A Review of the Best News of the Week on Cyber Threats & Defense

Hackers Can Mess With Voltages to Steal Intel Chips’ Secrets (Wired, Dec 10 2019)
A new attack called Plundervolt gives attackers access to the sensitive data stored in a processor’s secure enclave.

This password-stealing hacking campaign is targeting governments around the world (ZDNet, Dec 12 2019)
Researchers uncover a phishing campaign attempting to steal login credentials from government departments across North America, Europe and Asia – and nobody knows who is behind it.

Inside ‘Evil Corp,’ a $100M Cybercrime Menace (Krebs on Security, Dec 16 2019)
“The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “Evil Corp” and stole roughly $100 million from businesses and consumers. As it happens, for several years KrebsOnSecurity closely monitored the day-to-day communications and activities of the accused and his accomplices. What follows is an insider’s look at the back-end operations of this gang.”

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Microsoft demystifies email attack campaigns targeting organizations (Help Net Security, Dec 10 2019)
Email is attackers’ preferred method for gaining a foothold into organizations. Campaign views, a new type of report available to some Microsoft enterprise customers, allows security teams to see how successful specific email attack campaigns have been at compromising their organization and to thwart future ones.

Snatch ransomware pwns security using sneaky ‘safe mode’ reboot (Naked Security – Sophos, Dec 10 2019)
Deployed recently by the Russian-developed ‘Snatch’ ransomware – named after the 2000 movie of the same name – it’s effective against much endpoint security software, which often doesn’t load when safe mode is in operation.

Ryuk ransomware contains a bug causing data loss for some victims (ZDNet, Dec 10 2019)
Cyber-security firm Emsisoft said it found a bug in Ryuk’s decrypter app that makes file recovery impossible, even after paying the ransom demand.

Only Half of Malware Caught by Signature AV (Dark Reading, Dec 11 2019)
Machine learning and behavioral detection are necessary to catch threats, WatchGuard says in a new report. Meanwhile, network attacks have risen, especially against older vulnerabilities, such as those in Apache Struts.

Highly Targeted ‘Zeppelin’ Ransomware Hits Tech, Healthcare Firms (SecurityWeek, Dec 12 2019)
A new, highly targeted piece of ransomware has hit a handful of tech and healthcare companies in Europe and the United States, BlackBerry Cylance reports. 

Suspected Maze Ransomware Attack Disrupts Major US Wire Manufacturer (Infosecurity Magazine, Dec 13 2019)
Cybersecurity incident disrupts manufacturing and shipping at Southwire

Large Hospital System Hit by Ransomware Attack (SecurityWeek, Dec 14 2019)
New Jersey’s largest hospital system said Friday that a ransomware attack last week disrupted its computer network and that it paid a ransom to stop it.

Microsoft Patches Windows Zero-Day Exploited in Korea-Linked Attacks (SecurityWeek, Dec 11 2019)
Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 vulnerabilities, including a Windows zero-day that has been exploited in attacks alongside a Chrome zero-day.

Trickbot Operators Now Selling Attack Tools to APT Actors (Dark Reading, Dec 11 2019)
North Korea’s Lazarus Group – of Sony breach and WannaCry fame – is among the first customers.

BAE Systems receives DARPA contract to prevent vulnerabilities in electronic files (Help Net Security, Dec 11 2019)
BAE Systems has been awarded a contract by the U.S. Defense Advanced Research Projects Agency (DARPA) to develop new cyber tools designed to help prevent vulnerabilities in electronic files that can lead to cyberattacks.

Waking Up to Third-Party Security Risk (Dark Reading, Dec 12 2019)
You can’t rely on the words, intentions, or security measures of others to guard your company, customer and brand.

The importance of proactive patch management (Help Net Security, Dec 13 2019)
IT teams appreciate it when vendors or security researchers discover new vulnerabilities and develop patches for them. So do attackers.

Maze behind Pensacola ransomware attack (SC Magazine, Dec 12 2019)
Maze was behind the ransomware attack on the City of Pensacola that began early Saturday morning, and its operators have demanded a $1 million ransom to provide the municipality with a decryptor. The Maze operators, who typically threaten to publish files online if victims don’t pony up, said in a Bleeping Computer report…

Visa Warns of Targeted PoS Attacks on Gas Station Merchants (Dark Reading, Dec 13 2019)
At least two North American chains have been hit in sophisticated new campaigns for stealing payment card data.

Facebook Worker Payroll Data Stolen From Car (SecurityWeek, Dec 16 2019)
Facebook on Friday alerted employees that hard drives rich with information about those on the social network’s payroll were stolen from a car last month.