A Review of the Best News of the Week on Cyber Threats & Defense

US government plans to urge states to resist ‘high-risk’ internet voting (the Guardian, May 11 2020)
Department of Homeland Security draft guidelines say practice allows attackers to alter votes and imperil integrity of elections

U.S. to Accuse China of Trying to Hack Vaccine Data, as Virus Remakes Cyberattacks (The New York Times, May 10 2020)
Iran and other nations are also looking to steal data and exploit the pandemic with attacks on infrastructure, officials say.

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (Wired, May 10 2020)
The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

US financial industry regulator warns of widespread phishing campaign (ZDNet, May 05 2020)
FINRA warns of phishing campaign aimed at stealing members’ Microsoft Office or SharePoint passwords.

US and UK Warn of Adversaries Targeting COVID-19 Responders (SecurityWeek, May 05 2020)
Advanced persistent threat (APT) groups continue to leverage the COVID-19 (coronavirus) crisis in cyberattacks, the United States and United Kingdom said in a joint alert today. 

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app (Malwarebytes Labs, May 07 2020)
The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.

Agencies Warn States That Internet Voting Poses Widespread Security Risks (WSJ, May 11 2020)
Several U.S. government agencies told states on Friday that casting ballots over the internet poses high levels of cybersecurity risk, a warning that came as some states consider expanding online voting options to cope with the coronavirus pandemic.

Elementor Plugin Vulnerabilities Exploited to Hack WordPress Sites (SecurityWeek, May 08 2020)
Threat actors are actively targeting a vulnerability in the Elementor Pro plugin for WordPress to compromise websites, WordPress security company Defiant warned this week.

Nearly a million WordPress sites targeted in extensive attacks (Help Net Security, May 06 2020)
A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising.

Helping healthcare combat cyber attackers (Help Net Security, May 06 2020)
Hospitals and other healthcare organizations around the globe are under immense pressure as they test and care for patients with COVID-19. They are also under siege by cyber attackers. This month, Interpol released a warning to hospitals and other medical organizations saying they are seeing increasing targeted ransomware attacks aimed at these entities.

Vulnerabilities in two VPNs opened door to fake, malicious updates (SC Media, May 06 2020)
Hackers can exploit critical vulnerabilities in PrivateVPN and Betternet – since fixed – to push out fake updates and plant malicious programs or steal data. Attackers can intercept a VPN’s “communications and force the apps to download a fake update…

A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts (CyberScoop, May 07 2020)
A bulletin in mid-April from the DCSA said China was stealing data from contractors. But how the DCSA came to that conclusion is complicated.

Threat-Modeling Basics Using MITRE ATT&CK (Dark Reading, May 07 2020)
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.

How a favicon delivered a web credit card skimmer to victims (Help Net Security, May 07 2020)
Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that “turn” malicious when victims visit a checkout page.

Chinese Naikon APT Rediscovered After New Five-year Stealth Campaign (SecurityWeek, May 07 2020)
Naikon, a Chinese APT group that disappeared after its activities were disclosed in 2015, has been rediscovered and may have remained active but unrecognized since the 2015 reports.

Another Stuxnet-Style Vulnerability Found in Schneider Electric Software (SecurityWeek, May 07 2020)
Researchers have found another vulnerability in software made by Schneider Electric that is similar to the one exploited by the notorious Stuxnet malware

EU: UK Must Share More Data to Access Crime-fighting System (Infosecurity Magazine, May 08 2020)
An EU committee wants to block the UK’s access to crime-fighting intel unless it shares more data with member states

InfoStealers Weaponizing COVID-19 (Lastline, May 11 2020)
Coronavirus, or COVID-19, continues to dominate the headlines and the cybersecurity landscape. The contagion has sadly infected over 3 million people globally, and nearly 250,000 people have died at the time of this writing. Unsurprisingly, a