A Review of the Best News of the Week on Cyber Threats & Defense

Zero-Day IE Bug is Being Exploited in the Wild (Infosecurity Magazine, Jan 21 2020)
CISA and Microsoft sound the alarm but no patch as yet

DHS Warns of Increasing Emotet Risk (Dark Reading, Jan 23 2020)
Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization.

Trend Micro anti-virus zero-day exploited in attack on Mitsubishi Electric (Graham Cluley, Jan 26 2020)
There is some egg on the face of Trend Micro after it is revealed their anti-virus software was exploited to steal data from Mitsubishi Electric, but they aren’t the real villains of the story.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

As attacks begin, Citrix ships patch for VPN vulnerability (Ars Technica, Jan 20 2020)
Hundreds of US government agencies have vulnerable VPNs, data shows.

Application isolation and virtualization provide a false sense of cybersecurity (SC Magazine, Jan 21 2020)
A recently discovered critical vulnerability presents yet another case study for the shortcomings of the isolation/virtual machine model for cybersecurity.

New Ransomware Process Leverages Native Windows Features (SecurityWeek, Jan 21 2020)
A new methodology for instigating ransomware makes use of Windows’ own Encrypting File System (EFS). EFS has been a part of Windows since Windows 2000. Unlike Windows’ BitLocker — which is a full disk encryption feature — EFS can selectively encrypt individual files or folders.

Security by Sector: Healthcare Orgs Continue to Suffer Security Headaches (Infosecurity Magazine, Jan 23 2020)
Healthcare industry still having a torrid time when it comes to information security

Data-driven vehicles: The next security challenge (Help Net Security, Jan 21 2020)
Over the next decade, every car manufacturer that offers any degree of autonomy in a vehicle will be forced to address the security of both the vehicle and your data, while also being capable of recognizing and defending against threats…

American Express, PayPal customers now targeted by 16Shop (SC Magazine, Jan 21 2020)
The Indonesian cybercrime gang Cyber Army has expanded its phishing-as-a-service offering, dubbed 16Shop, enabling users to target PayPal and American Express customers.

Email security industry miss rates when encountering threats are higher than 20% (Help Net Security, Jan 22 2020)
Email security miss rates are definitely a huge issue. Malicious files regularly bypass all of today’s leading email security products, leaving enterprises vulnerable to email-based attacks including ransomware, phishing and data breaches, according to BitDam.

Mac users are getting bombarded by laughably unsophisticated malware (Ars Technica, Jan 23 2020)
For malware so trite and crude, Shlayer is surprisingly prolific.

Deconstructing Web Cache Deception Attacks: They’re Bad; Now What? (Dark Reading, Jan 23 2020)
Expect cache attacks to get worse before they get better. The problem is that we don’t yet have a good solution.

Severe Vulnerabilities Discovered in GE Medical Devices (Dark Reading, Jan 23 2020)
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.

#BSidesLeeds: Credential Stuffing Often Seen as “Volume” Cybercrime (Infosecurity Magazine, Jan 24 2020)
As it is not as trendy as ransomware, not enough attention is paid to credential stuffing

US County Suffers Two Cyber-attacks in Three Weeks (Infosecurity Magazine, Jan 23 2020)
Albany County has been targeted twice in three weeks by cyber-criminals

Best practices for reducing third-party risk (SC Magazine, Jan 23 2020)
The simple truth is that the security measures organizations put in place are not enough to protect them from threats. Third parties can present the greatest area of risk exposure — both for data security and for regulatory compliance.

Phishing campaign leads to UPS Store data breach (SC Magazine, Jan 22 2020)
In a data breach notification letter to customers, The UPS Store has disclosed that an unauthorized party successfully devised a phishing scheme to gain entry into the email accounts of numerous store locations.

Iran-Linked RAT Used in Recent Attacks on European Energy Sector (SecurityWeek, Jan 23 2020)
Attacks recently identified to target a key organization in the European energy sector have employed a remote access Trojan (RAT) previously associated with Iran-linked threat actors, Recorded Future reports.

Chrome and Firefox Clamp Down on Suspicious Behavior (Infosecurity Magazine, Jan 27 2020)
Renewed focus on stamping out malicious activity

Cisco Webex Vulnerability Exploited to Join Meetings Without a Password (SecurityWeek, Jan 25 2020)
Cisco on Friday informed customers that it has patched a vulnerability that allowed unauthorized users to join password-protected Webex meetings. Cisco said the flaw had been exploited.