A Review of the Best News of the Week on Cyber Threats & Defense
Vulnerabilities Discovered in VPN Used by NASA, Shell, and BT (Infosecurity Magazine, Dec 06 2019)
Weaknesses in the Aviatrix VPN were detected by Immersive Labs researcher and content engineer Alex Seymour on October 7, 2019. The multiple local privilege escalation vulnerabilities Seymour discovered would have allowed an attacker who already had access to a machine to escalate privileges and achieve anything they wanted. With the extra level of privileges, the attacker would have been able to dive into files, folders, and network services that the user would not previously have been able to access.
Prevent credential stuffing and account takeover attacks with these expert tips (Help Net Security, Dec 03 2019)
Use multi-factor authentication
Rate limit authentication requests
Flag unrecognized devices
Alert customers about new logins
Ransomware at Colorado IT Provider Affects 100+ Dental Offices (Krebs on Security, Dec 07 2019)
“A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
G Suite admins get restricted security code option (Help Net Security, Dec 05 2019)
Earlier this year, Google provided G Suite admins and users with a new 2FA option: one-time security codes based on security keys. Now it offers an new option to make them more secure: admins can limit their use to the same device and/or local network on which they were generated.
Same story all over again: Microsoft research finds millions of reused passwords (SC Magazine, Dec 06 2019)
The loud pleas made by the cybersecurity industry, along with the repeated examples of what happens when login credentials are reused, seemingly have fallen on deaf ears as Microsoft found more than 44 million repeated passwords just for its Azure AD and Microsoft Services Accounts. According to a newly published Microsoft Security Intelligence Report, the company’s threat team checked more than 3 billion credentials and found a match for over 44 million Azure AD and Microsoft Services Accounts for the first quarter of 2019.
American SMBs Fear Cyber-Attacks from Foreign Countries (Infosecurity Magazine, Dec 03 2019)
Small and medium-sized businesses in the US feel at risk from foreign cyber-attackers
Tetris game app used to distribute PyXie Python RAT (SC Magazine, Dec 03 2019)
A new remote access trojan whose name reminds one of a fairytale and not the potential nightmare it could bring to its victim has been disclosed by Cylance. PyXie Python RAT has been flitting about since 2018 helping deliver ransomware and other malware to the healthcare and education industries.
When it Comes to Securing Your Environment, Think Like an Attacker (SecurityWeek, Dec 03 2019)
Cybersecurity Teams Need Actionable Insight Into the Latest Techniques, Tactics and Procedures Being Used by Cyber Adversaries
Notorious spy tool taken down in global operation (WeLiveSecurity, Dec 03 2019)
IM-RAT, which could be had for as little as US$25, was bought by nearly 15,000 people
Microsoft looks to Rust language to beat memory vulnerabilities (Naked Security – Sophos, Dec 04 2019)
Microsoft is pressing ahead with an ambitious plan to de-fang common vulnerabilities hiding in old Windows code with the help of Rust.
Hackers Find Ways Around a Years-Old Microsoft Outlook Fix (Wired, Dec 04 2019)
Microsoft patched a vulnerability in Microsoft Outlook in 2017. It hasn’t slowed hackers down.
Payment card-skimming malware targeting 4 sites found on Heroku cloud platform (Ars Technica, Dec 04 2019)
Why host skimmers yourself when you can abuse a service to do it for free?
Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs (Dark Reading, Dec 04 2019)
ZeroCleare’ shares some of the same features as its more notorious predecessor, IBM Security says.
As threats dramatically increase, critical infrastructure cybersecurity training must evolve (SC Magazine, Dec 04 2019)
Additionally, a recent study by the Ponemon Institute revealed that 90% of professionals in industrial control systems (ICS) and operational technology (OT) environments reported at least one negative impact of a cyberattack in the past two years. While the adversaries largely remain unknown, these attacks more than likely resulted from flawed IT/OT integration, the complexities of Supervisory Control and Data Acquisition (SCADA) systems, lack of asset visibility, and inadequate cyber policies, among other vulnerabilities.
Intel Announces Compute Lifecycle Assurance to Protect Platform Supply Chains (SecurityWeek, Dec 04 2019)
Intel says it has identified four key lifecycle stages: build, transfer, operate and retire. It commits itself, over the next year, to build on its Transparent Supply Chain tools, to contribute best practices learned from experience, and to collaborate with the ecosystem to develop ways to improve security across the platform lifecycle.
Nation-State Attackers May Have Co-opted Vega Ransomware (Dark Reading, Dec 09 2019)
The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.
DNS over HTTPS’ threat to enterprise security (Help Net Security, Dec 09 2019)
DNS over HTTPS (DoH) is here, regardless who likes it or not. Unfortunately, a majority of guidance surrounding DoH is centered around individual consumer perspectives. For enterprise security leaders looking to manage the risks of DoH, that hasn’t been entirely helpful.
Mac users targetted by Lazarus ‘fileless’ Trojan (Naked Security – Sophos, Dec 06 2019)
The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.
Dridex Operators Continue to Target Financial Services, DHS Warns (SecurityWeek, Dec 09 2019)
The Dridex Trojan continues to pose a significant threat to user data and its operators are expected to continue using it in attacks targeting the financial services sector, the Department of Homeland Security warns.