A Review of the Best News of the Week on Cyber Threats & Defense
macOS Big Sur 11.0.1 Patches 60 Vulnerabilities (SecurityWeek, Nov 16 2020)
The first update released by Apple for macOS Big Sur 11.0 addresses 60 vulnerabilities affecting various components of the operating system.
Major ransomware strain jumps from Windows to Linux (SC Media, Nov 09 2020)
Kaspersky researchers noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion that pointed to an encounter with a Linux strain of the RansomEXX ransomware family.
Here are the most common ways businesses get compromised by ransomware (SC Media, Nov 13 2020)
Most organizations know they need to defend their information technology and business assets from ransomware. It’s figuring out the how and where that so often trips them up.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Ransomware Group Turns to Facebook Ads (Krebs on Security, Nov 10 2020)
It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.
New side-channel attacks allow access to sensitive data on Intel CPUs (Help Net Security, Nov 10 2020)
An international team of security researchers is presenting new side-channel attacks (CVE-2020-8694 and CVE-2020-8695), which use fluctuations in software power consumption to access sensitive data on Intel CPUs. Intel and power side-channel attacks Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys.
Insecure APIs a Growing Risk for Organizations (Dark Reading, Nov 09 2020)
Security models for application programming interfaces haven’t kept pace with requirements of a non-perimeter world, Forrester says.
Most UK businesses using Oracle E-Business Suite are running old systems (Help Net Security, Nov 09 2020)
The majority of UK businesses using Oracle E-Business Suite (EBS) are running on old versions of the business critical ERP system, according to a Claremont study. Of the 154 IT professionals polled, 64% revealed they are running on an earlier version that the current R12.2.
Breaking down a four-step process to email security (SC Media, Nov 09 2020)
Organizations of all sizes face the same incredibly daunting challenge: the bad guys will always try to attack email. Users working on any email platform must communicate effectively and securely while helping their organization fight against phishing, account takeovers, data breaches, and business email compromises.
Ubuntu fixes bugs that standard users could use to become root (Ars Technica, Nov 10 2020)
A handful of commands was all it took for untrusted users to become all-powerful.
Encryption-based threats grow by 260% in 2020 (Help Net Security, Nov 11 2020)
New Zscaler threat research reveals the emerging techniques and impacted industries behind a 260-percent spike in attacks using encrypted channels to bypass legacy security controls. Showing that cybercriminals will not be dissuaded by a global health crisis, they targeted the healthcare industry the most.
Five Emerging Cyber-Threats to Watch Out for in 2021 (Infosecurity Magazine, Nov 11 2020)
The five trends that will dominate the cybersecurity landscape in 2021
PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption (SecurityWeek, Nov 10 2020)
Researchers have disclosed the details of a new side-channel attack method that can be used to obtain sensitive information from a system by observing variations in the processor’s power consumption.
DNS cache poisoning, the Internet attack from 2008, is back from the dead (Ars Technica, Nov 12 2020)
A newly found side channel in a widely used protocol lets attackers spoof domains.
Pay2Key’ Could Become Next Big Ransomware Threat (Dark Reading, Nov 12 2020)
Researchers from Check Point say an Iranian-based threat actor has successfully attacked multiple Israeli companies could soon go global.
Manufacturing Sees Rising Ransomware Threat (Dark Reading, Nov 12 2020)
Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.
New ‘CostaRicto’ Hack-for-Hire Group Targets Global Businesses (Dark Reading, Nov 12 2020)
The group of APT mercenaries uses bespoke malware and strong operation security to target a range of organizations, located primarily in Southeast Asia.
Like the Energizer Bunny, Trickbot Goes On and On (Dark Reading, Nov 12 2020)
Recent efforts to take down the virulent botnet have been largely — but not entirely — successful.
Microsoft advises users to stop using SMS- and voice-based MFA (Help Net Security, Nov 12 2020)
Multi-factor authentication (MFA) that depends on one of the authentication factors being delivered via SMS and voice calls should be avoided, Alex Weinert, Director of Identity Security at Microsoft, opined. That’s not to say that MFA should be avoided, though, just that there are safer and more reliable ways to get additional authentication factors.
Researchers discover POS backdoor targeting the hospitality industry (Help Net Security, Nov 12 2020)
ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS (point-of-sale) – a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide. The majority of the identified targets were from the United States.
Capcom: Up to 350,000 people could be affected by ransomware leak (Ars Technica, Nov 16 2020)
Investigation continues into encrypted files and deleted logs.