It's been an exciting week for sure in InfoSec. Here are some of the top stories I found:
1. New features in Open Threat Exchange (OTX)
The worlds largest open threat sharing platform has introduced some new tricks. There are many improvements, but perhaps one of the most interesting is the new adversary pages. Each adversary gets its own page and pulls together information from various sources.
- Operation Cloud Hopper
- Operation Cloud Hopper Pulse
2. Robbing banks
Cyberciminals apparently took control of a Brazilian Bank for five hours. During this time they intercepted all of its online banking, mobile, point of sale, ATM, and investment transactions. The attack made use of valid SSL digital certificates and Google Cloud.
- Fileless banking malware attackers break in, cash out, disappear
- More evidence N. Korea linked to Bangladesh heist
3. Password managers don’t have to be perfect
Troy Hunt weighs in on the LastPass issue and why despite these issues, the benefits of a password manager outweight the disadvantages.
Overall, this is an excellent point which many security professionals often lose sight of. Often, much time and many resources are spent in an attempt to get the perfect security solution, when in actual fact, “good enough” often is adequate.
4.Infrastructure diversity – Hunting in Shared Infrastructure
A really good read that also serves as a reminder to red teams not to fall into a rigid routine
5. Explaining the broadband privacy bill
The average person remains somewhat confused around what the privacy bill is and what does it mean. Like what can your ISP track or not?
6. Don’t mess with your IoT provider
It’s not just cyber-criminals that are looking to hold your IoT devices to ransom. A customer purchased an IoT garage opener and wasn’t overly happy with it, so left a negative review. The result – the manufacturer blocked the device from accessing its services.
- Samsung Tizen “worst code I’ve ever seen”
- What does a lack of internet privacy mean for IoT
- Cisco Aironet has hard-coded passwords
7. FBI arrests hacker who hacked no one
A very interesting story about Taylor Huddleston, a developer who authored a remote administration tool (RAT), called NanoCore that happens to be popular with hackers. As a result, the FBI are looking to press charges against him, claiming they have no doubt Huddleston created the tool with ill intent.
It raises serious questions around the liability of developers if their tools end up being used for malicious purposes.
- Brian Krebs expanded on this story with some extra insights
- A copy of the indictment
- A related story from last year regarding the Orcus RAT
8. Fired sysadmin goes rogue
In an unexpected twist, a former IT administrator working at a cowboy boot manufacturer has pled guilty to hacking the servers and cloud accounts of his employer after they fired him.
It proves that not having a Joiners Movers and Leavers (JML) process in place can greatly increase the insider threat.
9. Mirai, don’t call it a comeback
The IoT powered botnet was observed carrying out a huge 54-hour DDoS attack on a US university last month. The attack peaked at around 37,000 RPS from compromised devices around the world.
- Mirai 2.0 hits college
- University network flooded by hacking its own vending machines
- New Mirai variant launches application layer attacks
10. Ditch the elevator pitch
Less security related, but an interesting counter-point to the oft-touted elevator pitch.