Weekly News Roundup — Feb. 17 to Feb. 23

Summary

— Hello, and welcome to Security Soup’s continuing news coverage of highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests.

Highlights: Palo Alto Networks announced their intent to acquire Demisto, an incident response and orchestration platform. We also had several more vendors continue to release Q4 or 2018 End of Year reports — Crowdstrike and Symantec as notable examples. An updated version of Kali Linux was released with major upgrades for the Metasploit framework. A decryptor was released for the GandCrab v5.1 ransomware, although v5.2 is already showing up in campaigns. Several leading password managers were shown to leak data in memory, but they are still better than reusing passwords. A POC exploit was released for the recent container escape vulnerability.

Industry News and Reports

• Splunk Announces withdraw from business ventures in Russia | Splunk
• Palo Alto to acquire Demisto For $560M | Palo Alto Networks
• John Strand resigning from SANS | Black Hills Information Security
• First Edition of ICS “Ask Us Anything” | Dragos
• China’s Biotechnology Development | U.S.-China Economic and Security Review Commission
• The Advanced Persistent Threat Files: APT1 | Malwarebytes
• Statistics for 2019: The Chances Your Business Will Be Attacked | Lastline
• Quarterly Threat Landscape Report Q4 2018 | Fortinet
• Risks to serving Military Personnel in the digital arena | NATO STRATCOM
• Adversary Tradecraft and the Importance of speed – 2019 Global Threat Report | Crowdstrike (email registration required for access)
• Internet Security Threat Report 2019 Volume 24 | Symantec (email registration required for access)
• Securing People | Alien Vault
• Securing the Cloud, Mobile and IoT – 2019 Security Report | Check Point (email registration required for access)
• 2018 Holiday Shopping Season Threat Activity | RiskIQ (email registration required for access)
• Year of the Dragon – 2018 Summary | Clearsky Security
• 2018 Threat Report: Multilayered attacks on the rise | BluVector (email registration required for access)

Tools and Tips

• Malware analysis with WinDbg made easier with JavaScript bridge | Talos
• Kali Linux updated to version 2019.1 | Kali
• Explaining the ATT&CK framework for Non-security folks (Video) | Crowdstrike
• How to detect fileless malware: A Crash Course | Alien Vault
• Finding property values in Office documents with oledump.py | ISC SANS Diary
• Bro-Sysmon: an open-source project integrating Bro and Sysmon | Salesforce Engineering
• Honey Feed: Downloads malicious IPs from honeypot network | Marco Ramilli
• New Versions of Sysmon v9.0 and Autoruns v13.94 released | Microsoft TechNet

Threats in the Wild – Malware, Phishing, and other campaigns

• Exploring the human side of Ryuk ransomware | McAffee
• Technical analysis of a recent Emotet variant | Fortinet
• Decryptor released for GandCrab v5.1 | Bitdefender
• A deep dive on recent DNS hijacking operations | Krebs
• Google reCAPTCHA leveraged to hide banking malware | Sucuri
• Digging Deep Into Magecart | Trustwave
• The More_eggs backdoor delivered via Fake Job Offers | Proofpoint
• Top 5 most popular tactics against Wi-Fi networks | Imperva
• Reports of massive uptick in “Brushaloader” detection | Talos
• A review of noteworthy phishing campaigns | Malwarebytes
• Cryptominer leverages Radmin and Mimikatz to propagate | Trendmicro
• The Separ infostealer and living of the land | Deepinstinct
• APT28 targeted European think tanks and non-profits | Microsoft

Vulnerabilities and Exploits

• Proof of Concept (POC) exploit code published for container escape (CVE-2019-5736) | github.com/Frichetten
• A 19 year old vulnerability in WinRAR | Checkpoint
• A Linux Kernel code execution vulnerablity | NIST
• Microsoft fixes a DoS Vulnerability in Windows Server running IIS | Microsoft
• Password managers are leaking data in memory | Independent Security Evaluators
• Drupal released highly critical security advisory (SA-CORE-2019-003) | Tenable

Breaches, Government, and Law Enforcement

• Threat group “Gnosticplayers” sells another round of databases | ZDNet
• The U.K. government supports use of Huawei devices| U.K. National Cyber Security Centre
• Phishing leads to data breach for 30,000 Mississippi Hospital Patients | Health IT Security
• Coverage of “Data Breaches of the Week” | Threatpost
• General Paul M. Nakasone discusses U.S. Cyber Command “cyber-presistant force” | Bruce Schneier | Joint Forces Quarterly Issue 92, 1st Quarter 2019
• Wendy’s agrees to pay $50M for negligence in data breach settlement | SC Magazine
• Swedish Healthcare breach leaks millions of phone call recordings | Computer Sweden