The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. Report: U.S. Cyber Command Behind Trickbot Tricks (Krebs on Security, Oct 10 2020)
“A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command.”

2. Microsoft Uses Trademark Law to Disrupt Trickbot Botnet (Krebs on Security, Oct 12 2020)
Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.

3. FBI/DHS: Government election systems face threat from active Zerologon exploits (Ars Technica, Oct 09 2020)
Zerologon gives attackers instant access to all-powerful domain controllers.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn

*AI, IoT, & Mobile Security*
4. Android Ransomware Has Picked Up Some Foreboding New Tricks (Wired, Oct 08 2020)
While it’s still far more common on PCs, new research shows that mobile ransomware has undergone a worrying evolution.

5. C&C Panels of 10 IoT Botnets Compromised by Researchers (SecurityWeek, Oct 09 2020)
At the Virus Bulletin Conference last week, two security researchers explained how they were able to compromise the command and control (C&C) panels of 10 Internet of Things (IoT) botnets.

6. How AI detected a hacker hiding in an energy grid within hours of deployment (Darktrace Blog, Oct 09 2020)
Darktrace’s AI can identify the subtle signs of threat, even when the initial intrusion occurs prior to its deployment. This blog shows how by looking at a critical real-world detection at a European energy organization.

*Cloud Security, DevOps, AppSec*
7. 5 Hackers Found 55 Bugs in Apple Products in 3 Months and Made $51,500 (VICE, Oct 08 2020)
Apple rewarded the researchers for finding some very serious bugs in the company’s websites. But for some, the researchers should have been paid more.

One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.

8. Facebook starts ‘Hacker Plus’ loyalty program for bug bounties (SC Media, Oct 09 2020)
Facebook today launched Hacker Plus – a loyalty program that aims to offer incentives to security researchers with additional rewards and benefits. In a post by Dan Gurfinkel, a security engineering manager at Facebook, the company said security researchers will be eligible for additional bonuses on bounty awards, access to more soon-to-be-released products and features…

9. GitHub envisions a world with fewer software vulnerabilities (Help Net Security, Oct 13 2020)
The Code Scanning feature is powered by CodeQL, a powerful static analysis engine built by Semmle, which was acquired by GitHub in September 2019.

The engine can analyze code written in C, C++, C#, Java, JavaScript, TypeScript, Python and Go, but since the Code Scanning feature built on the open SARIF standard, it can also work with third-party analysis engines available from the GitHub Marketplace.

*Identity Mgt & Web Fraud*
10. Internet Freedom Has Taken a Hit During the Covid-19 Pandemic (Wired, Oct 14 2020)
From surveillance to arrests, governments are using the novel coronavirus as cover for a crackdown on digital liberty.

11. 2020 brings unique levels of PKI usage challenges (Help Net Security, Oct 13 2020)
Organizations are rapidly increasing the size, scope and scale of their data protection infrastructure, reflected in dramatic rises in adoption of public key infrastructure (PKI) across enterprises worldwide, according to Entrust research. PKI is at the core of nearly every IT infrastructure, enabling security for critical digital initiatives such as cloud, mobile device deployment, identities and the IoT.

12. Amazon’s Latest Gimmicks Are Pushing the Limits of Privacy (Wired, Oct 11 2020)
Privacy advocates warn that the Ring Always Home Cam and Amazon One both normalize aggressive new forms of data collection.

*CISO View*
13. Anatomy of Ryuk Attack: 29 Hours From Initial Email to Full Compromise (SecurityWeek, Oct 12 2020)
In the case of the attack observed by the DFIR Report, it all started with a malicious email that carried a link to download the Bazar/Kegtap loader, which injects into multiple processes, and which performs reconnaissance on the infected system, using Windows utilities like nltest and net group, as well as third-party tool AdFind.

The malware remained quiet for roughly one day, after which a second reconnaissance phase was launched, using the same tools, plus Rubeus. Data was exfiltrated to a remote server and the attackers started lateral movement.

To compromise additional systems on the network, the attackers used various methods, including remote WMI, remote service execution with PowerShell, and a Cobalt Strike beacon dropped over SMB. Next, the Cobalt Strike beacon was used as the main pivotal point.

Additional beacons were then established across the environment and PowerShell was employed to disable Windows Defender. Ryuk was executed one minute after being transferred over SMB from the pivot and, once encryption started, the servers used to store backups were hit first.

14. Here are the questions Congress asks after a ransomware attack (SC Media, Oct 09 2020)
Senator Mark Warner’s letter to UHS provides insight into what companies could face from government watchdogs in the wake of a ransomware attack.

15. Breach at Dickey’s BBQ Smokes 3M Cards (Krebs on Security, Oct 15 2020)
“One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.”