A selection of our favorite infosec articles from May 2018. Cryptocurrency-mining makes its regularly scheduled appearance, and for some ‘fun’ reading, check out the SecureList article “History of malicious programs”. There’s a year-by-year breakdown of major security incidents, such as when specific viruses first appeared, along with details about their reach and significance.

For more articles, check out our #onpatrol4malware blog.

Compromised Magento Sites Delivering Malware

Source: Flashpoint

Botnet operators and cyber-espionage groups (APTs) are abusing the Universal Plug and Play (UPnP) protocol that comes with all modern routers to proxy bad traffic and hide their real location from investigators. Read more.

History of Malicious Programs

Source: SecureList

The epidemics of the past few years have introduced the majority of computer users to viruses, worms and Trojans – usually because their computers were attacked. The media has also played a role, reporting more and more frequently on the latest cyber threats and virus writer arrests. Read more.

CyberWar Map

Source: National Security Archive

The National Security Archive’s Cyber Vault Project is announcing the launch of the CyberWar Map. This resource is both a visualization of state-sponsored cyberattacks and an index of Cyber Vault documents related to each topic. Read more.

Best Practices for Designing a Security Operations Center

Source: Security Intelligence

When designing a SOC, security leaders must consider many factors, like business requirements, the skills of the analysts working in the SOC, the team’s scope and responsibilities and the organization’s security budget. Read more.

Attention PGP Users: New Vulnerabilities Require You To Take Action Now

Source: Electronic Frontier Foundation

European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Read more.

Leaving on a jet plane: the trade in fraudulently obtained airline tickets

Source: Springer Link

Every day, hundreds of people fly on airline tickets obtained fraudulently. This crime script analysis provides an overview of the trade in these tickets, drawing on interviews with industry and law enforcement, and an analysis of an online black market. Read more.

Oh Joy! Source Code of TreasureHunter PoS Malware Leaks Online

Source: Bleeping Computer

Expect an influx of Point-of-Sale malware in the coming months after the release of the source code of the TreasureHunter PoS malware on a Russian-speaking cybercrime forum in March 2018. Read more.

New MassMiner Malware Targets Web Servers With an Assortment of Exploits

Source: Bleeping Computer

Security researchers have detected a new wave of cryptocurrency-mining malware infecting servers across the web, and this one is using multiple exploits to gain access to vulnerable and unpatched systems to install a Monero miner. Read more.


Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

Source: Trend Micro

Cybercriminals have been actively engaged in cryptocurrency-mining malware activities, ranging from those that exploit consumer hardware graphics processing units (GPUs) to those that take advantage of users’ mobile devices. Read more.