A Review of the Best News of the Week on Cyber Threats & Defense
A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data (Wired, Feb 27 2020)
Affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and various Wi-Fi routers.
Malicious Documents Emerging Trends: A Gmail Perspective (Elie Bursztein’s – Google, Feb 25 2020)
Everyday Gmail defenses analyze billions of attachments to prevent malicious documents from reaching the inboxes of its users whether they are end-users or corporate ones. This talk provides a comprehensive analysis of the malicious documents that target users and corporate inboxes, an in-depth analysis of the latest evasion tactics used by attackers and what Google is doing about it.
Zyxel 0day Affects its Firewall Products, Too (Krebs on Security, Feb 26 2020)
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
North Korea Is Recycling Mac Malware. That’s Not the Worst Part (Wired, Feb 25 2020)
Lazarus Group hackers have long plagued the internet—using at least one tool they picked up just by looking around online.
State-Sponsored Cyberspies Use Sophisticated Server Firewall Bypass Technique (SecurityWeek, Feb 25 2020)
A threat actor — likely a state-sponsored cyberespionage group — has used a sophisticated technique to allow a piece of malware hosted on a server to communicate with command and control (C2) servers through a firewall.
Intel promises Full Memory Encryption in upcoming CPUs (Ars Technica, Feb 26 2020)
Intel’s security plans sound a lot like “we’re going to catch up to AMD.”
Flaw in billions of Wi-Fi devices left communications open to eavesdropping (Ars Technica, Feb 26 2020)
Cypress and Broadcom chip bug bit iPhones, Macs, Android devices, Echoes, and more.
SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps (Dark Reading, Feb 24 2020)
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.
Stealing advanced nations’ Mac malware isn’t hard. Here’s how one hacker did it (Ars Technica, Feb 28 2020)
Former NSA hacker repackages in-the-wild Mac malware for his own use.
Emotet Resurfaces to Drive 145% of Threats in Q4 2019 (Dark Reading, Feb 26 2020)
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
Only 38% of US govt workers received ransomware prevention training (Help Net Security, Feb 28 2020)
73% of government employees are concerned about impending ransomware threats to cities across the country, and more employees fear of cyberattacks to their community than natural disasters and terrorist attacks, an IBM survey has revealed.
A new way for securing web browsers from hackers (Help Net Security, Feb 27 2020)
The new approach is now part of a test release of the Firefox browser for the Linux operating system and could be available on Windows and MacOS platforms within a few months.
Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them? (Help Net Security, Feb 26 2020)
CVE-2020-0688, a remote code execution bug in Microsoft Exchange Server that has been squashed by Microsoft in early February, is ripe for exploitation and could become a vector for ransomware groups in coming months, warns cybersecurity researcher Kevin Beaumont.
#RSAC: How Medical Device Cybersecurity Could Improve (Infosecurity Magazine, Feb 26 2020)
Ongoing efforts from the FDA and MITRE might help to reduce cyber-risk for medical devices
Inside the Rising Cybercrime Threat in Latin America (SecurityWeek, Feb 27 2020)
A cyber intelligence firm was asked by a Columbian bank customer to investigate the persistent phishing campaigns it had been experiencing. This triggered a wider examination of cybercrime across the whole Latin America region — and discovered a melting pot (described as a ‘perfect storm’) of social, geopolitical and economic conditions promoting a dramatic rise in cybercriminal activity.
New Trickbot Delivery Method Focuses on Windows 10 (Dark Reading, Feb 28 2020)
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
#RSAC: The Five Most Dangerous New Attacks of 2020 Aren’t All That New (Infosecurity Magazine, Feb 28 2020)
What’s old is new again, as attacks against perimeter devices and mobile security top the list of SANS most dangerous new attack vectors
Apache Tomcat Affected by Serious ‘Ghostcat’ Vulnerability (SecurityWeek, Feb 28 2020)
A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution.