A Review of the Best News of the Week on Cyber Threats & Defense
Chinese Hackers Bypassing Two-Factor Authentication (Schneier on Security, Dec 26 2019)
On December 18th, DeepInstinct put out a great article outlining the latest Legion Loader campaign. Whether a parent, or organization, this served as a great example to demonstrate the effectiveness of DNS in mitigating this type of attack. Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA…
Ransomware at IT Services Provider Synoptek (Krebs on Security, Dec 27 2019)
“Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible.”
Mitigating Web Threats with CleanBrowsing DNS (PerezBox, Dec 24 2019)
I encourage you to read DeepInstincts article if you want to better understand how it works. What I’ll focus in this article is how DNS can function as a highly effective security control to help you protect your network.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Evolution of OpenSSL Security After Heartbleed (SecurityWeek, Dec 26 2019)
OpenSSL has evolved a great deal in terms of security since the disclosure of the Heartbleed vulnerability back in 2014.
Defensive Wish List for 2020: Faster Responses to Threats (Dark Reading, Dec 27 2019)
Security professionals recommend technology to detect attacks that have already infiltrated a network.
Only 54% of security pros have a written policy on length and randomness for keys for machine identities (Help Net Security, Dec 27 2019)
People rely on usernames and passwords to identify themselves to machines so they can gain access to data and services. Machines also need to authenticate themselves to each other so they can communicate securely, relying on cryptographic keys and digital certificates, which serve as machine identities.
7 types of virus – a short glossary of contemporary cyberbadness (Naked Security – Sophos, Dec 28 2019)
BOTS, aka ZOMBIES
RATS (Remote Access Trojans)
WHAT TO DO?
Cisco ASA and Firepower Appliance seeing increased attacks (SC Magazine, Dec 27 2019)
The issue, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal bug in the web framework of the appliance. Using a specially crafted URL an attacker could cause the ASA appliance to reboot or disclose unauthenticated information. Cisco Talos has noted a spike in exploitation attempts using this flaw, which was first reported in June 2018.