means getting into the habit of complying should be natural by 25th May 2018.

What’s the use of a privacy policy?
Buying any technology that is considered ‘smart’ is a painful exercise. It is not a simple task of reviewing the features on offer, but very carefully reading the privacy policy, scouring for any research that reveal privacy and security concerns, and that is just the first week of research.

Drone maker DJI launches bug bounty program
Chinese consumer drone maker DJI has announced that it’s starting a bug bounty program and has invited researchers to discover and responsibly disclose issues that could affect the security of its software.

Whitepaper: Understanding pulse wave DDoS attacks
Pulse wave DDoS is a new attack tactic, designed to double the botnet’s output and exploit soft spots in “appliance first cloud second” hybrid mitigation solutions.

Attackers exploited Instagram API bug to access users’ contact info
Instagram has confirmed that “one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information — specifically email address and phone number — by exploiting a bug in an Instagram API.”

Locky ransomware returns with new tricks up its sleeve
Locky ransomware is back, again, delivered with the help of new tricks to fool users and anti-malware defenses.

Researchers figured out how to disable the Intel ME controller on Intel chipsets
Researchers have discovered that Intel Management Engine (Intel ME) 11, a dedicated (and non-optional) microcontroller integrated into all Intel chipsets, can be disabled through a publicly undocumented mode.

Patients with St. Jude pacemakers called in for firmware update
The reason why the update can’t be pushed over-the-air through their Merlin@home Transmitter unit is the fact that the update could, in a very small number of cases, lead to a complete loss of the pacemaker’s functionality, the loss of currently programmed device settings, or a reloading of a previous firmware version.

SIEM challenges: Why your security team isn’t receiving valuable insights
Today, many enterprises use security information and event management (SIEM) software to help detect suspicious activity on their networks. However, to be effective organizations need to surround a SIEM with security experts, advanced use cases, threat intelligence, and proven processes to investigate and respond to threats.

The real cost of alarm fatigue
Alarms and alerts are designed to signal problems that need attention. However, when alarms are constant, and a high percentage of these are false positives, there is a real danger that we can become de-sensitised to their importance.

Leveraging social media in advanced threat intelligence
In this podcast recorded at Black Hat USA 2017, Christian Lees, CISO at InfoArmor, discusses how leveraging social media helps to understand the motives and threat landscape from threat actors.

Tech firms band together to take down Android DDoS botnet
An ad-hoc alliance of tech firms has managed to seriously cripple an Android-based botnet that was being actively used to DDoS multiple content providers.

Chinese government’s latest crack against online anonymity
The Chinese government is dead-set on making it so that all online interactions can be tied to a specific user. The latest move towards this goal came on Friday, when the Cyberspace Administration of China (CAC) released an overview of the new rules that dictate that anonymous users can’t post content online.

When AI and security automation become foolish and dangerous
Implementing some automated solutions can prove valuable. However, when it comes to network security, fully automating the tasks of a security analyst can be a dangerous and foolish decision for a variety of reasons.

The security status quo falls short with born-in-the-cloud software
Born-in-the-cloud software, pioneered by companies like Salesforce, are beginning to dominate the computing landscape. But, do we really understand the critical nature of born-in-the-cloud software’s greatest challenge – security?

Cisco unveils LabVIEW code execution flaw that won’t be patched
LabVIEW is commonly used for building data acquisition, instrument control, and industrial automation systems on a variety of operating systems: Windows, macOS, Linux and Unix.

Complete and continuous cloud infrastructure protection
In this podcast recorded at Black Hat USA 2017, Hari Srinivasan, Director of Product Management at Qualys, talks about the challenges involved in securing clouds, and explains how to gain complete visibility and security of your cloud infrastructure using Qualys CloudView.

Know your adversary: Focus on social engineering
In this podcast recorded at Black Hat USA 2017, Tim Roberts, Senior Security Consultant at NTT Security, talks about social engineering and emphasizes the importance of security awareness and security culture.

New infosec products of the week​: September 1, 2017
A rundown of infosec products released last week.

More about

Don't miss