A Review of the Best News of the Week on Cyber Threats & Defense

Why you can’t bank on backups to fight ransomware anymore (Ars Technica, Feb 07 2020)
Ransomware operators stealing data before they encrypt means backups are not enough.

Google Chrome to start blocking downloads served via HTTP (Naked Security – Sophos, Feb 10 2020)
Google has announced a timetable for phasing out insecure file downloads in the Chrome browser starting with desktop version 81 due next month.

Flaws in WhatsApp’s desktop app allowed remote access to files (Ars Technica, Feb 05 2020)
WhatsApp’s desktop was implemented using the Electron software framework, which has had significant security issues of its own in the past. Electron allows developers to create cross-platform applications based on Web and browser technologies but is only as secure as the components developers deploy with their Electron apps.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Hackers Can Steal Data From Air-Gapped Computers Via Screen Brightness (SecurityWeek, Feb 05 2020)
Researchers have shown how hackers could silently exfiltrate sensitive information from air-gapped computers by manipulating the brightness of their screen.

Crypto Exchange Loses “Almost All Funds” in Hack (Infosecurity Magazine, Feb 07 2020)
Altsbit has its hot wallet emptied by cyber-criminals

Attackers Actively Targeting Flaw in Door-Access Controllers (Dark Reading, Feb 03 2020)
There’s been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.

Chinese Hackers Target Hong Kong Universities With New Backdoor Variant (SecurityWeek, Feb 03 2020)
The China-linked threat group tracked as Winnti was observed using a new variant of the ShadowPad backdoor in recent attacks targeting Hong Kong universities, ESET’s security researchers report.

Electric scooters vulnerable to remote hacks (WeLiveSecurity, Feb 04 2020)
Many e-scooters rely on a combination of Bluetooth Low Energy (BLE) and the rider’s smartphone internet connection to run, as well as to send data to the service provider. This opens up a number of avenues for potential attacks. For example, bad actors could eavesdrop on the data being broadcast, which could, in turn, lead to Man-in-the-Middle (MitM) and replay attacks. As a result, in some cases hackers could remotely inject commands to take control of the scooter and harm the rider or pedestrians. In fact, this very risk was already discovered in one of Xiaomi’s scooters last year.

8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products (Dark Reading, Feb 04 2020)
Eight out of the 10 most exploited vulnerabilities in 2019 in fact impacted Microsoft products. The other two—including the most exploited flaw—involved Adobe Flash Player, the previous top attacker favorite, according to analysis by Recorded Future.

Department of Energy Adds Attivo Decoys for Critical Infrastructure Security (Dark Reading, Feb 05 2020)
The decoys and lures will help redirect attacks away from devices that can’t be protected through traditional means.

Emotet can spread to poorly secured Wi-Fi networks and computers on them (Help Net Security, Feb 06 2020)
Here’s yet another reason to secure Wi-Fi networks and Windows user accounts with a strong enough password: researchers have spotted and analyzed a malware program that is able to spread the Emotet Trojan to nearby wireless networks and compromise computers on them.

Malware and ransomware attack volume down due to more targeted attacks (Help Net Security, Feb 05 2020)
Spray-and-pray tactics that once had malware attack numbers soaring have since been abandoned for more targeted and evasive methods aimed at weaker victims. SonicWall recorded 9.9 billion malware attacks, a slight 6% year-over-year decrease.

Sudo Vulnerability Allows Privilege Escalation to Root (SecurityWeek, Feb 05 2020)
A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system.

Robbin Hood – the ransomware that brings its own bug (Naked Security – Sophos, Feb 07 2020)
When you need a vulnerability to exploit, but there isn’t one… why not simply bring your own, along with your malware?

New Ransomware Targets Industrial Control Systems (Schneier on Security, Feb 07 2020)
“EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It’s designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems.”

Shadow IT accounts with weak passwords endanger organizations (Help Net Security, Feb 10 2020)
63% of enterprise professionals have created at least one account without their IT department being aware of it, and two-thirds of those have created two or more, the results of a recent 1Password survey have revealed.

Metamofo banking malware spreads around the world (SC Media, Feb 07 2020)
A new variant of the Metamorfo banking malware is on the loose targeting a wider range of financial institutions than the original version tricking the victims into typing in sensitive information which it then steals.