A Review of the Best News of the Week on Cyber Threats & Defense

GoldenSpy’ Malware Hidden in Tax Software Spies on Companies Doing Business in China (Dark Reading, Jun 25 2020)
Advanced persistent threat (APT) campaign aims to steal intelligence secrets from foreign companies operating in China.

Majority of new remote employees use their personal laptops for work (WeLiveSecurity, Jun 23 2020)
And many of them didn’t receive any new security training or tools from their employer to properly secure the devices, a study finds

Variant of Mac malware ‘Shlayer’ spreads via poisoned web searches (SC Media, Jun 22 2020)
Researchers have discovered a new variant of Shlayer Mac malware that  bypasses Apple’s built-in security protections and is being spread via malicious results from Google web searches. Shlayer is used generally to distributed bundled adware or unwanted programs.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Australia says state-based actor is behind surge of sophisticated cyberattacks (SC Media, Jun 22 2020)
Australian Prime Minister Scott Morrison warned late last week that a sophisticated, state-sponsored cyber actor has been attacking the country’s government and corporate institutions, as well as critical infrastructure operators, with increasing regularity. Morrison did not name-and-shame the specific country that is responsible for the alleged attacks. But inside sources told Reuters that China is…

Twitter Says Business Users Were Vulnerable to Data Breach (Dark Reading, Jun 23 2020)
The now-patched vulnerability left business users’ personal information in web browser caches for anyone to find.

New technique protects consumers from voice spoofing attacks (Help Net Security, Jun 24 2020)
Researchers from CSIRO’s Data61 have developed a new technique to protect consumers from voice spoofing attacks. Fraudsters can record a person’s voice for voice assistants like Amazon Alexa or Google Assistant and replay it to impersonate that individual. They can also stitch samples together to mimic a person’s voice in order to spoof, or trick third parties.

Ex-CIA exec: Covid-19 has created ideal ‘crisis’ conditions for malicious hackers (SC Media, Jun 24 2020)
Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference.

Alsid’s Melber urges active directory protection to fend off new attack patterns (SC Media, Jun 23 2020)
Enterprises that start concentrating on protecting the active directory will be doing themselves a huge favor, Derek Melber emphasized in his Tuesday afternoon InfoSec World 2020 session, “New Attack Patterns: Targeting the Keys to the Kingdom.”

Lucifer Malware Aims to Become Broad Platform for Attacks (Dark Reading, Jun 25 2020)
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.

How attackers target and exploit Microsoft Exchange servers (Help Net Security, Jun 25 2020)
Microsoft Exchange servers are an ideal target for attackers looking to burrow into enterprise networks, says Microsoft, as “they provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance.”

Most malware in Q1 2020 was delivered via encrypted HTTPS connections (Help Net Security, Jun 25 2020)
67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and 72% of encrypted malware was classified as zero day, so would have evaded signature-based antivirus protection, according to WatchGuard. These findings show that without HTTPS inspection of encrypted traffic and advanced behavior-based threat detection and response, organizations are missing up to two-thirds of incoming threats.

Ransomware perspectives: The shape of things to come (Help Net Security, Jun 24 2020)
Michael Hamilton, CISO of CI Security, has worked in the information security industry for 30 years. As former CISO for the City of Seattle, he managed information security policy, strategy, and operations for 30 government agencies. In this interview with Help Net Security, Michael discusses ransomware attacks and offers insight on how they will evolve in the near future.

Medical Devices Among Most Risky to Security (Infosecurity Magazine, Jun 25 2020)
Analysis from the Forescout Device Cloud identified points of risk inherent to device type, sector and cybersecurity policies

Major US Companies Targeted in New Ransomware Campaign (Dark Reading, Jun 26 2020)
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.

How to Protect Against New Surge in Attacks Targeting Remote Workers (eWEEK, Jun 25 2020)
The COVID-19 pandemic is a perfect storm of opportunity for cybercriminals. These people understand that times of rapid transition can cause serious disruptions for organizations.

New vulnerabilities in open source packages down 20% compared to last year (Help Net Security, Jun 29 2020)
New vulnerabilities in open source packages were down 20% compared to last year suggesting security of open source packages and containers are heading in a positive direction, according to Snyk. Well known vulnerabilities, such as cross-site scripting, continue to be reported but aren’t impacting as many projects as they have in previous years.

Massive complexity endangers enterprise endpoint environments (Help Net Security, Jun 29 2020)
There’s a massive amount of complexity plaguing today’s enterprise endpoint environments. The number of agents piling up on enterprise endpoint devices – up on average – is hindering IT and security’s ability to maintain foundational security hygiene practices, such as patching critical vulnerabilities, which may actually weaken endpoint security defenses, Absolute reveals.