A Review of the Best News of the Week on Cyber Threats & Defense

Microsoft’s Making a Secure PC Chip—With Intel and AMD’s Help (Wired, Nov 17 2020)
The Pluton security processor will give the software giant an even more prominent role in locking down Windows hardware.

Symantec Reports on Cicada APT Attacks against Japan (Schneier on Security, Nov 20 2020)
“Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere.

Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well as custom malware in this attack campaign, including a custom malware — Backdoor.Hartip — that Symantec has not seen being used by the group before.”

How to Identify Cobalt Strike on Your Network (Dark Reading, Nov 18 2020)
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Zoom Debuts New Tools to Fight Meeting Disruptions (Dark Reading, Nov 16 2020)
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.

New Proposed DNS Security Features Released (Dark Reading, Nov 19 2020)
Verisign’s R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.

Major Power Outage in India Possibly Caused by Hackers: Reports (SecurityWeek, Nov 20 2020)
Authorities in India determined that a major power outage that occurred last month in Mumbai, the country’s largest city, may have been caused by hackers, according to reports.

New ‘LidarPhone’ Attack Uses Robot Vacuum Cleaners for Eavesdropping (SecurityWeek, Nov 23 2020)
A group of academic researchers has devised a new eavesdropping attack that leverages the lidar sensors present in commodity robot vacuum cleaners.

Researchers Show Tesla Model X Can Be Stolen in Minutes (SecurityWeek, Nov 23 2020)
Researchers from the Computer Security and Industrial Cryptography (COSIC) group at the KU Leuven university in Belgium have demonstrated that a Tesla Model X can be stolen in minutes by exploiting vulnerabilities in the car’s keyless entry system.

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services (Krebs on Security, Nov 21 2020)
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned.

How we’re advancing intelligent automation in network security (Google Cloud Blog, Nov 18 2020)
We’re always looking to make advanced security easier for enterprises so they can stay focused on their core business. Already this year, we’ve worked to strengthen DDoS protection, talked about some of the largest attacks we have stopped and made firewall defences more effective.

How to speed up malware analysis (Help Net Security, Nov 17 2020)
Today malware evolves very fast. Loaders, stealers, and different types of ransomware change so quickly, so it’s become a real challenge to keep up with them. Along with that analysis of them becomes harder and more time-consuming. But cybersecurity specialists can’t waste their time, waiting can cause serious damage. So, how to avoid all of that and speed up malware analysis?

Ransomware still the most common cyber threat to SMBs (Help Net Security, Nov 17 2020)
Ransomware still remains the most common cyber threat to SMBs, with 60% of MSPs reporting that their SMB clients have been hit as of Q3 2020, Datto reveals. More than 1,000 MSPs weighed in on the impact COVID-19 has had on the security posture of SMBs, along with other notable trends driving ransomware breaches.

Chinese APT FunnyDream Runs Riot in Southeast Asia (Infosecurity Magazine, Nov 18 2020)
Bitdefender says 200+ machines already compromised

Verizon Releases First Cyber-Espionage Report (Infosecurity Magazine, Nov 17 2020)
US telecommunications giant publishes first data-driven report on advanced cyber-spying

A perspective on security threats and trends, from inception to impact (Help Net Security, Nov 19 2020)
Sophos published a report which flags how ransomware and fast-changing attacker behaviors, from advanced to entry level, will shape the threat landscape and IT security in 2021. Increased gap between ransomware operators The gap between ransomware operators at different ends of the skills and resource spectrum will increase.

Sophos identifies top three security trends for 2021 (SC Media, Nov 18 2020)
In releasing its Sophos 2021 Threat Report today, the company’s researchers identified how ransomware and fast-changing attacker behaviors will shape the threat landscape and IT security in 2021.

Drupal-based sites open to attack via double extension files (CVE-2020-13671) (Help Net Security, Nov 23 2020)
Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also been urged to check that the vulnerability hasn’t already been covertly leveraged by attackers. About the vulnerability (CVE-2020-13671) CVE-2020-13671 exists because Drupal core (the standard release of Drupal) does not properly sanitize certain filenames on uploaded files.