A Review of the Best News of the Week on Cyber Threats & Defense
Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing (The Intercept, Apr 06 2020)
The video conferencing service can access conversations on its platform.
‘Zoombombing’ Becomes a Dangerous Organized Effort (The New York Times, Apr 06 2020)
Zoom, the videoconferencing app, has become a target for harassment and abuse coordinated in private off-platform chats.
Vulnerable VPN appliances at healthcare organizations open doors for ransomware gangs (Help Net Security, Apr 02 2020)
“We’re seeing from signals in Microsoft Threat Protection services (Microsoft Defender ATP, Office 365 ATP, and Azure ATP) that the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems. Attackers have also been observed using the updater features of VPN clients to deploy malware payloads,” the company shared.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Attackers can use Zoom to steal users’ Windows credentials with no warning (Ars Technica, Apr 01 2020)
Zoom for Windows converts network locations into clickable links. What could go wrong?
8chan Users Coordinated Antisemitic Zoombombing Campaign (VICE, Apr 02 2020)
8chan users planned to hijack the Zoom calls of a Jewish school in Philadelphia on the infamous site.
Zoombombing is a crime, not a prank, prosecutors warn (Ars Technica, Apr 05 2020)
Disrupting a Zoom meeting could lead to “law enforcement knocking at your door.”
NYC schools step away as Zoom sets remediation plan (SC Media, Apr 06 2020)
Concerns over privacy prompted New York City to ban the use of Zoom by city schools and move instead to an approved platform like Google Meet or Microsoft Teams “as soon as possible.”
COVID-19 Impact: Cyber Criminals Target Zoom Domains (Check Point Software, Mar 31 2020)
Since the beginning of the year, more than 1700 new domains were registered and 25% of them were registered in the past week. Out of these registered domains, 4% have been found to contain suspicious characteristics.
Common Flaws Discovered in Penetration Tests Persist (Infosecurity Magazine, Apr 06 2020)
Brute forcing accounts and exploitation using EternalBlue remain prevalent forms of attack
OpenWRT code-execution bug puts millions of devices at risk (Ars Technica, Mar 31 2020)
A partial fix mitigates the risk, but the lack of encryption and other weaknesses remain.
Researchers Uncover Unsophisticated – But Creative – Watering-Hole Attack (Dark Reading, Mar 31 2020)
The Holy Water campaign has been leveraging free, third-party services instead of a proper infrastructure and made use of modified open source backdoors in its early phases.
Zero-day vulnerabilities used against DrayTek routers and switches (SC Media, Mar 30 2020)
Two zero-day vulnerabilities were being used by two different groups to infiltrate DrayTek Vigor enterprise routers and switch devices, enabling the attackers to access traffic and install backdoors.
New Magecart Skimmer Infects 19 Victim Websites (Dark Reading, Apr 02 2020)
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
Attackers Leverage Excel File Encryption to Deliver Malware (Dark Reading, Apr 01 2020)
Technique involves saving malicious Excel file as “read-only” and tricking users into opening it, Mimecast says.
Researcher Finds New Class of Windows Vulnerabilities (SecurityWeek, Apr 02 2020)
A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges.
Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims (VICE, Apr 03 2020)
In a court-filed declaration, NSO Group’s CEO says Facebook tried to buy an Apple spying tool in 2017.
Work from home: Securing RDP and remote access (WeLiveSecurity, Apr 02 2020)
As work from home is the new norm in the coronavirus era, you’re probably thinking of enabling remote desktop connections for your off-site staff. Here’s how to do it securely.
TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guys (Help Net Security, Apr 06 2020)
For twelve years, the standard internet encryption has been Transport Layer Security (TLS) 1.2. Following its roots takes you back to the first version of the Secure Sockets Layer (SSL) protocol, which was developed in 1995 by Netscape but never released due to it being riddled with security vulnerabilities. SSL 2.0 and 3.0 quickly followed and were released but also had their issues.
Firefox zero day in the wild: patch now! (Naked Security – Sophos, Apr 05 2020)
Mozilla just pushed out an update for its Firefox browser to patch a security hole that was already being exploited in the wild.
Google Rolls Back Recently Introduced Chrome CSRF Protection (SecurityWeek, Apr 06 2020)
Google last week announced that it has started rolling back a cross-site request forgery (CSRF) protection introduced in early February with the release of Chrome 80 in the stable channel.