A Review of the Best News of the Week on Cyber Threats & Defense

Emotet and TrickBot Top the Malware Charts Yet Again (Infosecurity Magazine, Nov 09 2020)
Check Point points to resulting surge in ransomware infections

Detecting Phishing Emails (Schneier on Security, Nov 06 2020)
“Once they find such information, then they move to stage three and deal with the email by deleting it or reporting it. I discuss ways this process can fail, and implications for improving training of end users about phishing.”

Bug Bounty Hunters Earn $1.2 Million at Chinese Hacking Competition (SecurityWeek, Nov 09 2020)
Bug bounty hunters have earned a total of more than $1.2 million over the weekend at the 2020 Tianfu Cup International PWN Contest, a major hacking competition that takes place every year in China.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Over 12% of ICS Security Incidents Attributed to Nation-State Hackers: Survey (SecurityWeek, Nov 03 2020)
The Control System Cyber Security Association International (CS)2AI and KPMG on Monday announced their first annual cybersecurity report focusing on industrial control systems (ICS) and operational technology (OT).

APT Groups Get Innovative — and More Dangerous — in Q3 (Dark Reading, Nov 03 2020)
He describes the attack as involving the introduction of rogue logic into existing Unified Extensible Firmware Interface (UEFI) firmware. UEFI is a specification for the interface between a computer’s operating system and platform firmware. UEFI has mostly replaced the traditional BIOS in modern PCs.

The UEFI modification allowed the attacker to install malware that was so persistent it could survive operating system reinstallation and even replacement of the hard drive. “Such campaigns are not very common for several reasons,” Lechtik says. “Most notably, introduction of rogue logic into an existing UEFI firmware is a complicated process that typically requires finding security soft spots in the targeted platform.”

Researcher Warns 100,000 Devices Still Vulnerable to SMBGhost Attacks (SecurityWeek, Nov 02 2020)
Over 100,000 computers remain affected by the Windows vulnerability known as SMBGhost, more than half a year after a patch was rolled out, new research reveals.

Google fixes two more Chrome zero-days that were under active exploit (Ars Technica, Nov 03 2020)
Both desktop and Android versions are affected.

U.S. Seizes More Domains Used by Iran for Disinformation (SecurityWeek, Nov 05 2020)
The United States this week announced that it seized 27 domain names that were employed by Iran’s Islamic Revolutionary Guard Corps (IRGC) to spread disinformation.

Mandiant Details Recently Patched Oracle Solaris Zero-Day (SecurityWeek, Nov 05 2020)
FireEye Mandiant has published detailed information on an Oracle Solaris vulnerability that has been exploited in attacks by a sophisticated threat actor.

Chinese APT Uses DLL Side-Loading in Attacks on Myanmar (SecurityWeek, Nov 05 2020)
A Chinese threat actor is leveraging DLL side-loading for the execution of malicious code in attacks targeting organizations in Myanmar, Sophos security researchers reveal.

Vietnamese Hackers Ran ‘Fake News’ Websites To Target Visitors (VICE, Nov 06 2020)
Researchers found several websites created and maintained by a government hacking group that wanted to track and infect victims with malware.

Preventing and Mitigating DDoS Attacks: It’s Elementary (Dark Reading, Nov 09 2020)
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.

New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities (Dark Reading, Nov 06 2020)
Researchers discover a new worm and botnet dubbed Gitpaste-12 for its ability to spread via GitHub and Pastebin.