We launch our redesigned email with this issue. We trust it will reach you now in a shorter, more user-friendly format. The full range of selected reading you're accustomed to seeing is still there, accessible on our webpage.
That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.
China has summoned the US ambassador to demand an explanation for the arrest (in Canada) of Huawei CFO Meng, promising significant consequences if she's not promptly released (Guardian). The US charges Meng faces could bring significant prison time, should she be tried and convicted: multiple charges of conspiracy to commit fraud could bring thirty years each (CNBC). US companies are jittery about possible retaliation—Cisco, for one, is said to have moved to restrict non-essential employee travel to China (Bloomberg). The lawfare may grow sharper: the US is said to be preparing to unseal a number of additional indictments of Chinese nationals, perhaps as early as this week (Wall Street Journal).
The Kubernetes privilege escalation vulnerabilities recently revealed continue to pose a very widespread risk to users of the popular container technology (Dark Reading).
Researchers at Stealthcare report that Russia’s seizure of three Ukrainian vessels in the Kerch Strait at the end of November was preceded by coordinated cyber operations directed against Ukrainian government assets. The threat groups involved include the familiar demimondaines of Carbanak and FSB-associated Gamaredon. The campaign is thought to have aimed at developing intelligence for the anticipated naval operation (Defense One). Stealthcare also reads the attack on FSBI Polyclinic Number 2, a hospital connected to Russia’s Presidential Administration, as probably Ukrainian retaliation (360 Core Security).
Today's issue includes events affecting Australia, Canada, China, European Union, Israel, Russia, Saudi Arabia, Taiwan, Turkey, Ukraine, United Kingdom, United States
What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.
And if you haven't yet listened to Research Saturday, you can catch it here. In this edition, "Operation Red Signature targets South Korean supply chain," we hear how researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan. Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.