Cyber Security Week in Review (Feb. 22)



Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.

Top headlines this week


  • U.S. officials charged a former member of the Air Force with defecting in order to help an Iranian cyber espionage unit. The Department of Justice say the woman collected information on former colleagues, and then the Iranian hackers attempted to target those individuals and install spyware on their computers.
  • The U.S. Department of Justice is dismantling two task forces aimed at protecting American elections. The groups were originally created after the 2016 presidential election to prevent foreign interference but after the 2018 midterms, the Trump administration shrunk their sizes significantly. 
  • Facebook and the U.S. government are closing in on a settlement over several privacy violations. Sources familiar with the discussions say it will likely result in a multimillion-dollar fine, likely to be the largest the Federal Trade Commission has ever imposed on a technology company. 

From Talos


  • There’s been a recent uptick in the Brushaloader infections. While the malware has been around since mid-2018, this new variant makes it more difficult than ever to detect on infected machines. New features include the ability to evade detection in sandboxes and the avoidance of anti-virus protection. 
  • New features in WinDbg makes it easier for researchers to debug malware. A new JavaScript bridge brings WinDbg in line with other modern programs. Cisco Talos walks users through these new features and shows off how to use them. 

Malware roundup


  • Google says it’s stepping up its banning of malicious apps. The company says it’s seen a 66 percent increase in the number of apps its banned from the Google Play store over the past year. Google says it scans more than 50 billion apps a day on users’ phones for malicious activity. 
  • A new campaign using the Separ malware is attempting to steal login credentials at large businesses. The malware uses short scripts and legitimate executable files to avoid detection. 
  • A new ATM malware called "WinPot" turns the machines into "slot machines." This allows hackers to essentially gamify ATM hacking, randomizing how much money the machine dispenses. 

The rest of the news


  • The U.S. is reviving a secret program to carry out supply-chain attacks against Iran. The cyber attacks are targeted at the country’s missile program. Over the past two months, two of Iran’s efforts to launch satellites have failed within minutes, though it’s difficult to assign those failures to the U.S. 
  • Australia says a “sophisticated state actor” carried out a cyber attack on its parliament. The ruling Liberal-National coalition parties say their systems were compromised in the attack. Since then, the country says it’s put “a number of measures” in place to protect its election system. 
  • Cisco released security updates for 15 vulnerabilities. Two critical bugs could allow attackers to gain root access to a system, and a third opens the door for a malicious actor to bypass authentication altogether. 
  • Facebook keeps a list of users that it believes could be a threat to the company or its employees. The database is made up of users who have made threatening posts against the company in the past. 


Article Link: http://feedproxy.google.com/~r/feedburner/Talos/~3/m981hG5UNQ8/cyber-security-week-in-review-feb-22.html