AttackWise cyber security week in review 1 April 2019

//AttackWise cyber security week in review 1 April 2019

In the news

  • Hackers hijacked ASUS Software Updates to install backdoors on thousands of computers.
  • The investigator hired to look into the release of intimate images of Jeff Bezos said Saturday he has concluded that Saudi Arabian authorities hacked the Amazon chief’s phone to access his personal data
  • The U.S. Congress introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019, which aims to “leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices”. A summary of what the Act means is here and contains many requirements that every organisation should already be thinking about for IoT.
  • Huawei cyber security evaluation centre oversight board (which is formed under a set of arrangements between Huawei and Her Majesty’s Government) has released its fifth annual report. The key conclusions include, “the Oversight Board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term.”
  • Facebook removed 2,632 Pages, Groups and accounts that engaged in coordinated inauthentic behaviour on Facebook and Instagram. Facebook said the operations were connected to Iran, Russia, Macedonia and Kosovo.

Research, reports, opinions

  • A simple write-up on bypassing Microsoft Windows Defender by using tool to obfuscate the functions, variables and parameters of a “malicious” script.
  • Well worth a read: An in-depth look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.
  • An interesting read, with plausible techniques regardless if true or not: LinkedIn is becoming China’s go-to platform for recruiting foreign spies.

Security advisories

  • Apple has released various security updates.
  • Cisco has released various security updates including one rated Critical for Webex (the updates include a poor fix to address vulnerabilities in various SMB routers that allow remote unauthenticated information disclosure leading to remote code execution).
  • VMware has released two Critical security updates.
  • Magento has released updates to address critical vulnerabilities.
  • Mozilla has released updates to address critical vulnerabilities in Thunderbird.

UK Cyber events