A Review of the Best News of the Week on Cyber Threats & Defense

Surge in cyber attacks targeting open source software projects (Help Net Security, Aug 13 2020)
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. Rise of next-gen software supply chain attacks According to the report, 929 next generation software supply chain attacks were recorded from July 2019 through May 2020. By comparison 216 such attacks were recorded in the four years between February 2015 and June 2019.

NSA & FBI Disclose New Russian Cyberespionage Malware (Dark Reading, Aug 13 2020)
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.

Malicious Actor Controlled 23% of Tor Exit Nodes (SecurityWeek, Aug 11 2020)
A malicious actor was at one point in control of roughly 23% of the entire Tor network’s exit capacity, a security researcher has discovered.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Exploits for vBulletin zero-day released, attacks are ongoing (Help Net Security, Aug 11 2020)
The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered.

Israel Says Foiled Cyber Attack on Its Defence Firms (SecurityWeek, Aug 12 2020)
The Israeli defence ministry said on Wednesday that it had foiled an attempted cyber attack by a foreign group targeting the country’s defence manufacturers.

Research Casts Doubt on Value of Threat Intel Feeds (Dark Reading, Aug 14 2020)
Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility.

FireEye Announces New Bug-Bounty Program (Dark Reading, Aug 12 2020)
The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.

Business Email Compromise Attacks Involving MFA Bypass Increase (Dark Reading, Aug 13 2020)
Adversaries are using legacy email clients to access and take over accounts protected with strong authentication, Abnormal Security says.

Targeted BEC attacks steal business data in six countries, posing as HR (SC Media, Aug 14 2020)
A targeted business email compromise (BEC) orchestrated by the Russian-speaking RedCurl group has successfully stolen information in 14 successful attacks on a variety of businesses – mostly construction companies, financial and consulting firms, retailers, insurance businesses, law firms and travel – in six countries.

Tesla RAT adapts, evolves to thwart security (SC Media, Aug 12 2020)
It may be unsophisticated but the Agent Tesla RAT is “street-wise,” adapting and evolving just enough to wreak havoc on organizations’ security efforts. Recent improvements to the malware include more robust spreading and injection methods, as well as discovery and theft of wireless network details and credentials, according to an analysis by SentinelOne.

Windows and IE Zero-Day Vulnerabilities Chained in ‘PowerFall’ Attacks (SecurityWeek, Aug 12 2020)
An attack launched in May 2020 against a South Korean company involved an exploit that chained zero-day vulnerabilities in Windows and Internet Explorer, Kaspersky reported on Wednesday.

CISA Warns of Phishing Campaign with Loan-Relief Lure (Dark Reading, Aug 13 2020)
Phishing emails and fake website promise help with the Small Business Administration’s program that aids those affected by COVID-19.

Facebook, Google Step Up Election Protection Efforts (SecurityWeek, Aug 14 2020)
Facebook on Thursday launched its voting information center as internet platforms unveiled fresh moves to protect the November US election from manipulation and interference.

XCSSET Mac Malware Steals Information, Spreads via Xcode Projects (SecurityWeek, Aug 14 2020)
A newly discovered piece of malware designed to target macOS systems spreads through Xcode projects and exploits what researchers have described as two zero-day vulnerabilities.

IcedID Shows Obfuscation Sophistication in New Campaign (Dark Reading, Aug 14 2020)
The malware’s developers have turned to dynamic link libraries (DLLs) to hide their work.

DHS CISA Warns of Phishing Emails Rigged with KONNI Malware (Dark Reading, Aug 14 2020)
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.

Potential Apache Struts 2 RCE flaw fixed, PoCs released (Help Net Security, Aug 17 2020)
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published.

SMBs imperiled as low-end RaaS grows more powerful (SC Media, Aug 14 2020)
As Ransomware-as-a-Service (RaaS) has simultaneously grown more powerful and easier to use, just about anyone can launch successful, damaging ransomware attacks on organizations.