A Review of the Best News of the Week on Cyber Threats & Defense
FBI, CISA Echo Warnings on ‘Vishing’ Threat (Krebs on Security, Aug 21 2020)
“The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic.”
Voice Phishers Targeting Corporate VPNs (Krebs on Security, Aug 19 2020)
“The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.”
Akamai: Credential Stuffing Attacks Against Media Services Surging During #COVID19 (Infosecurity Magazine, Aug 21 2020)
The rise in the use of media services during lockdown is leading to more credential stuffing attacks
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
US Cyber Command Gets New Operational Tools (Infosecurity Magazine, Aug 20 2020)
Operational cyber tools now in use on US Cyber Command’s training platform
Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing (Dark Reading, Aug 17 2020)
Researchers find smaller organizations, including some in the cybersecurity space, increasingly targeted with these impersonation attacks.
Multiple Uninstallers Released for China-Linked ‘GoldenSpy’ Malware (SecurityWeek, Aug 17 2020)
Trustwave’s security researchers have identified a total of five uninstallers meant to remove the GoldenSpy backdoor from infected computers.
New P2P botnet infects SSH servers all over the world (Ars Technica, Aug 19 2020)
Botnet is hard to detect and with no centralized control server, harder to take down.
New ‘Duri’ Campaign Uses HTML Smuggling to Deliver Malware (Dark Reading, Aug 18 2020)
Researchers who detected the attack explain what businesses should know about the HTML smuggling technique.
Fancy Bear imposters extort finance, retail on DDoS threat (SC Media, Aug 18 2020)
The extortionists targeted companies with up to a 2 terabit a second distributed denial of service attack.
The Promise and Threat of Quantum Computing (SecurityWeek, Aug 19 2020)
Quantum computing promises future information security, but simultaneously threatens all information currently protected by 2048-bit RSA encryption. It is time to evaluate the threat and examine possible solutions.
Academics Devise Attacks Targeting Email End-to-End Encryption (SecurityWeek, Aug 19 2020)
A group of academic researchers has devised practical attacks against major standards in email end-to-end encryption, which could lead to the exfiltration of sensitive information.
Next-Gen’ Supply Chain Attacks Surge 430% (Dark Reading, Aug 21 2020)
Attackers are increasingly seeding open source projects with compromised components.
ATM makers fix flaws allowing illegal cash withdrawals (Help Net Security, Aug 21 2020)
ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, and to make illegal cash withdrawals by committing deposit forgery and issueing valid commands to dispense currency.
Brand impersonation is a go-to tactic for attackers, especially for credential phishing and BEC attacks (Help Net Security, Aug 21 2020)
Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to an Abnormal Security report.
US Reveals New North Korean BLINDINGCAN RAT (Infosecurity Magazine, Aug 20 2020)
Malware was used to target defense contractors, says CISA
Protect your organization in the age of Magecart (Help Net Security, Aug 24 2020)
The continuing wave of attacks by cybercriminal groups known under the umbrella term Magecart perfectly illustrates just how unprepared many e-commerce operations are from a security point of view. It all really boils down to timing. If the e-commerce world was able to detect such Magecart attacks in a matter of seconds (rather than weeks or months), then we could see an end to Magecart stealing all of the cybercrime headlines.
Cross-Site Scripting Tops CWE’s Most Dangerous List (, Aug 21 2020)
Cross-site scripting dubbed the most dangerous software weakness in 2020 by CWE
Financially-Motivated Iranian Hackers Adopt Dharma Ransomware (SecurityWeek, Aug 24 2020)
Recent Dharma ransomware attacks show that more Iranian hackers have started to engage in financially-motivated operations, threat hunting firm Group-IB reports.
A New Botnet Is Covertly Targeting Millions of Servers (Security Latest, Aug 23 2020)
FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe.