A Review of the Best News of the Week on Cyber Threats & Defense
Ransomware Gangs to Stop Attacking Health Orgs During Pandemic (BleepingComputer, Mar 23 2020)
Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.
How Microsoft Dismantled the Infamous Necurs Botnet (Wired, Mar 18 2020)
A years-long investigation and global cooperation disrupted one of the biggest botnets ever.
Cisco issues urgent fixes for SD-WAN router flaws (Naked Security – Sophos, Mar 23 2020)
Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routes and their management software.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
WordPress to get automatic updates for plugins and themes (Naked Security – Sophos, Mar 17 2020)
Good news for website admins: the ability to automatically update plugins and themes is being beta-tested for WordPress 5.5, due in August.
Security Breach Disrupts Fintech Firm Finastra (Krebs on Security, Mar 20 2020)
“Finastra, a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.”
Many Ransomware Attacks Can be Stopped Before They Begin (Dark Reading, Mar 17 2020)
The tendency by many attackers to wait for the right time to strike gives defenders an opening, FireEye says.
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady (Dark Reading, Mar 16 2020)
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
VMware squashes critical code execution bug in hypervisors (SC Media, Mar 17 2020)
VMware has updated its Workstation hosted hypervisor and Fusion software hypervisor, fixing a critical vulnerability that could be exploited to trigger arbitrary code execution or a denial of service condition.
Two Trend Micro zero-days exploited in the wild by hackers (ZDNet, Mar 18 2020)
Patches for both zero-days were released on Monday, along with fixes for three other similarly critical vulnerabilities.
Process Injection Tops Attacker Techniques for 2019 (Dark Reading, Mar 18 2020)
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
Google Patches High-Risk Chrome Flaws, Halts Upcoming Releases (SecurityWeek, Mar 19 2020)
Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser.
Russian APT28 Group Changes Tack to Probe Email Servers (Infosecurity Magazine, Mar 20 2020)
State-backed hackers also scan for SQL Server and Directory Services
TrickBot banking trojan introduces RDP brute forcing module (SC Media, Mar 20 2020)
Malicious actors have created a new module for the TrickBot banking trojan that allows the malware to perform brute force attacks on Microsoft’s Remote Desktop Protocol, specifically targeting U.S. and Hong Kong IP addresses.
Proof of Concept Released for kr00k Wi-Fi Vulnerability (Dark Reading, Mar 20 2020)
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.
Crowdsourced pentesting is not without its issues (Help Net Security, Mar 23 2020)
But is crowdsourced security really a panacea to the ills of traditional pentesting or does it create more issues?
National Gallery Fought Nearly Two Million Email Cyber-Attacks in 2019 (Infosecurity Magazine, Mar 23 2020)
Last year, the National Gallery was hit by nearly 2 million email cyber-attacks
Report: Account takeover and data scraping attacks on e-retailers up as COVID-19 surges (SC Media, Mar 20 2020)
Masses of global citizens have been retreating to their homes and relying on online services to stock up their domiciles during the coronavirus pandemic, and it could be having an influence on cyberattacks against websites.
Coronavirus news being used to sneak malware past AV programs (SC Media, Mar 20 2020)
In an effort to make malware appear legitimate and help it sneak past security software, groups using two well-known trojans are inserting news text from Coronavirus stories into their file descriptions.
UK Printing Company Exposed Military Documents (SecurityWeek, Mar 20 2020)
Cybersecurity researchers say UK-based document printing and binding company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military, by leaving an AWS S3 bucket unprotected.