A Review of the Best News of the Week on Cyber Threats & Defense

A New Wormable Windows Vulnerability Has No Patch in Sight (Wired, Mar 12 2020)
The flaw has the potential to unleash the kind of attacks that allowed WannaCry and NotPetya to cripple business networks around the world.

Google Releases Tool to Block USB Keystroke Injection Attacks (SecurityWeek, Mar 12 2020)
Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. 

The federal government may be about to engage in the biggest telework experiment yet. But hacking and other cyber dangers pose serious challengers. (Washington Post, Mar 13 2020)
As coronavirus infections mount, the federal government is preparing for an unprecedented experiment in remote working that brings with it a slew of digital dangers.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Microsoft Patches Over 100 Vulnerabilities (Dark Reading, Mar 10 2020)
Patch Tuesday features several remote code execution flaws in Microsoft Word.

Paradise Ransomware Uses IQY Attachments to Stay Hidden (Infosecurity Magazine, Mar 11 2020)
New campaign weaponizes unusual Office file format

Microsoft Cracks Infrastructure of Infamous Necurs Botnet (SecurityWeek, Mar 10 2020)
Microsoft says it managed to disrupt the Necurs botnet by taking control of the U.S.-based infrastructure that it has been using to conduct its malicious activities.

European power grid organization hit by cyberattack (WeLiveSecurity, Mar 12 2020)
The incident affected our office network, says ENTSO-E, as it implements measures to avoid future cyber-incursions

U.S. Health Agency Suffers Cyber-Attack During COVID-19 Response (Bloomberg, Mar 16 2020)
U.S. Health Agency Suffers Cyber-Attack During COVID-19 Response

The Web’s Bot Containment Unit Needs Your Help (Krebs on Security, Mar 16 2020)
“Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding.”

Avast AntiTrack Flaw Allows MitM Attacks on HTTPS Traffic (SecurityWeek, Mar 11 2020)
A vulnerability in Avast’s anti-tracking solution could allow malicious actors to perform man-in-the-middle (MitM) attacks on HTTPS traffic, a security researcher has discovered.

Vulnerability Prompts Avast to Disable Emulator Used by Antivirus (SecurityWeek, Mar 12 2020)
Avast this week disabled a JavaScript interpreter that is part of its antivirus product, after a security researcher discovered a vulnerability that could potentially lead to remote code execution. The JavaScript interpreter was found to run unsandboxed, thus potentially exposing systems to attackers.

Growing VPN Exploitation Is Cause For Concern (Infosecurity Magazine, Mar 11 2020)
Attacks are often web application attacks abusing the web frontend that has been extended from VPNs

Flaw in popular VPN service may have exposed customer data (WeLiveSecurity, Mar 10 2020)
NordVPN praised its bug bounty program and said that a fix had been shipped within two days

Hackers are getting hacked via trojanized hacking tools (Help Net Security, Mar 10 2020)
Someone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free

Years-long malware operation hides njRAT in cracked hacking tools (SC Media, Mar 10 2020)
Malicious actors have been secretly embedding the njRAT remote access trojan in free hacking tools as well as cracks of those tools, in a bid to compromise anyone who downloads this software from various websites and forums.

Crafty Web Skimming Domain Spoofs “https” (Krebs on Security, Mar 11 2020)
“Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site’s source code: “http[.]ps” (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).”

Phishing attacks exploit YouTube redirects to catch the unwary (Graham Cluley, Mar 12 2020)
Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users.

Cookiethief’ Android Malware Hijacks Facebook Accounts (SecurityWeek, Mar 13 2020)
A recently discovered Android Trojan was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app.

read more

US Scraps Missiles Over Cybersecurity Concerns (Infosecurity Magazine, Mar 13 2020)
America drops plans to adopt Iron Dome missile defense system amid cybersecurity fears

Threat-Thwarting Guidance Published for Cargo Ships (Infosecurity Magazine, Mar 13 2020)
A guide has been published to help ocean carriers fend off cyber-attacks