A Review of the Best News of the Week on Cyber Threats & Defense

FBI: Block Email Forwarding to Stop BEC Attackers (Infosecurity Magazine, Dec 02 2020)
Feds warn of visibility challenge for IT administrators

Mac users warned of more Ocean Lotus malware targeted attacks (Graham Cluley, Dec 02 2020)
Security researchers have warned of the latest incarnation of a backdoor trojan horse that has been used in the past to target Mac users. If you’re a Mac user, I really hope you’re running anti-virus software.

Unmanaged Devices Heighten Risks for School Networks (Dark Reading, Dec 01 2020)
Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K-12 school networks.


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Manipulating Systems Using Remote Lasers (Schneier on Security, Dec 01 2020)
Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant.

FINRA Warns Brokerage Firms of Phishing Campaign (SecurityWeek, Dec 03 2020)
Cybercriminals are using a recently registered lookalike domain in a phishing campaign targeting United States organizations, FINRA (the Financial Industry Regulatory Authority) warns.

Researchers Bypass Next-Generation Endpoint Protection (Dark Reading, Dec 03 2020)
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.

How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results? (Help Net Security, Dec 01 2020)
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of popular site operators haven’t learned from the 2016 Dyn/Mirai incident/attack and set up a backup DNS server, and the other has shown that the rate of DNS spoofing, though still very small, has more than doubled in less than seven years.

Malware may trick biologists into generating dangerous toxins in their labs (Help Net Security, Nov 30 2020)
An end-to-end cyber-biological attack, in which unwitting biologists may be tricked into generating dangerous toxins in their labs, has been discovered by Ben-Gurion University of the Negev researchers. Malware could replace physical contact According to a paper, it is currently believed that a criminal needs to have physical contact with a dangerous substance to produce and deliver it. However, malware could easily replace a short sub-string of the DNA on a bioengineer’s computer so that…

Consumers vastly misjudge the vulnerability of their home networks (Help Net Security, Dec 01 2020)
Internet users in the United States vastly underestimate how often their home networks are targeted by cyber threats. That’s one of the key findings of a new Comcast report. Cyber threats growing numerous and complex Since January, nearly six billion cybersecurity threats have been blocked – representing an average of about 104 cybersecurity threats per home per month.

#WebSummit: Common API Security Risks and How to Mitigate Them (Infosecurity Magazine, Dec 02 2020)
APIs are becoming increasingly challenging to secure

Recent Oracle WebLogic Vulnerability Exploited to Deliver DarkIRC Malware (SecurityWeek, Dec 02 2020)
Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems.

CISA, FBI Warn of Attacks Targeting U.S. Think Tanks (SecurityWeek, Dec 02 2020)
Threat actors are continuously targeting United States think tanks, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn.

One of the Internet’s most aggressive threats could take UEFI malware mainstream (Ars Technica, Dec 03 2020)
New feature targets the most critical component of all modern-day computers.

How to reduce the risk of third-party SaaS apps (Help Net Security, Dec 03 2020)
Third-party SaaS apps (and extensions) can significantly extend the functionality and capabilities of an organization’s public cloud environment, but they can also introduce security concerns. Many have permission to read, write, and delete sensitive data, which can have a tremendous impact on security, business, and compliance risk. Assessing the risk of these applications is the key to maintaining a balance between safety and productivity.

This Notorious Botnet Has an Alarming New Trick (Security Latest, Dec 03 2020)
The hackers behind TrickBot have begun probing victim PCs for vulnerable firmware, which would let them persist on devices undetected.

Ransomware Set for Evolution in Attack Capabilities in 2021 (Infosecurity Magazine, Dec 04 2020)
Ransomware will be sold as service by professional outfits collaborating to deliver better variants of attack

Universities Attacked by Phishing Campaign (Infosecurity Magazine, Dec 03 2020)
Shadow Academy phishing campaign has targeted 20 universities worldwide, including Oxford University

Ransomware attacks target backup systems, compromising the company ‘insurance policy’ (SC Media, Dec 07 2020)
Bad actors gain leverage by targeting the longtime failsafe for companies looking to mitigate damage without giving in to ransomware demands.

US Intelligence Director Says China is Top Threat to America (SecurityWeek, Dec 04 2020)
China poses the greatest threat to America and the rest of the free world since World War II, outgoing National Intelligence Director John Ratcliffe said Thursday as the Trump administration ramps up anti-Chinese rhetoric to pressure President-elect Joe Biden to be tough on Beijing.

The NSA Warns That Russia Is Attacking Remote Work Platforms (Wired, Dec 07 2020)
A vulnerability in VMWare has prompted a warning that companies—and government agencies—need to patch as soon as possible.