Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018

HITBSecConf2019 - The 10the annual HITB Security Conference in The Netherlands - Trainings, Conference track and Haxpo exhibition. Register now.

Here’s an overview of some of last week’s most interesting news and articles:

RSA Conference 2018 coverage
Check out what you missed at the infosec event of the year.

Real-time detection of consumer IoT devices participating in DDoS attacks
Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of that equation can be relatively easily solved.

New targeted surveillance spyware found on Google Play
A new targeted surveillance app has been found and booted from Google Play. The app, named Dardesh, posed as a chat application and acted as a downloader for a second app that could spy on users.

Your Android phone says it’s fully patched, but is it really?
How do fully-maintained (i.e., patched) Android phones end up getting exploited? Searching for an answer to that question spurred security researchers to analyze thousands of Android firmwares for the presence of hundreds of patches.

NIST releases Cybersecurity Framework 1.1
The US Commerce Department’s National Institute of Standards and Technology (NIST) has announced the release of version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework.

How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices
An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to gain lasting control over the device and extract sensitive information from it.

Cisco plugs critical hole in WebEx, users urged to upgrade ASAP
Cisco has fixed a critical vulnerability in its WebEx videoconferencing software that could be exploited to compromise meeting attendees’ systems by simply opening a booby-trapped Flash file shared in a meeting.

Cryptominers displace ransomware as the number one threat
During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware as the number one threat, Comodo’s Global Malware Report Q1 2018 has shown.

Researchers develop algorithm to detect fake users on social networks
Ben-Gurion University of the Negev and University of Washington researchers have developed a new generic method to detect fake accounts on most types of social networks, including Facebook and Twitter.

Security researchers sinkholed EITest infection chain
Security researchers have managed to neutralize “EITest,” one of the oldest infection chains and thus preventing as many as two million potential malicious redirects a day.

Energy security pros worry about catastrophic failure due to cyberattacks
70 percent of energy security professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, a recent survey has shown.

When BEC scammers specialize
A group of BEC scammers has been focusing its efforts on the global maritime shipping industry.

Researchers propose scheme to secure brain implants
A group of researchers from KU Leuven, Belgium, have proposed a practical security scheme that would allow secure communications between a widely used implantable neurostimulator – an electrical brain implant used to treat a number of medical issues – and its external device programmer.

US, UK warn Russians hackers are compromising networking devices worldwide
The attackers are compromising routers, switches, firewalls, Network-based Intrusion Detection System (NIDS) devices in general, and Generic Routing Encapsulation (GRE), Cisco Smart Install (SMI), and Simple Network Management Protocol (SNMP) enabled network devices in particular.

Moxa plugs serious vulnerabilities in industrial secure router
A slew of serious vulnerabilities in the Moxa EDR-810 series of industrial secure routers could be exploited to inject OS commands, intercept weakly encrypted or extract clear text passwords, expose sensitive information, trigger a crash, and more.