A Review of the Best News of the Week on Cyber Threats & Defense
FireEye Spotted Over 500 New Malware Families in 2019 (SecurityWeek, Feb 21 2020)
FireEye’s incident response division Mandiant observed more than 500 new malware families last year, the company revealed in its M-Trends 2020 report released this week.
Iranian Hackers Backdoored VPNs Via One-Day Bugs (Infosecurity Magazine, Feb 18 2020)
Fox Kitten hackers quick to exploit breaking flaws in VPN systems
Hundreds of Millions of PC Components Still Have Hackable Firmware (Wired, Feb 18 2020)
The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Researchers observed a 125% increase in malware targeting Windows 7 (Help Net Security, Feb 19 2020)
85 percent of threats hide in one of four locations: %temp%, %appdata%, %cache%, and %windir%, with more than half of threats (54.4%) on business PCs hiding in %temp% folders. This risk can be easily mitigated by setting a Windows policy to disallow programs from running from the temp directory.
DHS’s CISA Warns of New Critical Infrastructure Ransomware Attack (Dark Reading, Feb 19 2020)
An attack on a natural gas compression facility sent the operations offline for two days.
Most credential abuse attacks against the financial sector targeted APIs (Help Net Security, Feb 20 2020)
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly.
Up close and personal with Linux malware (WeLiveSecurity, Feb 21 2020)
What are the main security threats facing Linux? A Q&A with ESET Senior Malware Researcher Marc‑Etienne M.Léveillé, whose work has been instrumental in uncovering a number of malware strains hitting Linux servers.
Latest Security News from RSAC 2020 (Dark Reading, Feb 24 2020)
Check out Dark Reading’s updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2020 in San Francisco.
AT&T, Verizon join RSA exodus over Coronavirus fears (SC Media, Feb 21 2020)
The worldwide Novel Coronavirus outbreak is putting industry event organizers and attendees in the difficult position of having to decide whether to hold or attend scheduled events with AT&T being the latest firm to pull out of RSA Conference 2020.
Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites (Infosecurity Magazine, Feb 18 2020)
WebARX urges users to update ThemeGrill Demo Importer today
The top four Office 365 security pain points (Help Net Security, Feb 19 2020)
Below you will find four common areas that enterprises neglect when they adopt O365.
What DNS encryption means for enterprise threat hunters (WeLiveSecurity, Feb 19 2020)
The dawn of the DNS over HTTPS era is putting business security and SOC teams to the challenge
Chinese Hackers Target Asian Betting Firms (Infosecurity Magazine, Feb 20 2020)
DRBControl shares malware with state-backed groups
2020 Tax Season Attacks Already Targeting Small Businesses (Infosecurity Magazine, Feb 19 2020)
The websites of small businesses are a key target in this year’s seasonal tax scams
Nearly half of hospital Windows systems still vulnerable to RDP bugs (Naked Security – Sophos, Feb 20 2020)
Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week.
Vulnerable Out of Band Consoles Put Industrial Assets at Risk (SecurityWeek, Feb 19 2020)
Researchers Find Internet-Exposed, Poorly Protected Out of Band Consoles Commonly Used in Maritime and Oil & Gas Industries
Magecart Group 12 named as actor behind Olympic ticket POS attack (SC Media, Feb 21 2020)
Magecart was first spotted on the two sites , which deal in tickets for the upcoming 2020 Tokyo Olympics EUFA Euro 2020, and were detailed In late January by researchers Jacob Pimental and Max Kersten and RiskIQ took the additional step attributing this attack to Magecart Group 12.
Vulnerabilities Allow Hackers to Access Honeywell Fire Alarm Systems (SecurityWeek, Feb 24 2020)
Honeywell has released patches for a couple of potentially serious vulnerabilities affecting a web server used by its Notifier fire alarm systems.
Russia Is Trying to Tap Transatlantic Cables (Schneier on Security, Feb 24 2020)
The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables.