A Review of the Best News of the Week on Cyber Threats & Defense
Vulnerability in Cisco Firewalls Exploited Shortly After Disclosure (SecurityWeek, Jul 24 2020)
Cisco this week informed customers that it has patched a high-severity path traversal vulnerability in its firewalls that can be exploited remotely to obtain potentially sensitive files from the targeted system. The first attempts to exploit the flaw were observed shortly after disclosure.
Researchers Reveal New Security Flaw Affecting China’s DJI Drones (The Hacker News, Jul 27 2020)
Cybersecurity Researchers Revealed New Security Flaws Affecting China’s DJI Drones
FBI Issues Alert on Use of Chinese Tax Software (SecurityWeek, Jul 27 2020)
The Federal Bureau of Investigation has issued an alert to inform organizations in the United States of the risk associated with the use of Chinese tax software.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Emotet Resumes Activity After Five Months of Silence (SecurityWeek, Jul 21 2020)
The Emotet Trojan has resumed activity after more than five months of absence from the threat landscape, security researchers warn.
Hacking a Power Supply (Schneier on Security, Jul 21 2020)
However, by hacking the fast charging firmware built into a power adapter, Xuanwu Labs demonstrated that bad actors could potentially manipulate the power brick into sending more electricity than a phone can handle, thereby overheating the phone, melting internal components, or as Xuanwu Labs discovered, setting the device on fire.
Ongoing Meow attack has nuked >1,000 databases without telling anyone why (Ars Technica, Jul 22 2020)
More than 1,000 unsecured databases so far have been permanently deleted in an ongoing attack that leaves the word “meow” as its only calling card, according to Internet searches over the past day.
8 Cybersecurity Themes to Expect at Black Hat USA 2020 (Dark Reading, Jul 23 2020)
Here are the trends and topics that’ll capture the limelight at next month’s virtual event.
Broadened CIA cyberattack powers put businesses on alert (SC Media, Jul 24 2020)
The greater business community should be on higher alert for cyberattacks by nation-state actors after the report last week that President Trump signed a “presidential finding” around cyberwarfare that gives the CIA broader powers to launch cyberattacks against U.S. adversaries.
Russia’s GRU Hackers Hit US Government and Energy Targets (Wired, Jul 24 2020)
A previously unreported Fancy Bear campaign persisted for well over a year—and indicates that the notorious group has broadened its focus.
How the Defense Department is reorganizing for information warfare (C4ISRNET, Jul 27 2020)
America’s adversaries have targeted the military’s weaknesses via information warfare in recent years and as a result the Department of Defense has made a series of moves to reorganize and better defend against such threats.
Garmin Takes App & Services Offline After Suspected Ransomware Attack (Dark Reading, Jul 24 2020)
Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.
Analysts Detect New Banking Malware (Infosecurity Magazine, Jul 20 2020)
Researchers discover new malware based on Xerxes banking Trojan
Phishing attack hid in Google Cloud Services (SC Media, Jul 21 2020)
Details of a phishing attack concealed in Google Cloud Services point to a fast-growing trend that has hackers disguising malicious activities in cloud service providers. In a report released today, researchers at Check Point unravel, step-by-step, how even security-savvy professionals could be tricked by a well-disguised ruse, which kicked off with a PDF document containing…
Hackers use recycled backdoor to keep a hold on hacked e-commerce server (Ars Technica, Jul 22 2020)
Easy-to-miss script can give attackers a new access should they ever be booted out.
North Korea’s Lazarus Group Developing Cross-Platform Malware Framework (Dark Reading, Jul 22 2020)
The APT group, known for its attack on Sony Pictures in 2014, has created an “advanced malware framework” that can launch and manage attacks against systems running Windows, MacOS, and Linux.
Dacls RAT’s goals are to steal customer data and spread ransomware (SC Media, Jul 23 2020)
The Dacls remote access trojan that is capable of attacking Windows, Linux and macOS environments has been used to distribute VHD ransomware and to target customer databases for attempted exfiltration, according to researchers.
New cryptominer botnet spreads payload, less intrusive (SC Media, Jul 22 2020)
A new cryptocurrency-mining botnet attack called Prometei bypasses detection systems and monetizes its campaigns in less intrusive ways. It is the first time that anyone’s documented the a multi-modular botnet, according to Talos, which discovered the botnet and dubbed it “Prometei.”
Fundamentals of Network Traffic Decryption and Risk Management (Dark Reading, Jul 23 2020)
Visibility into and inspection of inbound encrypted network traffic is essential for sound enterprise network security. Decryption approaches must soon change due to increasing cost and complexity, but alternative technologies are emerging.
Why security pros must keep up with telehealth explosion (SC Media, Jul 27 2020)
Telehealth, once considered a luxury that only around half of hospitals offered, has accelerated during the COVID-19 pandemic. It’s become an invaluable tool for a population living with social distancing, giving patients the opportunity to seek medical consultations using today’s digital technologies.
CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government (SecurityWeek, Jul 27 2020)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Friday to warn organizations about the risk posed by a recently patched vulnerability affecting F5 Networks’ BIG-IP application delivery controller (ADC).