A Review of the Best News of the Week on Cyber Threats & Defense
Intelligence Agencies Share Web Shell Detection Techniques (SecurityWeek, Apr 26 2020)
The United Sates National Security Agency (NSA) and the Australian Signals Directorate (ASD) have issued a joint Cybersecurity Information Sheet (CSI) that provides details on vulnerabilities exploited by threat actors to install web shell malware on web servers.
Remote workers’ lack of corporate firewalls blamed for rise in malicious device activity (SC Media, Apr 21 2020)
Since the coronavirus pandemic forced companies to enact sweeping work-from-home policies, the number of organizations whose devices have been compromised and forced to engage in malicious activity have at least doubled, according to new research released today.
Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks (Wired, Apr 22 2020)
More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
High-Severity Vulnerability in OpenSSL Allows DoS Attacks (SecurityWeek, Apr 21 2020)
An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks.
Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC (SecurityWeek, Apr 21 2020)
A DLL side-loading vulnerability related to the Microsoft Terminal Services Client (MSTSC) can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.
Hackers Target Oil Companies as Prices Plunge (Wired, Apr 22 2020)
The sophisticated spear-phishing campaign hit as energy companies planned their response to falling crude prices.
Attackers exploiting a zero-day in Sophos firewalls, have yours been hit? (Help Net Security, Apr 27 2020)
Sophos has released an emergency hotfix for an actively exploited zero-day SQL injection vulnerability in its XG Firewalls, and has rolled it out to all units with the auto-update option enabled. Aside from plugging the security hole, the hotfix detects if the firewall was hit by attackers and, if it was, stops it from accessing any attacker infrastructure, cleans up remnants from the attack, and notifies administrators…
Top threat detection trends and challenges for cybersecurity professionals (Help Net Security, Apr 21 2020)
User networks and endpoints are the biggest concerns for 65% of respondents, an 11% increase from last year, Attivo Networks reveals.
Update MS Office, Paint 3D to plug RCE vulnerabilities (Help Net Security, Apr 22 2020)
A week after the April 2020 Patch Tuesday, Microsoft has released out-of-band security updates for its Office suite, to fix a handful of vulnerabilities that attackers could exploit to achieve remote code execution. At the same time, a security update has also been released for Paint 3D, the company’s free app for creating 3D models, because the source of the fixed vulnerabilities is something that both Office and Paint 3D have in common…
Foiling content-borne attacks against a remote workforce (Help Net Security, Apr 22 2020)
It is true that most organizations have some kind of Secure Email Gateway, and many of them even have advanced security layers for their emails such as Office ATP or Proofpoint TAP. Unfortunately, a recent study shows that some attacks penetrate even those advanced security solutions. In fact, on average, between 25% to 35% of the unknown threats, that emerge every day, bypass them.
The Evolving Threat of Credential Stuffing (Dark Reading, Apr 23 2020)
Bots’ swerve to focus on APIs means businesses must take the threat seriously and take effective action.
Phishers exploiting employees’ layoff, payroll concerns (Help Net Security, Apr 23 2020)
A few days ago, we outlined several phishing campaigns going after Zoom and WebEx credentials of employees. Two new ones are trying to exploit their (at the moment very rational) fears by delivering fake “Zoom meeting about termination” emails and fake notifications about COVID-19 stimulation/payroll processing.
APT32 actively spearphishing Chinese officials in a search for COVID-19 data (SC Media, Apr 22 2020)
The suspected Vietnamese threat group APT32 has been conducting a spearphishing campaign against Chinese targets in an attempt to glean information on COVID-19. FireEye’s Mandiant Threat Intelligence Team reported the attacks have been conducted throughout the pandemic, from early January to date, with the targets including China’s Ministry of Emergency Management…
Emotet banking trojan possibly being prepped for a new attack (SC Media, Apr 23 2020)
Security researchers are seeing signs that the Emotet banking trojan is about to awaken from its latest hiatus by deploying newly improved credential and email stealing modules. Emotet last came to life in January 2020 but analysts with the Herjavec Group believe the new modules are being placed…
Chinese COVID-19 Disinformation Campaign (Schneier on Security, Apr 23 2020)
“The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters. The amplification techniques are alarming to officials because the…”
Three firmware blind spots impacting security (Help Net Security, Apr 27 2020)
Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As software security has been significantly hardened over the past two decades, hackers have responded by moving down the stack to focus on firmware entry points.
Understanding the basics of API security (Help Net Security, Apr 27 2020)
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in software development, operations, and protection. Purpose of article series Researching the wide range of API security alternatives can be confusing – even to seasoned experts. This article series is written with the goal of helping all types of readers better understand the pros and cons of the various modern approaches …
5 common mistakes that lead to ransomware (Naked Security – Sophos, Apr 27 2020)
Here are five simple tips that will help you keep ransomware out and your precious data in
Israel Says Hackers Targeted SCADA Systems at Water Facilities (SecurityWeek, Apr 27 2020)
The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks aimed at water facilities.