A Review of the Best News of the Week on Cyber Threats & Defense
Decoding the Verizon DBIR Report: An Insider’s Look Beyond the Headlines (Dark Reading, Jul 13 2020)
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
Business Email Compromise (BEC) Criminal Ring (Schneier on Security, Jul 10 2020)
“A criminal group called Cosmic Lynx seems to be based in Russia:
Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hustles.”
Magecart Group 8 skimmed card info from 570+ online shops (Help Net Security, Jul 08 2020)
Your payment card information got stolen but you don’t know how, when and where? Maybe you shopped on one of the 570 webshops compromised by the Keeper Magecart group (aka Magecart Group 8) since April 1, 2017.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Credit-Card Skimmer Seeks Websites Running Microsoft’s ASP.NET (Dark Reading, Jul 06 2020)
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
Researchers discover how to pinpoint the location of a malicious drone operator (Help Net Security, Jul 06 2020)
Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone.
A Most Personal Threat: Implantable Devices in Secure Spaces (Dark Reading, Jul 08 2020)
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
Company web names hijacked via outdated cloud DNS records (Naked Security – Sophos, Jul 07 2020)
Why hack into a server when you can just send vistors to a fake alternative instead?
95% of Brits Unable to Consistently Identify Phishing Messages (Infosecurity Magazine, Jul 09 2020)
Scam messages from Facebook are most likely to trick people
Zoom to Patch Zero-Day Vulnerability in Windows 7 (Dark Reading, Jul 10 2020)
The flaw also affects older versions of the operating system, even if they’re fully patched.
Conti ransomware encrypts files quicker, targets SMB network shares (SC Media, Jul 10 2020)
As Ryuk wanes, a new family of ransomware dubbed Conti, which mimicks many of Ryuk’s commands but sports some unique features that differentiates it from others, is on the rise. “Conti uses a large number of independent threads to perform encryption, allowing up to 32 simultaneous encryption efforts, resulting in faster encryption compared to many other families,”…
Researchers Say This Router Is Open to Outside Attack by Hackers (VICE, Jul 13 2020)
Researchers working for a cybersecurity firm found several vulnerabilities within a common router. They shared their findings to the router’s manufacturer six months ago and have yet to hear back.
Framing the Security Story: The Simplest Threats Are the Most Dangerous (Dark Reading, Jul 07 2020)
Don’t be distracted by flashy advanced attacks and ignore the more mundane ones.
Free Microsoft Service Looks at OS Memory Snapshots to Find Malware (SecurityWeek, Jul 07 2020)
Microsoft on Monday unveiled Project Freta, a free service that allows users to find rootkits and other sophisticated malware in operating system memory snapshots.
As More People Return to Travel Sites, So Do Malicious Bots (Dark Reading, Jul 08 2020)
Attacks against travel-related websites are on the rise as the industry begins to slowly recover from COVID-19, new data shows.
How Advanced Attackers Take Aim at Office 365 (Dark Reading, Jul 08 2020)
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
In the age of disruption, comprehensive network visibility is key (Help Net Security, Jul 08 2020)
IT teams require comprehensive visibility into the network driven by a number of factors, including tremendous disruption from the COVID-19 pandemic, relentless technological advances, remote working reaching an all-time high and the expanding security threatscape, according to VIAVI Solutions.
When WAFs Go Wrong (Dark Reading, Jul 09 2020)
A new survey out last week indicates that a significant number of web application attacks bypass the WAF, organizations struggle to tune them, and they’re not well-integrated into broader security functions. This only serves to bolster warnings made by analysts and other studies over the past 18 months that WAF protection mechanisms need to evolve and can’t be the only mainstay for an AppSec program.
Attackers are probing Citrix controllers and gateways through recently patched flaws (Help Net Security, Jul 10 2020)
Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins to apply them as soon as possible to reduce risk. At the time, there was no public attack code and no indication that any of the fixed flaws were getting actively exploited.
USB storage devices: Convenient security nightmares (Help Net Security, Jul 10 2020)
There’s no denying the convenience of USB media. From hard drives and flash drives to a wide range of other devices, they offer a fast, simple way to transport, share and store data. However, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare, with data leakage, theft, and loss all common occurrences.
Cyberwarfare: The changing role of force (Help Net Security, Jul 13 2020)
Novel malware, computer code and clandestine digital access are some of the unconventional weapons various countries are currently amassing and deploying. Whether used as a force multiplier for disinformation operations, for stand-alone projections of power or carefully calibrated escalations of conflict, cyber weapon use is growing on the international stage.