A Review of the Best News of the Week on Cyber Threats & Defense
Small Business Is Big Target for Ransomware (Dark Reading, Apr 16 2020)
Small businesses are being hit by ransomware, and a majority are paying up to get their data back.
DHS Issues Alert for New North Korean Cybercrime (Dark Reading, Apr 15 2020)
Cyber actors from North Korea’s intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
New Cloudflare tool can tell you if your ISP has deployed BGP fixes (Ars Technica, Apr 19 2020)
“Is BGP Safe Yet” names and shames ISPs who don’t tend to their routing.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Patch-a-Palooza: More Than 560 Flaws Fixed in a Single Day (Dark Reading, Apr 14 2020)
Software vendors keep pushing patches to the same Tuesday once a month, or once a quarter, and the result can be overwhelming. Six enterprise software makers issued patches for 567 issues in April.
Using Cisco IP phones? Fix these critical vulnerabilities (Help Net Security, Apr 16 2020)
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS Director and Cisco UCS Director Express for Big Data, its unified infrastructure management solutions for data center operations.
760+ malicious packages found typosquatting on RubyGems (Help Net Security, Apr 17 2020)
Researchers have discovered over 760 malicious Ruby packages (aka “gems”) typosquatting on RubyGems, the Ruby community’s gem repository / hosting service. The discovery ReversingLabs analysts wanted to see how widespread the practice of package typosquatting is within RubyGems. The practice refers to the intentional use of package names very similar to those of popular packages (e.g., atlas-client instead of atlas_client), with the ostensible intention of tricking users into executing them…
GitHub users targetted by Sawfish phishing campaign (Naked Security – Sophos, Apr 17 2020)
GitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts.
Trickbot Named Most Prolific #COVID19 Malware (Infosecurity Magazine, Apr 20 2020)
Microsoft warns users of campaigns using notorious banking Trojan
Fan vibrations can be used to transmit data from air-gapped machines (Naked Security – Sophos, Apr 20 2020)
The scientists known for finding ways to transmit software from non-networked computers, have figured out a way to do it using computer fan vibrations.
Slack’s Incoming Webhooks Can Be Weaponized in Phishing Attacks (Dark Reading, Apr 15 2020)
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.
Compromised email account leads to Saint Francis Ministries data breach (SC Media, Apr 13 2020)
An unauthorized party gained entry into an an employee’s email account at Saint Francis Ministries, accessing sensitive personal identifying information, as well as financial and protected health data. In an online notification and corresponding press release, the Salina, Kan.-based non-profit organization said the actor accessed the account between Dec. 13 and 20 of 2019.
Phishing kits: The new bestsellers on the underground market (Help Net Security, Apr 16 2020)
Phishing kits are the new bestsellers of the underground market, with the number of phishing kit ads on underground forums and their sellers having doubled in 2019 compared to the previous year, Group-IB reveals. The growing demand for phishing kits is also reflected in its price that skyrocketed last year by 149 percent and exceeded $300 per item.
GitHub Shares Details on Six Chrome Vulnerabilities (SecurityWeek, Apr 17 2020)
GitHub has released technical information on six vulnerabilities identified by one of its security researchers in the WebAudio component of Chrome.
Researchers Explore Details of Critical VMware Vulnerability (Dark Reading, Apr 17 2020)
The vCenter vulnerability, patched on April 9, could give an intruder access to administrative credentials in three steps.
Starbleed vulnerability: Attackers can gain control over FPGAs (Help Net Security, Apr 20 2020)
Field Programmable Gate Arrays, FPGAs for short, are flexibly programmable computer chips that are considered very secure components in many applications. Starbleed vulnerability In a joint research project, scientists have now discovered that a critical vulnerability is hidden in these chips. They called the security bug Starbleed. Attackers can gain complete control over the chips and their functionalities via the vulnerability.