Email security

OceanLotus, Russia, & Google – Paul’s Security Weekly #599

March 29, 2019



In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale!

Paul's Stories

  1. Algorithms can now find bugs in computer chips before they are made - Help Net Security
  2. Advanced Breach Protection Demystified Untold Truths On Security Beyond AV
  3. Quantum Computing and Code-Breaking
  4. Operation SaboTor Police arrested 61 vendors and buyers in the dark web
  5. Grindr Poses National Security Risk, U.S. Gov Says
  6. Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
  7. Microsoft Tackles IoT Security with New Azure Updates
  8. New Shodan Monitor service allows tracking Internet-Exposed devices

Lee's Stories

  1. Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts Legacy access, IMAP, POP, SMTP are not protected by MFA and are default enabled result in a successful vector for password spraying attacks.
  2. Vietnam's OceanLotus Group Ramps up hacking car companies APT23 (aka OceanLotus) is aggressively targeting multinational auto manufacturers to get trace secrets and other sensitive information to augment their vehicle production capabilities.
  3. UC Browser violates Google Play Store Rules The very popular UC Mobile browser allows downloading executable content from the parent companies servers, bypassing the Google Play Store servers and update/vetting mechanisms.
  4. Russia is spoofing GPS Signals on a massive scale GPS Spoofing and jamming is purportedly to protect locations of sensitive people. The US Coast guard received 63 reports in 2018, and while the source is largely unexplained, as attribution is very difficult, C4ADS claims this impacted 1311 commercial ships in Russian waters since 2016.
  5. Pre-Installed Android Apps Face Little Oversight OEM installed Android Apps may have extra permissions and access to personal data, versus installing them after the fact. Which can result in benign/unrecognized data gathering.
  6. 61% of CIO's believe employees leak data maliciously Employees think they don't, IT leadership thinks they do. Root causes for intentional sharing include not having the needed collaboration tools. Unintended sharing comes from phishing and uneducated or uninformed workers. Unauthorized sharing also due to being rushed, stress, and tired workers.
  7. Apple releases multiple security updates Apple releases 51 iOS fixes, privilege escalation flaws in Windows products, Safari updates to stop arbitrary code execution, macOS updates focus on privilege escallation and kernal access flaws.

Larry's Stories

  1. Huawei gear with epic flaws
  2. Cisco Systems issued 24 patches Wednesday tied to vulnerabilities in its IOS XE operating system and warned customers that two small business routers (RV320 and RV325) are vulnerable to attack and that no patches are available for either. A total of 19 of the bugs were rated high severity by Cisco, with the others rated medium.
  3. Unsealed court documents reveal the work of Microsoft’s Digital Crimes Unit (DCU) in targeting the Tehran-linked APT35 group, also known as Charming Kitten and Phosphorous
  4. DLA Piper has become the latest big name to be denied a multimillion-dollar cyber insurance claim following major losses caused by the NotPetya
  5. Huawei bungled its response to warnings from an ISP's code review team about a security vulnerability common across its home routers – patching only a subset of the devices rather than all of its products that used the flawed firmware.
  6. Office Depot and have coughed up $35m after they were accused of lying to people that their PCs were infected with malware in order to charge them cleanup fees
  7. Microsoft is claiming its attempts at disrupting a well-known Iranian state-sponsored APT group have had a “significant impact.”
  8. Security researchers have come across a waterholing campaign that have compromised four South Korean websites by injecting fake login forms to steal user credentials.

Full Show Notes

Follow us on Twitter:


[caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Sr. InfoSec Consultant, Online Business Systems.[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst , Lawrence Livermore National Laboratory.[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research, InGuardians.[/caption]








  • We just released our 2019 Security Weekly 25 Index Survey. Please go to and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.


[audio src="" ]

prestitial ad