Summary
— Hello, and welcome to Security Soup’s continuing news coverage of highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests.
Industry News and Reports
- F5 Networks to acquire NGINX
- Avast: Global PC Risk Report 2019
- Carbon Black: 2019 Cyberattack Landscape in Canada (email registration required for access)
- ISACA: State of Cybersecurity 2019
- Spam and phishing in 2018
Tools and Tips
- Adapting Cuckoo SandBox to the cloud on AWS
- PE-sieve updated to v 0.2
- “More DFIR With Less Time”
- Intro to Cutter for Malware Analysis
- ATOMIC: Clustering attacker activity at scale
- BHIS Webcast: Tracking attackers. Why attribution matters and how to do it.
- DLL Hijacking & Ghidra
Threats in the Wild – Malware, Phishing, and other campaigns
- Recent GandCrab ransomware distributions leverage a fake CDC flue warning
- Malwarebytes revisits the Emotet threat
- Nymaim config decoded
- MFA bypass for cloud accounts via phishing and credential dumps
- “Powload” technique evolution from fileless to steganography
- Remote Access Trojans (RATs) and corporate risk
- An analysis of new Emotet spreader modules
- “Uncomfortable Truth” series about Phishing Defense
- Not just for BEC: A look at email threadjacking to spread malware
- Check Point: February 2019’s Most Wanted Malware
- A look at enhance stealer features for new Ursnif variants
- PsMiner: a new Go-based mining worm
Vulnerabilities and Exploits
- Cross-site scripting (XSS) vulnerability in shopping cart plugin leads to WordPress compromises
- An unpatched Windows flaw could allow an attacker to spoof security dialog boxes
Breaches, Government, and Law Enforcement
- Citrix discloses an unauthorized access to its network
- Delaware Guidance Services pays ransom to criminals
- Several companies apparently leaked sensitive data from misconfigured Box accounts
- Ohio introduces Data Protection Act
- Russian regime temporarily blocked access to ProtonMail
- U.S. bill for ‘IoT’ security standards