A Review of the Best News of the Week on Cyber Threats & Defense

Account protections — A Google Perspective (Elie Bursztein, Jan 30 2020)
“This talk provides a data driven analysis of how accounts get compromised. Then it provides an in-depth overview of the defense we found effective at Google to protect users from account compromise. In particular we will cover how to mitigate password reuse, build a risk aware login system, and how to setup an Advanced Protection Program to protect users at risk of targeted attacks.”

UN hacked: Attackers got in via SharePoint vulnerability (Help Net Security, Jan 30 2020)
In summer 2019, hackers broke into over 40 (and possibly more) UN servers in offices in Geneva and Vienna and downloaded “sensitive data that could have far-reaching repercussions for staff, individuals, and organizations communicating with and doing business with the UN”…

Iowa Will Be the First Test Case for 2020 Election Security (The New York Times, Feb 03 2020)
The good news is that caucuses are inherently safer than traditional elections. But campaigns remain dangerously exposed to hackers, and election systems in many states are still vulnerable.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

New Zoom Bug Prompts Security Fix, Platform Changes (Dark Reading, Jan 28 2020)
A newly discovered Zoom vulnerability would have enabled an attacker to join active meetings and access audio, video, and documents shared.

Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw (Wired, Jan 28 2020)
Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third time’s the charm?

How Device-Aware 2FA Can Defeat Social Engineering Attacks (Dark Reading, Feb 03 2020)
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here’s why.

SEO Spam Dominated Website Infections in 2019: Report (SecurityWeek, Jan 30 2020)
Last year, SEO spam was the most frequently observed threat on compromised websites, according to a new report from GoDaddy-owned web security company Sucuri.

How to detect and prevent issues with vulnerable LoRaWAN networks (Help Net Security, Jan 28 2020)
IOActive researchers found that the LoRaWAN protocol – which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare – has a host of cyber security issues that could put network users at risk of attack.

Department of Interior grounding drone fleet over cybersecurity concerns (CyberScoop, Jan 29 2020)
The Secretary of the Interior issued an order grounding all non-emergency drones so that the Department of Interior can assess cybersecurity concerns.

Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise (Dark Reading, Jan 29 2020)
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.

Serious Vulnerability Discovered in OpenSMTPD (SecurityWeek, Jan 29 2020)
Researchers at cybersecurity firm Qualys have identified a potentially serious vulnerability in OpenSMTPD that can allow remote command execution with elevated privileges.

New Snake Ransomware Targets ICS Processes (SecurityWeek, Jan 28 2020)
A recently uncovered piece of file-encrypting ransomware, which some believe may be linked to Iran, has been targeting processes and files associated with industrial control systems (ICS).

Millions of Devices Using LoRaWAN Exposed to Hacker Attacks (SecurityWeek, Jan 28 2020)
Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use of LoRaWAN, cybersecurity firm IOActive warned on Tuesday.

BOJ warns of cyber-attack vulnerability ahead of Olympic Games (Reuters, Feb 03 2020)
Japan’s financial institutions must guard against cyber-attacks ahead of the 2020 Tokyo Olympic Games, with nearly 40% of banks and other firms experiencing attacks over the past three years, the Bank of Japan said on Friday.

Embracing a Prevention Mindset to Protect Critical Infrastructure (Dark Reading, Jan 31 2020)
A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward.

Wuhan coronavirus exploited to deliver malware, phishing, hoaxes (Help Net Security, Feb 03 2020)
The Wuhan coronavirus continues to spread and create anxiety across the globe, allowing malicious individuals and groups to exploit the situation to spread fake news, malware and phishing emails. Malicious coronavirus-themed campaings IBM X-Force says that Japanese users have been receiving fake notifications about the coronavirus spreading in several prefectures, purportedly sent by a disability welfare service provider and a public health center.

Devices Still Vulnerable to DMA Attacks Despite Protections (SecurityWeek, Jan 30 2020)
Many devices, including ones often found in enterprise environments, are likely still vulnerable to direct memory access (DMA) attacks, despite the fact that hardware and software vendors have implemented protections that should prevent such attacks, firmware security company Eclypsium said on Thursday.