A Review of the Best News of the Week on Cyber Threats & Defense

Hackers Tell the Story of the Twitter Attack From the Inside (The New York Times, Jul 18 2020)
Several people involved in the events that took down Twitter this week spoke with The Times, giving the first account of what happened as a pursuit of Bitcoin spun out of control.

Cloudflare outage on July 17, 2020 (The Cloudflare Blog, Jul 18 2020)
“…a configuration error in our backbone network caused an outage for Internet properties and Cloudflare services that lasted 27 minutes. We saw traffic drop by about 50% across our network.”

Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug (Wired, Jul 14 2020)
The SigRed vulnerability exists in Windows DNS, used by practically every small and medium-sized organization in the world.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

What the Twitter Hack Revealed: An Election System Teeming With Risks (The New York Times, Jul 18 2020)
The breach that targeted Joe Biden, Barack Obama and others served as a warning: Had it happened on Nov. 3, hoping to upend the election, the political fallout could have been quite different.

On the Twitter Hack (Schneier on Security, Jul 20 2020)
“Twitter was hacked this week. Not a few people’s Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter’s system administrators. Those are the people trusted to ensure that Twitter functions smoothly.”

2 Million Users Affected by Vulnerability in All in One SEO Pack (Wordfence, Jul 16 2020)
…a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.

Experts Predict Rise of Data Theft in Ransomware Attacks (Dark Reading, Jul 13 2020)
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.

RATicate malware gang goes commercial (Naked Security – Sophos, Jul 14 2020)
O, what tangled code we weave, when first we practise to deceive!

2020: The year of increased attack sophistication (Help Net Security, Jul 14 2020)
There was an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, a VMware survey found. Increased attack sophistication in 2020 Key survey findings from U.S. respondents: 92% said attack volumes have increased in the last 12 months, the survey found.

US the Primary Target of ‘Significant’ Cyber-Attacks (Infosecurity Magazine, Jul 15 2020)
The US has faced 156 major cyber-attacks over the past 15 years

Media and Video Companies Suffer Huge Increase in Cyber-Attacks (Infosecurity Magazine, Jul 15 2020)
The media industry faced 17 billion credential stuffing attacks during 2018 and 2019

‘DDoS-For-Hire’ Is Fueling a New Wave of Attacks (Wired, Jul 15 2020)
Turf wars are heating up over the routers that fuel distributed denial of service attacks—and cybermercenaries are running rampant.

Major Flaws Open the Edge to Attack (Dark Reading, Jul 16 2020)
Attackers are using critical exploits for flaws in VPN appliances, app-delivery services, and other network-edge hardware and software to punch through corporate perimeters. What can companies do?

A look at modern adversary behavior and the usage of open source tools in the enterprise (Help Net Security, Jul 17 2020)
Leszek Miś is the founder of Defensive Security, a principal trainer and security researcher with over 15 years of experience. Next week, he’s running an amazing online training course – In & Out – Network Exfiltration and Post-Exploitation Techniques [RED Edition] at HITBSecConf 2020 Singapore, so it was the perfect time for an interview

FBI Issues Cybersecurity Warning to Air Travelers (Infosecurity Magazine, Jul 16 2020)
Cleverly faked airport websites prompt FBI to issue warning to travelers

Zoom’s Vanity URLs Could Have Been Abused for Phishing Attacks (SecurityWeek, Jul 17 2020)
An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point reveals.

Mac cryptocurrency trading application rebranded, bundled with malware (WeLiveSecurity, Jul 16 2020)
ESET researchers lure GMERA malware operators to remotely control their Mac honeypots

There’s a reason your inbox has more malicious spam—Emotet is back (Ars Technica, Jul 18 2020)
After taking a five-month break, the botnet returns with a short burst of activity.

Overconfident about their security, businesses are falling victims to bot attacks (Help Net Security, Jul 19 2020)
Many businesses are at risk from bot attacks, despite an awareness of the problem and a widely held belief that they have the problem under control, Netacea reveals. Global businesses at risk from bot attacks.

Ransomware Functionality Removed From ThiefQuest Mac Malware (SecurityWeek, Jul 20 2020)
The developers of the Mac malware named ThiefQuest continue to improve their creation and researchers noticed that the latest versions of the threat no longer include ransomware functionality.