A Review of the Best News of the Week on Cyber Threats & Defense

Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw (Dark Reading, Sep 21 2020)
The directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack (Krebs on Security, Sep 17 2020)
The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

Google offers high-risk Chrome users additional scanning of risky files (Help Net Security, Sep 18 2020)
Google is providing a new “risky files” scanning feature to Chrome users enrolled in its Advanced Protection Program (APP). About the Advanced Protection Program Google introduced the Advanced Protection Program in 2017. It’s primarily aimed at users whose accounts are at high risk of compromise through targeted attacks – journalists, human rights and civil society activists, campaign staffers and people in abusive relationships, executives and specific employees – but anyone can sign up for it.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

#GartnerSEC: Understanding a Changing Threat Landscape in Light of #COVID19 (Infosecurity Magazine, Sep 16 2020)
Organizations must show agility to protect themselves effectively

CISA Issues Chinese Hacking Groups Warning (Infosecurity Magazine, Sep 15 2020)
CISA issues security advisory regarding threat actors linked to Chinese Ministry of State Security

Department of Justice Worried Drones Will Lift People Over Prison Walls (VICE, Sep 17 2020)
Most of the drones big enough to lift human beings are so expensive that criminals may as well get a helicopter.

Time for CEOs to Stop Enabling China’s Blatant IP Theft (Dark Reading, Sep 17 2020)
Protecting intellectual property in the name of US economic and national security should be part of every company’s fiduciary duty.

FBI opens China-related counterintelligence case every 10 hours (SC Media, Sep 17 2020)
Among the particular concerns, said FBI Director Christopher Wray, is the targeting of managed service providers as a way of attacking multiple victims by hacking just one provider.

How to enforce real-time controls based on behavior risk scoring (Help Net Security, Sep 15 2020)
For decades, the traditional approach to securing digital assets has been based on using a primary set of credentials, namely a username and password. This binary model – a user supplies his/her credentials and they are allowed into the network, application, etc. – has run its course. Everyone knows this, especially cybercriminals.

Outbound Email Errors Cause 93% Increase in Breaches (Infosecurity Magazine, Sep 16 2020)
Businesses still rely on employees to report outbound email failures

h2c Smuggling: A New ‘Devastating’ Kind of HTTP Request (Dark Reading, Sep 17 2020)
The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here’s what infosec pros should know.

What’s on Your Enterprise Network? You Might be Surprised (Dark Reading, Sep 16 2020)
The strangest connected devices are showing up, and the threats they pose to security should not be overlooked.

8 Reasons Perimeter Security Alone Won’t Protect Your Crown Jewels (Dark Reading, Sep 16 2020)
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?

DDoS attacks rise in intensity, sophistication and volume (Help Net Security, Sep 17 2020)
There have been significant shifts in DDoS attack patterns in the first half of 2020, a Neustar report reveals. There has been a 151% increase in the number of DDoS attacks compared to the same period in 2019. These included the largest and longest attacks that Neustar has ever mitigated at 1.17 Terabits-per-second (Tbps) and 5 days and 18 hours respectively.

Most people ignore QR code security concerns (Help Net Security, Sep 16 2020)
QR codes are rising in popularity and use, according to a consumer sentiment study by MobileIron. Sixty-four percent of respondents stated that a QR code makes life easier in a touchless world – despite a majority of people lacking security on their mobile devices, with 51% of respondents stating they do not have or do not know if they have security software installed on their mobile devices.

New Bluetooth Vulnerability (Schneier on Security, Sep 17 2020)
The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two separate authentication keys for that phone: one for a “Bluetooth Low Energy” device, and one for a device using what’s known as the “Basic Rate/Enhanced Data Rate” standard.

Enterprise Threat Visibility Versus Real-World Operational Constraints (SecurityWeek, Sep 17 2020)
The phrase “assume breach” has been transformational to enterprise security investment and defensive strategy for a few years but may now be close to retirement. 

FERC, NERC Conduct Study on Cyber Incident Response at Electric Utilities (SecurityWeek, Sep 21 2020)
The U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) last week released a report outlining cyber incident response and recovery best practices for electric utilities.