Our handpicked selection of the most recent infosec articles, with a new use for IOT printers topping the list of creative efforts. To demonstrate their effectiveness, the printer advertising has been marketed via the same printers it promises to exploit for their potential customers’ purposes!
For more articles, check out our #onpatrol4malware blog.
New online service will hack printers to spew out spam
After a Twitter user hacked over 50,000 printers last week to promote PewDiePie’s YouTube channel as part of a guerilla marketing campaign, a new service has spawned over the weekend advertising the same type of functionality, but for everyone. Read more.
CoinMiners searching for hosts
Source: SANS ISC
We’ve seen the Elasticsearch being exploited using queries with script_fields for a while now, but we’re seeing an increased activity. Attacks coming from 18.104.22.168 are trying to exploit this vulnerability, and executing shell commands. Read more.
Testing email security products: Challenges and methodologies
Email security has been an important issue for decades now — ever since spammers started inundating corporate email inboxes with unwanted mail. Read more.
Mobile and IoT attacks – SophosLabs 2019 Threat Report
As internet users migrate from desktop and laptop computers to mobile and Internet of Things (IoT) platforms, cybercriminals are making the journey with them. Read more.
Part 1: Usability Is Security
Source: Duo Labs
Authentication and authorization have changed over the years, and continue to do so. As the internet became a core part of communications, threats expanded from local to global, and from technological to psychological. Read more.
Golden Chickens: Uncovering A Malware-as-a-Service (MaaS) Provider and Two New Threat Actors Using It
This blog post provides an overview on a specific Malware-as-a-Service (MaaS) used within the e-Crime threat actor landscape. Read more.
Check your repos… Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)
Source: The Register
A widely used Node.js code library listed in NPM’s warehouse of repositories was altered to include crypto-coin-stealing malware. The lib in question, event-stream, is downloaded roughly two million times a week by application programmers. Read more.