A Review of the Best News of the Week on Cyber Threats & Defense
Lack of visibility into remote endpoints leaves companies vulnerable to ransomware (Help Net Security, Feb 03 2021)
Illumio released findings on visibility and security practices for remote endpoints, revealing how vulnerable organizations are to ransomware propagating throughout the network and the impact large-scale breaches have on a business – essentially grinding operations to a halt. The report uncovers the risks businesses face from having large swaths of their employees work from home and explores what this means as workers come back to the office part-time.
Three ways MITRE ATT&CK can improve your organizational security (Help Net Security, Feb 08 2021)
There’s a good reason everyone’s talking about MITRE ATT&CK: it’s an objective, third-party standard with which organizations can measure their own detection coverage, as well as the coverage provided by EDR solutions. Still, even while you appreciate ATT&CK, it’s not always clear how you can use it to improve your own organizational security. In this article, I’ll lay out how you can use ATT&CK for the greatest effect.
Remote Desktop Protocol Attacks Surge by 768% (Infosecurity Magazine, Feb 08 2021)
RDP attacks continued to grow in Q4 of 2020, but at a slower rate
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
SonicWall Says ‘a Few Thousand Devices’ Impacted by Zero-Day Vulnerability (SecurityWeek, Feb 02 2021)
SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.
Concerns Over API Security Grow as Attacks Increase (Dark Reading, Feb 03 2021)
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
Spotify Hit With Another Credential-Stuffing Attack (Dark Reading, Feb 05 2021)
This marks the second credential-stuffing attack to hit the streaming platform in the last few months.
Google: Insufficient and rushed patching leads to more zero-day exploits (SC Media, Feb 05 2021)
The findings highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix.
Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration (SecurityWeek, Feb 08 2021)
A recently investigated malicious attack was abusing a locally loaded Chrome extension to exfiltrate data and establish communication with the command and control (C&C) server
New supply chain attack uses poisoned updates to infect gamers’ computers (Ars Technica, Feb 01 2021)
If you’ve used NoxPlayer in the past 5 months, it’s time to check for malware.
Fighting Fileless Malware, Part 1: What Is It? (Dark Reading, Feb 02 2021)
Despite multiple layers of protection, fileless malware cyberattacks remain rampant and difficult to defeat. In this, the first of The Edge’s three-part series about the cyberthreat and how to fight back, you’ll learn what fileless malware is and why it’s so dangerous.
Linux malware backdoors supercomputers (Help Net Security, Feb 02 2021)
ESET researchers discovered Kobalos, a malware that has been attacking supercomputers – high performance computer (HPC) clusters – as well as other targets such as a large Asian ISP, a North American endpoint security vendor, and several privately held servers. “Perhaps unrelated to the events involving Kobalos, there were multiple security incidents involving HPC clusters in the past year.
An Observability Pipeline Could Save Your SecOps Team (Dark Reading, Feb 03 2021)
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.
NIST provides guidance to protect controlled unclassified information (Help Net Security, Feb 03 2021)
Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them.
Penetration tests can help companies avoid future breaches (SC Media, Feb 04 2021)
A ransomware attack targeted the email systems at Cleveland Hopkins International Airport in April 2019. Today’s columnist, David Trepp of BPM LLP, says detailed pen tests will show how systems can handle future attacks on email and other critical systems.
Web Application Attacks Grow Reliant on Automated Tools (Dark Reading, Feb 04 2021)
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
Enterprises average one root access orphan key on every enterprise server (Help Net Security, Feb 05 2021)
SSH machine identities are critical to digital transformation strategies, as they authenticate privileged access between machines and are ubiquitous across enterprise networks. While CIOs say they are concerned about the security risks SSH machine identities pose, survey data indicates they seriously underestimate the scope of these risks.
Google: Better patching could have prevented 1 in 4 zero‑days last year (WeLiveSecurity, Feb 05 2021)
Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google
Chrome users have faced 3 security concerns over the past 24 hours (Ars Technica, Feb 05 2021)
A 0-day, malicious extension, and sync abuse are keeping Google developers busy.