A Review of the Best News of the Week on Cyber Threats & Defense

Five Eyes Cybersecurity Agencies Release Incident Response Guidance (SecurityWeek, Sep 07 2020)
Cybersecurity agencies in Australia, Canada, New Zealand, the United Kingdom, and the United States have published a joint advisory focusing on detecting malicious activity and incident response.

read more

Apple notarization process, meant to protect, approved Shlayer malware (SC Media, Sep 01 2020)
Apple appears to have inadvertently approved OSX.Shlayer malware as part of the security notarization process it has touted would boost user confidence that the Developer ID-signed software they distribute has the innovative tech giant’s seal of approval. “While it is unclear “what the Shlayer folks did to get their malware notarized,” essentially Apple’s process “allowed…

Visa Issues Alert for ‘Baka’ JavaScript Skimmer (SecurityWeek, Sep 07 2020)
A JavaScript skimmer identified earlier this year uses dynamic loading to avoid detection by static malware scanners, Visa warns. Referred to as Baka, the e-commerce skimmer was first discovered in February 2020, but has already impacted several merchant websites across numerous global regions.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

How to effectively combat RDP attacks for secure remote access (SC Media, Sep 04 2020)
The rise of the coronavirus pandemic has prompted organizations around the world to adopt a work-from-home policy. Analysis from security firm Kaspersky found that this sudden shift has resulted in more than 1.5 million new Remote Desktop Protocol (RDP) network attacks globally.

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites (Ars Technica, Sep 01 2020)
Flaw is in File Manager, a plugin with more than 700,000 users; 52% are affected.

New Threat Activity by Lazarus Group Spells Trouble For Orgs (Dark Reading, Sep 01 2020)
The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation’s missile program, security experts say.

New APT Pioneer Kitten Linked to Iranian Government (Dark Reading, Sep 01 2020)
The group’s targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.

Companies continue to expose unsafe network services to the internet (Help Net Security, Sep 02 2020)
33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet, according to RiskRecon. In addition, organizations that expose unsafe services to the internet also exhibit more critical security findings.

Complex new attack targets managed service providers, hiding in Google traffic (SC Media, Sep 02 2020)
Managed service providers are being targeted with malware that uses a complex mixture of strategies to go unnoticed, according to Huntress Labs. The attack is more complex than originally thought, according to a followup report Wednesday on the malware first detailed in June.

55% of Cybersquatted Domains Are Malicious or Potentially Fraudulent (Dark Reading, Sep 02 2020)
The largest online companies, such as Apple and PayPal, and banks are being targeted by cybersquatters, who are also taking advantage of the pandemic, a study finds.

KryptoCibule’ Uses Several Tricks to Maximize Cryptocurrency Theft (Dark Reading, Sep 02 2020)
The malware family uses multiple tactics to steal as much cryptocurrency as possible while flying under the radar.

A single text is all it took to unleash code-execution worm in Cisco Jabber (Ars Technica, Sep 03 2020)
Proof-of-concept exploits demonstrated the severity of bugs Cisco just fixed.

The Hidden Security Risks of Business Applications (Dark Reading, Sep 04 2020)
Today’s enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It’s important that they also know the risks.

New Email-Based Malware Campaigns Target Businesses (Dark Reading, Sep 03 2020)
Researchers who found "Salfram" say its campaigns use the same crypter to distribute payloads, including ZLoader, SmokeLoader, and AveMaria.

Credit Card Skimmer Hits Over 1500 Websites (Infosecurity Magazine, Sep 04 2020)
Magecart-linked Inter skimmer hits over 1500 websites

Phishing tricks – the Top Ten Treacheries of 2020 (Naked Security – Sophos, Sep 04 2020)
Here’s the Top Ten – or perhaps we mean The Worst Ten. How many would you fall for?

Ad Fraud: The Multibillion-Dollar Cybercrime CISOs Might Overlook (Dark Reading, Sep 04 2020)
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed — fraud can be a step to more significant attacks. Here’s what to know and how to take action.

Strategic Cyber Warfare Heats Up (Dark Reading, Sep 04 2020)
It’s “anything goes,” according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week’s virtual Disclosure Conference.

How to protect yourself from the hidden threat of evasive scripts (Help Net Security, Sep 07 2020)
Evasion techniques are used by cybercriminals to evade detection, and they are especially prevalent in the context of scripts, which on their own have legitimate uses (e.g., to automate processes on a computer system). Unfortunately, scripts can also be used for malicious purposes, and malicious scripts are unlikely to be detected or blocked by the average antimalware solution.