Week in review: Insider threat essentials, tracing IP hijackers, cryptojacking worm hits Docker hosts

Here’s an overview of some of last week’s most interesting news, reviews and articles:

“Smart city” governments should also be smart about security
While the definition of “smart city” is still under debate, one thing is indisputable: the technologies used to make smart cities a reality are currently acquired and deployed after very little (or even no) security testing.

Cryptojacking worm compromised over 2,000 Docker hosts
Security researchers have discovered a cryptojacking worm that propagates using containers in the Docker Engine (Community Edition) and has spread to more than 2,000 vulnerable Docker hosts.

Product showcase: Alsid for AD
You are using Active Directory (AD) every day, every hour, every minute when you log into your device, open your emails, access an application, or share a file. But, guess what, it’s also used by hackers on a daily basis. Simply put, when attackers take control of your AD, they inherit godlike powers over your IT. Sweet.

Review: The Great Hack
The documentary covers the Facebook-Cambridge Analytica data scandal, which revealed how the UK-based political consulting firm used Facebook to influence voters during Ted Cruz’s and Donald Trump’s presidential campaigns and the Brexit campaign.

5 things security executives need to know about insider threat
Considering what’s at stake – and our 21st-century ability to see signs of, and ultimately prevent, insider threat – this is a phenomenon security executives can no longer afford to ignore.

Researcher releases PoC rooting app that exploits recent Android zero-day
Late last month Google Project Zero researcher Maddie Stone detailed a zero-day Android privilege escalation vulnerability (CVE-2019-2215) and revealed that it is actively being exploited in attacks in the wild. She also provided PoC code that could help researchers check which Android-based devices are vulnerable and which are not.

Viewing cybersecurity incidents as normal accidents
As we continue on through National Cybersecurity Awareness Month (NCSAM), a time to focus on how cybersecurity is a shared responsibility that affects all Americans, one of the themes that I’ve been pondering is that of personal accountability.

Analysis reveals the most common causes behind mis-issued SSL/TLS certificates
Researchers from Indiana University Bloomington have analyzed 379 reported instances of failures in certificate issuance to pinpoint the most common causes as well as systemic issues that contribute to these happening.

WAV files spotted delivering malicious code
Attackers have embedded crypto-mining and Metasploit code into WAV audio files to stymie threat detection solutions.

Researchers may have found a way to trace serial IP hijackers
Hijacking IP addresses is an increasingly popular form of cyberattack. This is done for a range of reasons, from sending spam and malware to stealing Bitcoin. It’s estimated that in 2017 alone, routing incidents such as IP hijacks affected more than 10 percent of all the world’s routing domains.

Microsegmentation for refining safety systems
When the TRITON (aka TRISIS) attack struck three refining sites in the Middle East in November of 2017, it was the first known cyber incident to target safety instrumented systems (SIS), specifically Schneider Electric’s Triconex gear.

Tamper Protection prevents malware from disabling Microsoft Defender AV
Microsoft Defender, the anti-malware component of Microsoft Windows, has been equipped with a new protective feature called Tamper Protection, which should prevent malware from disabling it.

Code dependency mapping’s role in securing enterprise software
Enterprise software is only as good as its security. Today, a data breach costs $3.92 million on average. Organizations are expected to spend $124 billion on security in 2019 and will probably invest even more given the alarming rate at which cyberattacks are growing.

Thoma Bravo to acquire Sophos for $3.9 billion
Thoma Bravo, a US-based private equity firm, has made an offer to acquire Sophos for $7.40 USD per share, representing an enterprise value of approximately $3.9 billion.

Six steps for implementing zero trust access
A zero trust architecture eliminates the idea for a trusted network inside a defined corporate perimeter, according to Forrester Research. Instead, the firm recommends creating micro-perimeters of control around sensitive data assets.

Fake mobile app fraud tripled in first half of 2019
In Q2 2019, RSA Security identified 57,406 total fraud attacks worldwide. Of these, phishing attacks were the most prevalent (37%), followed by fake mobile apps (usually apps posing as those of popular brands).

Key challenges impacting IT audit pros navigating an evolving risk landscape
Protiviti and ISACA surveyed 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide.

New infosec products of the week: October 18, 2019
A rundown of infosec products released last week.

More about

Don't miss