A Review of the Best News of the Week on Cyber Threats & Defense
US Military Cyber Chief Defends More Aggressive Strategy (Infosecurity Magazine, Aug 27 2020)
Head of US Cyber Command says America was right to become more proactive over cybersecurity
TLS and VPN Flaws Offer Most Pen Tester Access (Infosecurity Magazine, Aug 26 2020)
Vulnerabilities in TLS and a 10-year-old botnet are the most common findings from penetration tests
Sendgrid Under Siege from Hacked Accounts (Krebs on Security, Aug 28 2020)
“Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Unpatched Safari Vulnerability Allows Theft of Local Files (SecurityWeek, Aug 25 2020)
A researcher has disclosed the details of an unpatched vulnerability in Apple’s Safari web browser that can be exploited to steal files from a targeted user’s system.
NYSE not susceptible to takedown like New Zealand exchange (SC Media, Aug 28 2020)
After a new threat group claiming to be Fancy Bear and the Armada Collective used a DDoS attack to take down the New Zealand stock exchange, security experts say millions of dollars in infrastructure investment make it unlikely that major stock exchanges in New York, London or Hong Kong would suffer a similar take down,…
Apple Accidentally Approved Malware to Run on MacOS (Wired, Aug 31 2020)
The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino’s “notarization” defenses for the first time.
A New Strategy for DDoS Protection: Log Analysis on Steroids (Infosec Island, Aug 26 2020)
Incorporating a data lake philosophy into your security strategy is like putting log analysis on steroids.
Low-Skilled Iranian Hackers Spotted Using Dharma Ransomware (Infosecurity Magazine, Aug 25 2020)
So-called “newbies” appear financially motivated, not state-sponsored
TeamViewer Flaw Risks Password Exposure (Infosecurity Magazine, Aug 24 2020)
Windows 10 app vulnerability could allow threat actors to steal passwords
SMBs assaulted by ‘mercenary’ DeathStalker APT espionage campaigns (SC Media, Aug 24 2020)
The hacker collective known as DeathStalker has recently widened its footprint to include small to medium-sized business (SMB) targets in the financial sector throughout Europe, Middle East, Asia and Latin America.
WordPress Sites Targeted via Vulnerabilities in WooCommerce Discounts Plugin (SecurityWeek, Aug 24 2020)
The owners and administrators of e-commerce websites powered by WordPress and the WooCommerce platform have been warned of attacks exploiting vulnerabilities discovered recently by researchers in a discounts plugin.
Ransomware Has Gone Corporate—and Gotten More Cruel (Wired, Aug 26 2020)
The DarkSide operators are just the latest group to adopt a veneer of professionalism—while at the same time escalating the consequences of their attacks.
Giveaway Scam Infects 65,000 Devices with Malware (Infosecurity Magazine, Aug 26 2020)
Family of Android apps uses freebie lure to distribute novel ad fraud botnet
G Suite flaw mitigated after disclosure, but Google Drive still vulnerable (SC Media, Aug 26 2020)
The validation vulnerability in Google Drive could result in users downloading malware.
Microsoft Warns of New ‘Anubis’ Info-Stealer Distributed in the Wild (SecurityWeek, Aug 27 2020)
Microsoft warned on Thursday that a recently uncovered piece of malware designed to help cybercriminals steal information from infected systems is now actively distributed in the wild.
UltraRank Group Stole Card Data From Hundreds of Sites Using JS Sniffers (SecurityWeek, Aug 27 2020)
Old Malware Tool Acquires New Tricks (Dark Reading, Aug 27 2020)
Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients.
The Inside Threat from Psychological Manipulators (Dark Reading, Aug 27 2020)
How internal manipulators can actually degrade your organization’s cyber defense, and how to defend against them.
Sizing up new ransomware is a hefty task for threat analysts, victims (SC Media, Aug 28 2020)
Several menacing new ransomware threats have been sprouting up like weeds this summer, tormenting victims with both traditional file encryption and the publishing of stolen data on leak sites.
New Attacks Allow Bypassing EMV Card PIN Verification (SecurityWeek, Aug 28 2020)
Researchers with ETH Zurich have identified vulnerabilities in the implementation of the payment card EMV standard that allow for the mounting of attacks targeting both the cardholder and the merchant.