CyberOmaha Weekly – Mar 2, 2018

Welcome to CyberOmaha Weekly, a weekly roundup of security news collected from around the Internet.  Please send news tips and suggestions to

Application Security

2/27/2018: In-the-Wild DDoSes Use New Way to Achieve Unthinkable Sizes

Hackers have found a way to amplify distributed denial-of-service attacks by an unprecedented 51,000 times their original strength in a development that whitehats say could lead to new record-setting assaults that take out websites and Internet infrastructure. More… (via ArsTechnica)

3/2/2018: A Secure Development Approach Pays Off

Software security shouldn’t be an afterthought. That’s why the secure software development life cycle deserves a fresh look. More… (via DarkReading)

Operating System Security

2/15/2018: This Indian Text Will Crash ANY iPhone!

EverythingApplePro demonstrates how sending a specific Telugu character to an iPhone, iPad, or Mac user can cause the receiving device to crash. Apple addressed the issue in updates (tvOS 11.2.6, watchOS 4.2.3, iOS 11.2.6, macOS High Sierra 10.13.3) on February 19, 2018 – Apple advises users to apply the update.

3/1/2018: Microsoft Lobs Skylake Spectre Microcode Fixes Out Through Its Windows

Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips. More… (via The Register)

The Web

2/23/2018:  L.A. Time Website Injected with Monero Cryptocurrency Mining Script

The cryptojacking attack appears to have persisted for weeks before being addressed, as it was configured to not max out CPU usage. Hackers injected it through an unsecured AWS S3 bucket. More… (via Tech Republic)

2/26/2018: E-Mail Leaves an Evidence Trail

If you’re going to commit an illegal act, it’s best not to discuss it in e-mail. It’s also best to Google tech instructions rather than asking someone else to do it. More… (via Schneier on Security)

2/27/2018: Memcached Servers Being Exploited in Huge DDoS Attacks

Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211. More… (via DarkReading)

3/1/2018: 23k HTTPS Certs Will Be Axes in Next 23 hours After Private Keys Leak

Customers of HTTPS certificate reseller Trustico are reeling after being told their website security certs – as many as 23,000 – will be rendered useless within the next 24 hours. More… (The Register)


2/23/2018: ‘OMG’: New Mirai Variant Converts IoT Devices into Proxy Servers

The latest iteration of Mirai is dubbed “OMG,” and turns infected IoT devices into proxy servers while also retaining the original malware’s DDoS attack capabilities. More … (via DarkReading)

3/1/2018: Securing the Web of Wearables

Why security for the Internet of Things demands that businesses revamp their software development lifecycle. More… (via DarkReading)

Personal Privacy & Security

1/28/2018: Registered at SSA.GOV? Good for You, But Keep Your Guard Up

An older article but given that it’s tax season, good tips for keeping your personal information safe. According to the article, “even if you are not yet drawing benefits from the agency — because identity thieves have been registering accounts in peoples’ names and siphoning retirement and/or disability funds. This is the story of a Midwest couple that took all the right precautions and still got hit by ID thieves who impersonated them to the SSA directly over the phone.” More… (via KrebsOnSecurity)

2/06/2018: Would You Have Spotted This Skimmer?

When you realize how easy it is for thieves to compromise an ATM or credit card terminal with skimming devices, it’s difficult not to inspect or even pull on these machines when you’re forced to use them personally — half expecting something will come detached. For those unfamiliar with the stealth of these skimming devices and the thieves who install them, read on. More… (via KrebsOnSecurity)

2/13/2018: IRS Urges Taxpayers to Watch Out for Erroneous Refunds; Beware of Fake Calls to Return Money to a Collection Agency

The Internal Revenue Service today warned taxpayers of a quickly growing scam involving erroneous tax refunds being deposited into their bank accounts. The IRS also offered a step-by-step explanation for how to return the funds and avoid being scammed. More… (via

2/21/2018: FBI Warns of Increase in W-2 Phishing Campaigns

Beginning in January 2017, IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information. Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer. More… (via

2/22/2018: Chase ‘Glitch’ Exposed Customer Accounts

Multiple customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal “glitch” Wednesday evening that did not involve any kind of hacking attempt or cyber attack. More… (via KrebsOnSecurity)

2/22/2018: Shopping for a VPN App? Read This.

You probably know by now that using your mobile device on the public Wi-Fi network of your local coffee shop or airport poses some risk. Public networks are not very secure – or, well, private – which makes it easy for others to intercept your data. So, what can you do to keep your mobile data private and secure while out and about? Some consumers have started using Virtual Private Network (VPN) apps to shield the information on their mobile devices from prying eyes on public networks. Before you download a VPN app, you should know that there are benefits and risks.  More… (via

2/27/2018: Tips for Using Peer-to-Peer Payment Systems and Apps

Online peer-to-peer, or P2P, payment systems let you send money to people quickly. I’ve used them to collect money from the parents on my daughter’s soccer team and to send money to my brothers when we’ve bought a gift for a friend. Personally, I almost always know where my phone is, but I can’t say the same for my checkbook. More… (via


2/20/2018: The Emerging Link Between Well-Being and Cyber Security

When you think of important employee wellness benefits, cyber security services should be top of mind, given the epidemic of data breaches in recent years. More… (via Employee Benefit Advisor)

2/23/2018: Visa: EMV Cards Drove 70% Decline in Fraud

Visa reports, “For merchants who have completed the [EMV] chip upgrade, counterfeit fraud dollars dropped 70% in September 2017 compared to December 2017.” More… (via

3/1/2018: The top Frauds of 2017

The numbers are in, the counts have been made, and today the FTC announced what we heard from you during 2017. Here are some highlights. More… (via

3/1/2018: Major Data Breach at Marine Forces Reserve Impacts Thousands

The personal information of thousands of Marines, sailors and civilians, including bank account numbers, was compromised in a major data spillage emanating from U.S. Marine Corps Forces Reserve. More… (via Marine Corps Times)


CyberOmaha Weekly – Feb 19, 2018

Welcome to CyberOmaha Weekly, a weekly roundup of security news collected from around the Internet.  Please send news tips and suggestions to

Application Security

2/15/18: Multi-Stage Word Attack Infects Users Without Using Macros

Spam distributors are using a new technique to infect users with malware, and while this attack relies on having users open Word documents, it does not involve users having to allow the execution of macro scripts. More… (via BleepingComputer)

2/22/18:  Hackers Are Selling Legitimate Code-Signing Certificates to Evade Malware Detection

Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims. More… (via ZDNet)

Operating System Security

2/19/18: Apple Updates All Its Operating Systems to Address Indian Telugu Crash

Apple has released software updates for all four of its consumer operating systems—iOS, watchOS, tvOS, and macOS—to tackle an issue that allowed usage of the Indian Telugu character to cause those devices to crash.  More… (via ArsTechnica)

2/21/18:  Intel’s New Spectre Fix: Skylake, Kaby Lake, Coffee Lake Chips Get Stable Microcode

Customers running machines with newer Intel chips can expect to receive stable firmware updates for the Spectre CPU attack Variant 2 soon. More… (via ZDNet)

The Cloud

2/8/18:  New POS Malware Seals Data via DNS Traffic

Researchers at Forcepoint have discovered new point-of-sale (POS) malware disguised as a LogMeIn service pack that is designed to steal data from the magnetic stripe on the back of payment cards. More… (via DarkReading)

2/20/18: Money Laundering Via Author Impersonation on Amazon?

Patrick Reames had no idea why sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish. More… (via KrebsOnSecurity)

2/22:18: Unsecured Amazon S3 Buckets are Prime Cloud Target for Malware Attacks

Thousands of S3 buckets are incorrectly configured as being publicly writable, making them easy to exploit. More… (via TechRepublic)


2/22/18: Car Companies are Preparing to Sell Consumer Data to the Highest Bidder

Connected cars are going to monetize data, but most drivers don’t know that. More … (via ArsTechnica)


2/19/18: IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.” More… (via KrebsOnSecurity)

2/22/18: It’s Not What You Know, It’s What You Can Prove That Matters to Investigators

Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult. More… (via DarkReading)