Week in review: First-ever UEFI rootkit, Apple DEP vulnerability, new tactics subvert traditional security measures

Here’s an overview of some of last week’s most interesting news and articles:

What do you mean by storage encryption?
Depending on the threat context and how you define “storage encryption,” it can be a highly effective control or a complete waste of resources.

Phorpiex bots target remote access servers to deliver ransomware
Threat actors are brute-forcing their way into enterprise endpoints running server-side remote access applications and attempting to spread the GandCrab ransomware onto other enterprise computers.

LoJax: First-ever UEFI rootkit detected in a cyberattack
ESET researchers have discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims’ computers. Dubbed LoJax, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe and is the first-ever publicly known attack of this kind.

Vulnerabilities and architectural considerations in industrial control systems
The reason SCADA security is so controversial stems primarily from the intense consequences that come from a compromise in this area. In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about SCADA vulnerabilities in ICS architectures.

Apple DEP vulnerability lets attackers access orgs’ resources, info
An authentication weakness in Apple’s ​Device Enrollment Program​ (DEP) may allow attackers to enroll any device into an organization’s Mobile Device Management server and, consequently, to obtain privileged access to the private resources of an organization or even full VPN access to internal systems.

Downloads of known vulnerable open source components increase 120%
Sonatype today released its fourth annual State of the Software Supply Chain Report, which reveals the widespread use of vulnerable software components by businesses around the world.

Firefox Monitor tells you whether your email was compromised in a data breach
After a few months of user testing, Mozilla has launched Firefox Monitor, a free online service that allows users to check whether their email address was involved in a publicly known data breach and to sign up to get notified if the account appears in new data breaches.

French cybersecurity agency open sources security hardened CLIP OS
After developing it internally for over 10 years, the National Cybersecurity Agency of France (ANSSI) has decided to open source CLIP OS, a Linux-based operating system developed “to meet the specific needs of the [French] administration,” and is asking outside coders to contribute to its development.

You should prepare for the next mega data breach
In the wake of widespread data breaches, many organizations have quickly increased their cybersecurity spend and embraced new identity protection protocols to protect their customers’ information. The challenge with this approach is that while technology has historically moved and evolved rapidly to support changes in business and consumer demands, the security protocols surrounding it have had difficulty keeping pace.

Researchers develop invisibly thin spray-on antennas
The promise of wearables, functional fabrics, the Internet of Things, and their “next-generation” technological cohort seems tantalizingly within reach. But researchers in the field will tell you a prime reason for their delayed “arrival” is the problem of seamlessly integrating connection technology – namely, antennas – with shape-shifting and flexible “things.” But a breakthrough by researchers in Drexel’s College of Engineering, could now make installing an antenna as easy as applying some bug spray.

A law enforcement view of emerging cybercrime threats
Cybercriminals are adopting creative new techniques to target their victims at an unprecedented pace and are constantly seeking methods to avoid law enforcement detection. To stay ahead of them, law enforcement should target cybercriminals offering “off-the-shelf” cyber-attack services or products to make it more difficult for low-level cybercriminals to carry out high-level attacks.

Security and privacy improvements in macOS Mojave
Apple has released macOS Mojave, which comes with a new Dark Mode, a redesigned Mac App Store, and many new and modified features. It also sports changes aimed at enhancing users’ privacy and security.

How organizations overcome cybersecurity hiring challenges
A strong security-focused culture and adherence to best practices helps companies attract and retain cybersecurity talent.

Cybersecurity has a diversity problem: Here’s why
Greater diversity in cybersecurity is critical to catering to a more diverse consumer base, which in turn, increases the bottom line.

Hackers are finding creative ways to target connected medical devices
Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights.

Are you ready? A good incident response plan can protect your organization
Organizations must have conversations that lead to the generation of a custom-fit IR plan. This not only includes what to do in the event of an incident, but also how to address incidents before they occur.

Smart homes, dumb devices: Making the IoT safe
The reality is that home networks of the average, uninformed users are rarely well protected.

The state of network security in organizations with 1000+ employees
Security team size at the largest organizations does not scale with the number of overall employees, but they are more likely to include staff with specialized roles.

New tactics subvert traditional security measures and strike organizations of all sizes
Alert Logic released its latest cybersecurity analysis, “Critical Watch Report: The State of Threat Detection 2018,” which shows attackers are gaining vastly greater scale through new techniques such as killchain compression and attack automation, expanding the range of organizations under constant attack regardless of industry or size.

New infosec products of the week​: September 28, 2018
A rundown of infosec products released last week.