A Review of the Best News of the Week on Cyber Threats & Defense
Intel unveils ransomware-fighting CPUs (SC Media, Jan 15 2021)
The capability is an easy win for CISOs, which can benefit with limited tweaks to machines.
Hackers used 4 zero-days to infect Windows and Android devices (Ars Technica, Jan 13 2021)
Boobytrapped websites are used by attackers to infect people who visited them.
CISA says multiple attacks on cloud services bypassed multifactor authentication (SC Media, Jan 14 2021)
Threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
German Police Take Down ‘World’s Largest Darknet Marketplace’ (SecurityWeek, Jan 12 2021)
A German-led police operation has taken down the “world’s largest” darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware, prosecutors said Tuesday.
The SolarWinds Hackers Shared Tricks With a Russian Spy Group (Wired, Jan 11 2021)
Security researchers have found links between the attackers and Turla, a sophisticated team suspected of operating out of Moscow’s FSB intelligence agency.
Mimecast Cert Abused to Target Inboxes in “Sophisticated” Attack (Infosecurity Magazine, Jan 13 2021)
Security vendor says attackers used it to access Microsoft 365 accounts
Over 70 Vulnerabilities Will Remain Unpatched in EOL Cisco Routers (SecurityWeek, Jan 14 2021)
Cisco this week announced that it does not plan on addressing tens of vulnerabilities affecting some of its small business routers.
New Tool Sheds Light on AppleScript-Obfuscated Malware (Dark Reading, Jan 11 2021)
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
Top videoconferencing attacks and security best practices (Help Net Security, Jan 11 2021)
Videoconferencing has become a routine part of everyday life for remote workers, students, and families. Yet widespread adoption of this technology has also attracted nefarious characters whose motivations can range from simple disruption to full-out espionage.
DarkSide decryptor unlocks systems without ransom payment – for now (SC Media, Jan 11 2021)
The decryptor works for all current DarkSide infections, but that will likely change soon as the group reacts and adapts to the disclosure.
Operation Spalax: Targeted malware attacks in Colombia (WeLiveSecurity, Jan 12 2021)
ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries
Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways (SecurityWeek, Jan 14 2021)
Several vulnerabilities have been identified in Pepperl+Fuchs Comtrol IO-Link Master industrial gateways, including flaws that researchers claim can be exploited to gain root access to a device and create backdoors.
Successful Malware Incidents Rise as Attackers Shift Tactics (Dark Reading, Jan 15 2021)
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.
Malware incidents on remote devices increase (Help Net Security, Jan 17 2021)
52% of organizations experienced a malware incident on remote devices in 2020, up from 37% in 2019, a Wandera report reveals. Of devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021.