Week in review: Office 365 phishing, compromising networks with malicious faxes

Here’s an overview of some of last week’s most interesting news and articles:

AT&T sued for enabling SIM swap fraud
A cryptocurrency investor is suing AT&T because criminals were able to empty his accounts through SIM swap fraud (aka account port out fraud), even though he had already asked for additional protections to be set up on his AT&T account.

Endpoint breach prevention by reducing attack surfaces
In this podcast recorded at Black Hat USA 2018, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about endpoint breach prevention by reducing attack surfaces.

eBook: Windows PowerShell Scripting Tutorial
This PowerShell tutorial opens with an introduction to PowerShell scripting basics. It guides you through various topics, starting with launching PowerShell and preparing to run PowerShell scripts. Learning these basics will help you easily perform virtually any administration task in your Windows IT environment.

Criminals can compromise company networks by sending malicious faxes
Check Point has revealed details about the two critical remote code execution vulnerabilities (CVE-2018-5924, CVE-2018-5925) it discovered in the communication protocols used in tens of millions of fax devices globally. A fax number is all an attacker needs to exploit the flaws, and potentially seize control of a company or home network.

Busting the security myth: Should I use WordPress for my website?
WordPress has been around for 15 years. Today it powers around 30% of the top 10 million websites on the internet. Being such a popular platform, WordPress has been in the limelight quite a few times, more often than not for wrong reasons – security, or lack of. Though is it really as insecure as many think?

New Office 365 phishing attack uses malicious links in SharePoint documents
Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in security, Avanan researchers warn.

Connecting the dots to North Korea as a threat adversary
Reports of malware campaigns invariably focus on two critical conclusions: attribution and who was the intended target of the attack. It is challenging to draw swift conclusions on the former, due to the use of false flags designed to divert attention from the true source of the attack.

Critical vulnerability in Oracle Database, patch without delay!
Oracle is urging users to patch their Oracle Database installations to plug a critical security issue that can result in complete compromise of the Oracle Database and shell access to the underlying server.

Turning off Location History doesn’t prevent Google from knowing your location
If you believe that by turning off Location History on your Android device or iPhone means that Google won’t be able to know your location, think again: Princeton University researchers have confirmed Google services store users’ location regardless of those settings.

Microsoft ADFS flaw allows attackers to bypass MFA safeguards
A vulnerability (CVE-2018-8340) in Microsoft Active Directory Federation Services (ADFS) allows a second authentication factor for one account to be used for all other accounts in an organization, Okta REX Security Engineer Andrew Lee has discovered.

Security’s bane: The false positive
Nothing makes security look worse than the false negative – when we miss an attack and damage is suffered. As security professionals, it’s something we all obsess a lot about. However, the number two thing that makes us look bad is the false positive.

2.6 billion records exposed in 2,300 disclosed breaches so far this year
Risk Based Security released its Mid-Year 2018 Data Breach QuickView report, showing there have been 2,308 publicly disclosed data compromise events through June 30th. After a surprising drop in the number of reported data breaches in first quarter, breach activity appears to be returning to a more “normal” pace.

Networking vendors patch ​against new cryptographic attack
Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, researchers have found.

Chaos and confusion reign with existing firewall infrastructure
Many organizations are still struggling to master basic firewall hygiene, promising increased complexity and risk associated with network security policy management for those planning to adopt hybrid cloud models and next-gen architectures, according to Firemon’s 2018 State of the Firewall report.

Three A’s of SaaS adoption, and why every company goes through them
Everyone goes through “the 3 A’s of SaaS adoption”: aggravation, acceptance, and adoption.

Faster, simpler, smaller, smarter: A cybersecurity dream becomes reality
More ports, same space, faster speeds, simpler deployment, foolproof configuration, fully scalable and a smarter way to protect your network. Sounds like an IT professional’s dream.

DDoS attackers increasingly strike outside of normal business hours
DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents using two or more vectors.

10,644 vulnerabilities disclosed in the first half of 2018
There have been 10,644 vulnerabilities disclosed through June 30th, according to Risk Based Security’s 2018 Mid Year VulnDB QuickView report. This is the highest number of disclosed vulnerabilities at the mid-year point on record.

Five key security tips to avoid an IoT hack
Recently, Russian PIR Bank lost $1,000,000 because of a compromised router that allowed hackers to gain entry into their local network. Why did it happen and how companies can protect themselves?

Vulnerabilities in smart card drivers open systems to attackers
Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into the target system without valid credentials and achieve root/admin privileges.

New infosec products of the week​: August 17, 2018
A rundown of infosec products released last week.