A Review of the Best News of the Week on Cyber Threats & Defense
Cisco fixes three high-level bugs, but a fourth remains unpatched (SC Media, Mar 06 2020)
The flaw with no current fix is CVE-2020-3155: a validation error in the SSL implementation of Cisco Intelligent Proximity, a solution that helps laptops, smartphones and other devices automatically discover and link with Webex video devices and collaboration endpoints. If exploited, the vulnerability could enable remote attackers to view or alter information shared on these Webex devices and endpoints.
FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure (SecurityWeek, Mar 06 2020)
To thwart increasingly dangerous cyber criminals, law enforcement agents are working to “burn down their infrastructure” and take out the tools that allow them to carry out their devastating attacks, FBI Director Christopher Wray said Wednesday.
Most Cyberattacks in 2019 Were Waged Without Malware (Dark Reading, Mar 04 2020)
If the “malware-free” attack trajectory continues, it could mean major trouble for defenders, according to experts from CrowdStrike and other security companies.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Passwords still dominant authentication method, top cause of data breaches (Help Net Security, Mar 08 2020)
Passwords remain the dominant method of authentication and top cause of data breaches, according to MobileIron. A new report also highlighted the importance of a zero trust security strategy that provides context-aware, conditional access to a device or user.
Now you need a notarized document to get a .gov domain (Naked Security – Sophos, Mar 09 2020)
The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites.
Vulnerability allows attackers to register malicious lookalikes of legitimate web domains (Help Net Security, Mar 05 2020)
Cybercriminals were able to register malicious generic top-level domains (gTLDs) and subdomains imitating legitimate, prominent sites due to Verisign and several IaaS services allowing the use of specific characters that look very much like Latin letters, according to Matt Hamilton, principal security researcher at Soluble. To demonstrate the danger of these policies, he registered 25+ domains that resemble a variety of popular domains by using a mix of Latin and Unicode Latin IPA homoglyph char
Email domains without DMARC enforcement spoofed nearly 4X as often (Help Net Security, Mar 05 2020)
As of January 2020, nearly 1 million (933,973) domains have published DMARC records — an increase of 70% compared to last year, and more than 180% growth in the last two years. In addition, 80% of all inboxes worldwide do DMARC checks and enforce domain owners’ policies — if domain owners have configured DMARC, a new Valimail report reveals.
Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks (SecurityWeek, Mar 05 2020)
Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat.
Over 600 Microsoft Subdomains Can Be Hijacked: Researchers (SecurityWeek, Mar 05 2020)
The problem affects many big companies and it has been known for years. The DNS records for a subdomain point to a domain that no longer exists. Anyone who creates the non-existent domain can basically hijack the subdomain that has the misconfigured DNS records.
Attackers Distributing Malware Under Guise of Security Certificate Updates (Dark Reading, Mar 05 2020)
Approach is a twist to the old method of using fake software, browser updates, Kaspersky says.
Threat Awareness: A Critical First Step in Detecting Adversaries (Dark Reading, Mar 09 2020)
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
New Ransomware Variant Developed Entirely as Shellcode (Dark Reading, Mar 06 2020)
PwndLocker is harder to detect than other crypto-malware, Crypsis Group says.
Siemens Shares Incident Response Playbook for Energy Infrastructure (Dark Reading, Mar 06 2020)
The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts.
Microsoft: Turn off Memory Integrity if it’s causing problems (Naked Security – Sophos, Mar 09 2020)
Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off.
Human-Operated Ransomware Is a Growing Threat to Businesses: Microsoft (SecurityWeek, Mar 09 2020)
Employing techniques usually associated with nation-state threat actors, human-operated ransomware attacks represent a growing threat to businesses, Microsoft warned last week.