CyberOmaha Weekly – Feb 19, 2018

Welcome to CyberOmaha Weekly, a weekly roundup of security news collected from around the Internet.  Please send news tips and suggestions to

Application Security

2/15/18: Multi-Stage Word Attack Infects Users Without Using Macros

Spam distributors are using a new technique to infect users with malware, and while this attack relies on having users open Word documents, it does not involve users having to allow the execution of macro scripts. More… (via BleepingComputer)

2/22/18:  Hackers Are Selling Legitimate Code-Signing Certificates to Evade Malware Detection

Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims. More… (via ZDNet)

Operating System Security

2/19/18: Apple Updates All Its Operating Systems to Address Indian Telugu Crash

Apple has released software updates for all four of its consumer operating systems—iOS, watchOS, tvOS, and macOS—to tackle an issue that allowed usage of the Indian Telugu character to cause those devices to crash.  More… (via ArsTechnica)

2/21/18:  Intel’s New Spectre Fix: Skylake, Kaby Lake, Coffee Lake Chips Get Stable Microcode

Customers running machines with newer Intel chips can expect to receive stable firmware updates for the Spectre CPU attack Variant 2 soon. More… (via ZDNet)

The Cloud

2/8/18:  New POS Malware Seals Data via DNS Traffic

Researchers at Forcepoint have discovered new point-of-sale (POS) malware disguised as a LogMeIn service pack that is designed to steal data from the magnetic stripe on the back of payment cards. More… (via DarkReading)

2/20/18: Money Laundering Via Author Impersonation on Amazon?

Patrick Reames had no idea why sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish. More… (via KrebsOnSecurity)

2/22:18: Unsecured Amazon S3 Buckets are Prime Cloud Target for Malware Attacks

Thousands of S3 buckets are incorrectly configured as being publicly writable, making them easy to exploit. More… (via TechRepublic)


2/22/18: Car Companies are Preparing to Sell Consumer Data to the Highest Bidder

Connected cars are going to monetize data, but most drivers don’t know that. More … (via ArsTechnica)


2/19/18: IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.” More… (via KrebsOnSecurity)

2/22/18: It’s Not What You Know, It’s What You Can Prove That Matters to Investigators

Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult. More… (via DarkReading)