A Review of the Best News of the Week on Cyber Threats & Defense
FBI warns of threat actors spoofing Bureau domains, email accounts (WeLiveSecurity, Nov 27 2020)
The U.S. law enforcement agency shares a sampling of more than 90 spoofed FBI-related domains registered recently
Latest Version of TrickBot Employs Clever New Obfuscation Trick (Dark Reading, Nov 24 2020)
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
Experts say restoring Baltimore County school network may take weeks, with classes potentially back in days (Baltimore Sun, Nov 30 2020)
School officials issued a statement on Friday saying the district continues to address the “catastrophic attack on our technology system” but gave no specifics on when online learning might be back up and running.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Printers’ Cybersecurity Threats Too Often Ignored (Dark Reading, Nov 24 2020)
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
Complex cyber attacks target online retailers (Help Net Security, Nov 24 2020)
Simple bots are used in 44.15% of these attacks and function by connecting to a single, ISP-assigned IP address. The leading sources for these attacks are the United States (30.93%), Russia (14.39%) and Ukraine (12.92%).
Ransomware gangs hunt for tax software to ratchet up pressure on victims (SC Media, Nov 23 2020)
The tactics seek out highly sensitive data as leverage, targeting small businesses whose efforts to be tax-compliant could be seriously disrupted.
MasterChef Producer Hit by Double Extortion Ransomware (Infosecurity Magazine, Nov 30 2020)
French multinational Banijay reveals “cyber-incident”
Tackling the three biggest challenges of the new attack surface (SC Media, Nov 30 2020)
During the COVID-19 period, we’ve seen our networks stretched beyond what they were ever designed to support, with many organizations scrambling to deliver the infrastructure necessary to make work-from-home effective. Here are three of the biggest challenges that security, networking and IT teams face today, along with some advice on how to overcome them.
Vietnam-Linked Cyberspies Use New macOS Backdoor in Attacks (SecurityWeek, Nov 30 2020)
Trend Micro’s security researchers have identified a new macOS backdoor that they believe is used by the Vietnamese threat actor OceanLotus.
PHP 8: What WordPress Users Need to Know (Wordfence, Nov 30 2020)
PHP 8.0 is set to be released on November 26, 2020, and WordPress site owners and developers may be in for a rough ride
Check Washing (Schneier on Security, Nov 30 2020)
“I can’t believe that check washing is still a thing:
“Check washing” is a practice where thieves break into mailboxes (or otherwise steal mail), find envelopes with checks, then use special solvents to remove the information on that check (except for the signature) and then change the payee and the amount to a bank account under their control so that it could be deposited at out-state-banks and oftentimes by a mobile phone.
The article suggests a solution: stop using paper checks.”
cPanel 2FA bypass vulnerability can be exploited through brute force (Help Net Security, Nov 25 2020)
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found. The vulnerability has been patched last week and, by now, web hosting providers have hopefully upgraded their installations.
U of Vermont Medical Center Continuing Cyber-Attack Recovery (SecurityWeek, Nov 27 2020)
The University of Vermont Medical Center is continuing to recover from the cyber attack late last month that crippled access to electronic records at the Burlington hospital.
Drupal Releases Out-of-Band Security Updates Due to Availability of Exploits (SecurityWeek, Nov 27 2020)
The developers of the Drupal content management system (CMS) released out-of-band security updates right before Thanksgiving due to the availability of exploits.
SD-WAN Product Vulnerabilities Allow Hackers to Steer Traffic, Shut Down Networks (SecurityWeek, Nov 30 2020)
Researchers at cybersecurity consulting firm Realmode Labs have identified vulnerabilities in SD-WAN products from Silver Peak, Cisco, Citrix and VMware, including potentially serious flaws that can be exploited to steer traffic or completely shut down an organization’s network.