A Review of the Best News of the Week on Cyber Threats & Defense
WordPress Auto-Updates: What do you have to lose? (Wordfence, Aug 07 2020)
A new feature that will allow automatic updating of plugins and themes will be available in WordPress version 5.5, which is scheduled to be released on August 11, 2020. In this core release of the world’s most popular content management system, site owners will have the option to turn auto-updates on for individual plugins and…
The US Government Is Spamming Random Iranians and Russians With Text Messages (VICE, Aug 07 2020)
The State Department is begging random Russians and Iranians for information about election interference, by spamming them with SMS messages.
Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz (SecurityWeek, Aug 07 2020)
The researchers disassembled the center panel and analyzed the car’s head unit, telematics control unit (TCU), and the backend. In the file system of the vehicle’s TCU, to which they gained access by obtaining an interactive shell with root privileges, they uncovered passwords and certificates for the backend server.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Google Analysis of Zero-Days Exploited in 2019 Finds ‘Detection Bias’ (SecurityWeek, Aug 03 2020)
Google Project Zero last week released a report on the vulnerabilities exploited in attacks in 2019, and its researchers have drawn some interesting conclusions regarding the detection of zero-days.
Hackers Are Building an Army of Cheap Satellite Trackers (Wired, Aug 04 2020)
NyanSat is an open source ground station that lets you listen in on low-orbit transmissions for about $100 worth of gear.
The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed (Dark Reading, Aug 06 2020)
Researchers Peleg Hader and Tomer Bar of SafeBreach share details of the three vulnerabilities they found in Windows Print Spooler that could allow an attacker to sneak into the network through an old printer service mechanism.
Ransomware Feared as Possible Saboteur for November Election (SecurityWeek, Aug 03 2020)
Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal.
BlackBerry Releases Open Source Reverse Engineering Tool (SecurityWeek, Aug 03 2020)
BlackBerry on Monday announced a new open source tool to help security teams reverse engineer malware.
Remote access leaves networks vulnerable to new Chinese malware attacks (SC Media, Aug 05 2020)
Wielding a new remote access trojan (RAT) dubbed Taidoor, Chinese government-supported hackers are behind a series of cyberespionage campaigns. Although it offered no details on the possible targets, CISA warned of the malware variants…
An ’80s File Format Enabled Stealthy Mac Hacking (Wired, Aug 05 2020)
The now-patched vulnerability would have let hackers target Microsoft Office using Symbolic Link—a file type that hasn’t been in common use in over 30 years.
TeamViewer flaw could be exploited to crack users’ password (Help Net Security, Aug 06 2020)
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.
Researcher Discovers New HTTP Request Smuggling Attack Variants (SecurityWeek, Aug 06 2020)
A researcher has detailed several new variants of an attack named HTTP request smuggling, and he has proposed some new defenses against such attacks.
Why Satellite Communication Eavesdropping Will Remain A Problem (Dark Reading, Aug 06 2020)
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
Office 365’s Vast Attack Surface & All the Ways You Don’t Know You’re Being Exploited Through It (Dark Reading, Aug 06 2020)
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks they’ve detected, and suggest mitigations as businesses rely more heavily on the cloud.
Open source tool Infection Monkey allows security pros to test their network like never before (Help Net Security, Aug 07 2020)
Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework.
#BHUSA: Researchers Reveal Attacks Against Email Sender Authentication (Infosecurity Magazine, Aug 07 2020)
There are various different standards intended to help secure email sender authentication, but they don’t quite work as promised
Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping (WeLiveSecurity, Aug 07 2020)
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought
Hacking the PLC via Its Engineering Software (Dark Reading, Aug 07 2020)
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.
6,600 organizations bombarded with 100,000+ BEC attacks (Help Net Security, Aug 09 2020)
Cybercriminals are increasingly registering accounts with legitimate services, such as Gmail and AOL, to use them in impersonation and BEC attacks, according to Barracuda Networks. BEC attacks impact thousands of organizations In their most recent threat spotlight report, Barracuda researchers observed that 6,170 malicious accounts that have used Gmail, AOL and other email services…
More attackers trying to sabotage incident response tactics (SC Media, Aug 07 2020)
The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked.