A Review of the Best News of the Week on Cyber Threats & Defense
New attack on home routers sends users to spoofed sites that push malware (Ars Technica, Mar 25 2020)
Attack, which uses DNS hijacking, is the latest to capitalize on pandemic anxiety.
Windows code-execution zeroday is under active exploit, Microsoft warns (Ars Technica, Mar 23 2020)
There’s no patch available now. Here’s what to do until Microsoft issues one.
Micropatches block exploitation of Windows zero-days under attack (Help Net Security, Mar 27 2020)
While we wait for Microsoft to provide fixes for the two new Windows RCE zero-days that are being exploited in “limited targeted Windows 7 based attacks,” ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Canon breach exposes personal data of current, former GE employees, beneficiaries (SC Media, Mar 24 2020)
A February breach at service provider Canon Business Process Services exposed the personal information of current and former GE employees and their beneficiaries. “While I’m usually a bit numb to the latest data breach, the sheer variety of exposed information is unique,” said Roger Grimes, data driven defense evangelist at KnowBe4.
Government-backed cyber attackers increasingly targeting journalists (Help Net Security, Mar 27 2020)
Since the start of the year, journalists and news outlets have become preferred targets of government-backed cyber attackers, Google’s Threat Analysis Group (TAG) has noticed. “For example, attackers impersonate a journalist to seed false stories with other reporters to spread disinformation. In other cases, attackers will send several benign emails to build a rapport with a journalist or foreign policy expert before sending a malicious attachment in a follow up email,”
Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy (IBM Security Intelligence, Mar 30 2020)
The renewed Zeus Sphinx activity that IBM X-Force is seeing features a modified variant targeting online banking users in North America and Australia through the use of maldocs themed around COVID-19.
Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks (FireEye, Mar 30 2020)
Threat actors with varying motivations are actively exploiting the current pandemic and public fear of the coronavirus and COVID-19.
Malware from notorious FIN7 group is being delivered by snail mail (CyberScoop, Mar 30 2020)
While hackers all over the world rely on emails and text messages to breach networks, one infamous criminal group appears to be turning to the mailman to deliver their malicious code. Malware authored by FIN7, which researchers say has stolen over $1 billion in recent years, has been delivered by the U.S. Postal Service to multiple organizations in recent months, according to security company FireEye. The code comes on USB sticks that, once inserted into a computer, install a “backdoor”…
Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely (Dark Reading, Mar 27 2020)
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.
Remote work and web conferencing: Security and privacy considerations (Help Net Security, Mar 30 2020)
As more and more people remain at home and work from home due to the COVID-19 pandemic, most of them have been forced to use one or many video and audio conferencing applications out of necessity.
Vulnerability Exposed Tesla Central Touchscreen to DoS Attacks (SecurityWeek, Mar 23 2020)
Hackers could have caused a Tesla Model 3’s central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. The car maker has released a software update that patches the vulnerability.
An Elite Spy Group Used 5 Zero-Days to Hack North Koreans (Wired, Mar 26 2020)
South Korea is a prime suspect for exploiting the secret software vulnerabilities in a sophisticated espionage campaign.
Widely available ICS attack tools lower the barrier for attackers (Help Net Security, Mar 24 2020)
The general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology (OT) networks and industrial control systems (ICS).
Python backdoor attacks and how to prevent them (Help Net Security, Mar 24 2020)
Python backdoor attacks are increasingly common. Iran, for example, used a MechaFlounder Python backdoor attack against Turkey last year. Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region.
APT41 Exploited Cisco, Citrix and Zoho Bugs in Wide-Ranging Campaign (Infosecurity Magazine, Mar 25 2020)
FireEye research highlights agility of Chinese threat group
Evasive malware increasing, evading signature-based antivirus solutions (Help Net Security, Mar 26 2020)
Evasive malware has grown to record high levels, with over two-thirds of malware detected by WatchGuard in Q4 2019 evading signature-based antivirus solutions. This is a dramatic increase from the year-long average of 35% for 2019 and points to the fact that obfuscated or evasive malware is becoming the rule, not the exception.