A Review of the Best News of the Week on Cyber Threats & Defense
CISA Issues Advisory on Home Routers (Dark Reading, Jun 30 2020)
The increase in work-from-home employees raises the importance of home router security.
ThiefQuest Ransomware for the Mac (Schneier on Security, Jul 06 2020)
“There’s a new ransomware for the Mac called ThiefQuest or EvilQuest. It’s hard to get infected:
For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, like developers whose code is “signed” by Apple to prove its legitimacy, or from Apple’s App Store itself. But if you’re someone who already torrents programs and is used to ignoring Apple’s flags, ThiefQuest illustrates the risks of that approach.”
NSA Issues VPN Security Guidance (Infosecurity Magazine, Jul 03 2020)
Be careful which pre-configured policies you leave on your IPsec VPN, warns the US government
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
New EvilQuest macOS ransomware is a smokescreen for other threats (Help Net Security, Jul 01 2020)
A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned.
Surge in unique clients reporting brute-force attack attempts (Help Net Security, Jul 01 2020)
“Today, a huge proportion of ‘office’ work occurs via home devices, with workers accessing sensitive company systems through Windows’ Remote Desktop Protocol (RDP), a proprietary solution created by Microsoft to allow connecting to the corporate network from remote computers,” explains Ondrej Kubovič, ESET Security Research & Awareness Specialist.
DHS Shares Data on Top Cyber Threats to Federal Agencies (Dark Reading, Jul 02 2020)
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)’s intrusion prevention system EINSTEIN.
40% of security pros say half of cyberattacks bypass their WAF (Help Net Security, Jul 01 2020)
There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF), Neustar reveals. Cyberattacks bypass the WAF 49% of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months.
Attackers are breaching F5 BIG-IP devices, check whether you’ve been hit (Help Net Security, Jul 06 2020)
Attackers are actively trying to exploit CVE-2020-5902, a critical vulnerability affecting F5 Networks‘ BIG-IP multi-purpose networking devices, to install coin-miners, IoT malware, or to scrape administrator credentials from the hacked devices.
Microsoft Issues Out-of-Band Patches for RCE Flaws (Dark Reading, Jul 01 2020)
Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.
Magecart Hackers Target U.S. Cities Using Click2Gov (SecurityWeek, Jun 29 2020)
Magecart web skimmers were found on the websites of eight cities in the United States and one thing they have in common is that they all use the Click2Gov platform, Trend Micro reports.
Foreign adversaries likely try exploiting critical networking bug, US says (Ars Technica, Jun 30 2020)
Foreign hackers backed by a well-resourced government are likely to attempt exploiting a critical vulnerability in a host and VPN and firewall products sold by Palo Alto Networks, officials in the US federal government warned on Tuesday.
Google joins Apple in limiting web certificates to one year (Naked Security – Sophos, Jun 30 2020)
Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.
Attack Surface Growing for Healthcare Industry (SecurityWeek, Jul 01 2020)
Despite the well-documented increase in attacks against the healthcare industry during the COVID-19 pandemic, the industry is largely coping well against the cyber criminals. Nevertheless, the necessary and dramatic migration to cloud-based tele-health services will undoubtedly leave the industry more exposed in the future.
Researchers Show How Hackers Can Target ICS via Barcode Scanners (SecurityWeek, Jun 30 2020)
Industrial control systems (ICS) can be hacked through barcode scanners, researchers at cybersecurity services company IOActive said on Tuesday.
Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign (Dark Reading, Jul 01 2020)
Malware used to download WastedLocker on target networks was hosted on legit websites belonging to one parent company, Symantec says.
Schools already struggled with cybersecurity. Then came COVID-19 (Ars Technica, Jul 03 2020)
A lack of resources has made it hard to keep data secure.
22,900 MongoDB Databases Affected in Ransomware Attack (Dark Reading, Jul 02 2020)
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
Review: Cybersecurity Threats, Malware Trends, and Strategies (Help Net Security, Jul 05 2020)
Tim Rains, who formerly held many essential roles at Microsoft and is currently working at Amazon Web Services as Regional Leader for Security and Compliance Business Acceleration for EMEA, had the opportunity to gain knowledge from and advise thousands of organizations and enterprises about incident response and threat intelligence.
Zero-day XSS vulnerability found in Cisco small business routers (SC Media, Jul 06 2020)
A CyCognito research team conducting routine reconnaissance on a customer’s network found a cross-site scripting zero day (XSS) vulnerability on the web admin interface of two different small business Cisco routers.