Network Security News Weekly

Current cybersecurity news to keep you informed.
IT Services | Government | Financial | Healthcare | Non-Profit

Articles of interest from the week of July 9, 2018


Effective Data Security Is A Team Effort
Phishers are using a simple but effective trick to fool Microsoft’s NLP-based anti-phishing protections and Office 365 users into entering their login credentials into spoofed login pages. The phishing emails landing in targets’ inboxes warn potential victims that their email account has reached a “maximum quota limit” and that they should upgrade their account. To the casual observer, the emails appear to be “signed” by Microsoft. (By: Cybersecurity Intelligence)

Identity verification: Staying ahead of post-breach era consumer preferences
In the wake of numerous high-profile data breaches and privacy incidents, consumers are increasingly concerned about the security of their identities and what companies are doing to keep them safe. Ultimately, there is a strong need for bi-directional trust between consumers and businesses: Consumers must trust that businesses will protect them, and businesses must trust that they’re dealing with legitimate consumers. (By: , Help Net Security)

Security issues in the LTE standard expose billions on mobile users to attacks
A team of from Ruhr-Universität Bochum and New York University Abu Dhabi has discovered some security issues in the LTE mobile device standard that could be exploited by persistent attackers (i.e. intelligence agencies, well-funded groups) to spy on users’ cellular networks, eavesdrop communications, hijack their data traffic. The experts devised surveillance techniques that allowed them to identify people within a phone tower radio cell, spy on their traffic, and redirect them to rogue websites by tampering with DNS lookups. (By: , Security Affairs)

91% of critical incidents involve known, legitimate binaries like PowerShell
Opportunistic threat actors are leveraging trusted tools, like PowerShell, to retrieve and execute malicious code from remote sources. According to eSentire, 91% of endpoint incidents detected in Q1 2018 involved known, legitimate binaries, such as PowerShell or mshta.exe. A recent report also indicates a dramatic increase in attacks targeting popular consumer-grade routers, like Netgear and Linksys (both of whom own a significant share of the consumer network device market, at 51% and 26% respectively), – researchers saw a 539% increase from Q4 2017 to Q1 2018. (By: , Help Net Security)

ROWHAMMER VARIANT ‘RAMPAGE’ TARGETS ANDROID DEVICES ALL OVER AGAIN
Researchers have found a new variation of the Rowhammer attack technique they have dubbed RAMpage. The vulnerability could allow an adversary to create an exploit to gain administrative control over targeted Android smartphones and tablets. The flaw impacts Android devices dating back to 2012. RAMpage follows a string of Rowhammer variants that have come to light since 2015 when researchers initially identified the flaw in DRAM memory in laptops and PCs. (By: , Threatpost)

Microsoft offers new Azure AD tool to nix easily guessed passwords
Azure AD Password Protection is a banned password system that can be used both in the cloud and on-premises wherever users change their passwords, and it takes advantage of a regularly updated databased of banned passwords. This database includes a list of more than 500 of the most commonly used passwords, plus over 1 million character substitution variations of those passwords, and Microsoft uses it in the cloud for Microsoft accounts and Azure AD accounts. (By: , Help Net Security)

3 Basic Practices for Cleaning Your Website Security Strategy
A cyberattack can be devastating for a small business, so auditing your website’s security measures is vital. Although it requires sufficient resources and knowledge to keep your security strategy up to date, it’s imperative that businesses make the investment. (By: , Small Biz Daily)



Sign Up For Netsec News Weekly

Ingalls Information Security
TOP