A Review of the Best News of the Week on Cyber Threats & Defense
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers (Dark Reading, Oct 20 2020)
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
Microsoft, MITRE Release Adversarial Machine Learning Threat Matrix (SecurityWeek, Oct 23 2020)
Microsoft and MITRE, in collaboration with a dozen other organizations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning (ML) systems.
US Treasury Sanctions Russian Institution Linked to Triton Malware (Dark Reading, Oct 23 2020)
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Share today’s post on Twitter Facebook LinkedIn
DNS attacks increasingly target service providers (Help Net Security, Oct 26 2020)
The telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP. DNS attacks on service providers According to the IDC 2020 Global DNS Threat Report, organizations in the sector experienced an average of 11.4 attacks last year, compared to 9.5 attacks across industries. Overall, 83% of service provider organizations experienced a DNS attack.
Finland Shocked by Therapy Center Hacking, Client Blackmail (SecurityWeek, Oct 25 2020)
Finland’s interior minister summoned key Cabinet members into an emergency meeting Sunday after hundreds — and possibly thousands — of patient records at a private Finnish psychotherapy center were accessed by a hacker or hackers now demanding ransoms.
Adblockers installed 300,000 times are malicious and should be removed now (Ars Technica, Oct 20 2020)
If you have Chromium versions of Nano Adblocker or Nano Defender, pay attention.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data (Dark Reading, Oct 21 2020)
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Botnet Infects Hundreds of Thousands of Websites (Dark Reading, Oct 22 2020)
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
5 tips to reduce the risk of email impersonation attacks (Help Net Security, Oct 23 2020)
“Email attacks have moved past standard phishing and become more targeted over the years. In this article, I will focus on email impersonation attacks, outline why they are dangerous, and provide some tips to help individuals and organizations reduce their risk exposure to impersonation attacks.”
#SecTorCa: How One Malicious Message Could Exploit an Enterprise (Infosecurity Magazine, Oct 23 2020)
Researcher reveals true depth of flaw in Microsoft Teams that was patched earlier this year
Attackers prey on Microsoft Teams accounts to steal credentials (SC Media, Oct 22 2020)
A new phishing attack impersonates an automated communications message from Microsoft Teams to steal a corporate user’s login credentials. Abnormal Security, which disclosed the attack method today in a blog, maintains that Microsoft Teams has become a popular communication tool, particularly during the pandemic, making it an attractive brand for attackers to impersonate.
National Guard called in to thwart cyberattack in Louisiana (Daily Mail, Oct 23 2020)
The series of cyberattacks aimed at small government offices across Louisiana highlight the cyber threat facing local governments in the run up to the 2020 U.S. presidential election.
Flurry of Warnings Highlight Cyber Threats to US Elections (Dark Reading, Oct 23 2020)
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.
Attackers finding new ways to exploit and bypass Office 365 defenses (Help Net Security, Oct 26 2020)
Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals. How criminals bypass Office 365 defenses Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise to evade traditional email defenses, which are based on already-known threats.
Attacks Exploiting Digital Certs Soar by 700% in Five Years (Infosecurity Magazine, Oct 26 2020)
Venafi claims the enterprise attack surface is rapidly expanding
Sophie Pingor, breaking into Walmart for the sake of security (SC Media, Oct 26 2020)
Sophie Pingor, aka Jek Hyde, was clearly not the prototypical pen tester or hacker when she left the University of North Texas with a journalism degree some five-plus years ago. Pingor worked on the school newspaper and then after college started working at KERA radio in the Dallas-Fort Worth area. It was there that she became interested in security, volunteering for stories about the latest breaches…
Apple Notarizes Six New Variants of ‘MacOffers’ Adware (SecurityWeek, Oct 26 2020)
Apple has inadvertently given the thumbs up to six new malware variants, according to researchers at Mac security solutions provider Intego.