A Review of the Best News of the Week on Cyber Threats & Defense

We Talked to Experts About Iran’s Cyberwar Capabilities (VICE, Jan 03 2020)
Iran lacks the overall cyber capabilities of Russia, China, or the U.S., but its hackers can still do damage.

Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group (Dark Reading, Dec 31 2019)
Thallium’ nation-state threat group used the domains to target mostly US victims.

Ransomware forces Richmond Community Schools to close (SC Magazine, Jan 03 2020)
The Michigan district was hit on Dec. 27, with district officials informing parents and students on Dec. 31 that the planned Jan. 2 school re-opening would be pushed back.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Automotive cybersecurity incidents doubled in 2019, up 605% since 2016 (Help Net Security, Jan 06 2020)
Upstream Security’s 2020 Automotive Cybersecurity Report shares in-depth insights and statistics gleaned from analyzing 367 publicly reported automotive cyber incidents spanning the past decade, highlighting vulnerabilities and insights identified during 2019.

US Coast Guard Sounds Alarm After Ransomware Attack (Infosecurity Magazine, Jan 02 2020)
Unnamed facility was out of action for over 30 hours following Ryuk attack

Malware Hits Travelex Currency Exchange Service (Dark Reading, Jan 03 2020)
The New Year’s Eve malware attack forced Travelex employees to resort to manual operations.

Operational Technology: Why Old Networks Need to Learn New Tricks (Dark Reading, Dec 31 2019)
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It’s time to fight back.

Landry’s Restaurant Chain Discloses Payment Security Incident (Dark Reading, Jan 02 2020)
Some payment cards were mistakenly swiped on order-entry systems that lacked the security of its point-of-sale terminals.

US Biz Wins Court Case Against Ransomware Data Thieves (Infosecurity Magazine, Jan 03 2020)
Southwire secures injunction after data is published online

Solving man in the middle cyberattacks with cloud-native SDPs (SC Magazine, Jan 06 2020)
One type of well-known security threat in the enterprise environment that VPNs are ill-equipped to defend against are called Man in the Middle (MITM) attacks. In this worrisome security breach, a cybercrook positions himself or herself in a dialogue between an application and a user. Yet despite the perpetrator’s malintent—which is usually either to listen in on a conversation or pretend to be one of the people in the exchange—it looks to the user as though everything is perfectly normal.

New Magecart skimmers practice steganography, data transfer via WebSocket (SC Magazine, Jan 03 2020)
According to Malwarebytes, the steganography-based skimmer is the first documented skimmer to use this technique, which commonly involves hiding code within harmless-looking imagery.

Remote Command Execution Vulnerability Affects Many D-Link Routers (SecurityWeek, Jan 02 2020)
Proof-of-concept (PoC) exploits were recently made public by researchers for remote command execution and information disclosure vulnerabilities affecting many D-Link routers.

Chrome Extension Stealing Cryptocurrency Keys and Passwords (Schneier on Security, Jan 03 2020)
A malicious Chrome extension surreptitiously steals Ethereum keys and passwords.