A Review of the Best News of the Week on Cyber Threats & Defense

NSA Publishes Guidance on Adoption of Zero Trust Security (SecurityWeek, Mar 01 2021)
The U.S. National Security Agency (NSA) has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model.

Hackers Tied to Russia’s GRU Targeted the US Grid for Years (Wired, Feb 24 2021)
A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos.

Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts (SecurityWeek, Feb 26 2021)
In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer (Dark Reading, Feb 23 2021)
Any organization can use MITRE ATT&CK as a force multiplier, but it’s especially valuable for small ones.

Cybercriminals Target QuickBooks Databases (Dark Reading, Feb 24 2021)
Stolen financial files then get sold on the Dark Web, researchers say.

Google Funds Linux Kernel Security Development (SecurityWeek, Feb 25 2021)
Google and the Linux Foundation this week announced the prioritizing of funds to allow long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving the security of the platform.

Google Discloses Details of Remote Code Execution Vulnerability in Windows (SecurityWeek, Feb 24 2021)
Google’s cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.

Code-execution flaw in VMware has a severity rating of 9.8 out of 10 (Ars Technica, Feb 25 2021)
Thousands of servers running vCenter server could be in for a nasty surprise.

Massive rise in threats across expanding attack surfaces (Help Net Security, Feb 26 2021)
There was a massive increase in cyber threats globally year-over-year fueled by both the pandemic and expanding attack surfaces, Skybox Security reveals. Expanding attack surfaces New malware samples nearly doubled: New ransomware samples increased 106% year-over-year.

U.S. municipalities are the perfect target for cybercriminals in 2021 (Help Net Security, Feb 24 2021)
On Feb 5th, 2021, a hacker gained remote access to a water treatment plant in Oldsmar, Florida, and was able to adjust the amount of sodium hydroxide in the water from 100 parts per million to 11,100.

Universities Face Double Threat of Ransomware, Data Breaches (Dark Reading, Feb 24 2021)
Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.

Microsoft Releases Free Tool for Hunting SolarWinds Malware (Dark Reading, Feb 25 2021)
Meanwhile, researchers at SecurityScorecard say the “fileless” malware loader in the attack – Teardrop – actually dates back to 2017

Microsoft Releases Open Source Resources for Solorigate Threat Hunting (SecurityWeek, Feb 26 2021)
Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack.

Unprotected Private Key Allows Remote Hacking of Rockwell Controllers (SecurityWeek, Feb 26 2021)
Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation.

Here’s How North Korean Hackers Stole Data From Isolated Network Segment (SecurityWeek, Feb 25 2021)
During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.

Data is most at risk on email, with 83% of organizations experiencing email data breaches (Help Net Security, Feb 28 2021)
95% of IT leaders say that client and company data is at risk on email, an Egress report reveals. Additionally, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months.