AttackWise cyber security round-up 16 February 2019

//AttackWise cyber security round-up 16 February 2019

Real or fake?

In the news

In the wild

  • A Facebook credential attack that uses html to produce visually perfect phishing page complete with SSL indicators and legitimate URL.
  • Dunkin Donuts has suffered a credential stuffing attack.

Research, reports, opinions

  • A functional prototype of a USB cable with an inbuilt WiFi transmitter has been demonstrated. In the demo video the creator remotely controls a computer using the USB cable as a receiver.
  • Cisco has released their 2019 Threat Report which focusses on five key threats on the past year that they see as being relevant for 2019. If you are not yet aware of “modular malware” then it is worth a read.
  • ProofPoint has released their Quarterly Threat Report. One key takeaway, “the pendulum of malware delivery mechanisms in email continued to swing towards URLs; malicious URLs outnumbered attachments like macro-laden documents by over 370%”.
  • A US Government report has been released on the Equifax data breach that impacted 143 million customers. If your IT security function reports into the Legal department then you may want to read about the operational impact this had at Equifax.
  • An interesting perspective on Blockchain, “Blockchain solutions are often much worse than what they replace”.

Security advisories

UK industry events