A Review of the Best News of the Week on Cybersecurity Management & Strategy
On Not Fixing Old Vulnerabilities (Schneier on Security, Mar 09 2021)
“How is this even possible?
…26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 20132017, which indicates a lack of recent software updates,” the reported stated.
26%!? One in four networks?”
Chinese hackers targeted SolarWinds customers in parallel with Russian op (Ars Technica, Mar 08 2021)
New data suggests that Russia wasn’t the only nation state hacking customers.
Warning the World of a Ticking Time Bomb (Krebs on Security, Mar 09 2021)
“Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United States. Each hacked server has been retrofitted with a “web shell” backdoor that gives the bad guys total, remote control, the ability to read all email, and easy access to the victim’s other computers. Researchers are now racing to identify, alert and help victims, and hopefully prevent further mayhem.”
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
McAfee Agrees Deal to Sell Enterprise Business for $4bn (Infosecurity Magazine, Mar 08 2021)
The transaction is expected to be completed by the end of 2021
When lawyers get hacked: How law firms grapple with risk tied to supply chain breaches (SC Media, Mar 05 2021)
As companies scramble to assess their own vulnerability amid the wave of supply chain attacks in recent months, law firms find themselves doing double duty: providing complex legal support to clients, and assessing internal safeguards to ensure they themselves practice what they preach.
Microsoft Pushes Patches for Older Versions of Exchange Server (Dark Reading, Mar 09 2021)
Additional patches arrive as CISA issues an alert urging all organizations to immediately patch the Microsoft Exchange vulnerabilities.
Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project (Dark Reading, Mar 08 2021)
Together, the vendor giants aim to make “in use” encryption — also known as “fully homomorphic encryption” — economical and practical.
Women in cybersecurity: Gender gap narrows but not enough (WeLiveSecurity, Mar 08 2021)
The number of women joining the ranks of cybersecurity practitioners is steadily increasing, but a lot still needs to be done to close the gap
‘Retaliation’ for Russia’s SolarWinds Spying Isn’t the Answer (Wired, Mar 08 2021)
It will be hard pointing to a specific line the Kremlin crossed that the US hasn’t crossed as well.
More on the Chinese Zero-Day Microsoft Exchange Hack (Schneier on Security, Mar 10 2021)
“Nick Weaver has an excellent post on the Microsoft Exchange hack:
The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During this time the attacker appeared to be relatively subtle, exploiting particular targets (although we generally lack insight into who was targeted). Microsoft determined on Feb. 18 that it would patch these vulnerabilities on the March 9th “Patch Tuesday” release of fixes.”
At least 10 hacking groups using Microsoft software flaw -researchers (Trust.org, Mar 11 2021)
At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break in to targets around the world, cybersecurity company ESET said in a blog post on Wednesday.
There’s a vexing mystery surrounding the 0-day attacks on Exchange servers (Ars Technica, Mar 11 2021)
A half-dozen groups exploiting the same 0-days is unusual, if not unprecedented.
Chinese linked to two attacks on internet-facing SolarWinds server (SC Media, Mar 09 2021)
Researchers Monday suspected the Chinese espionage group Spiral of two intrusions in 2020 to a SolarWinds Orion server that were linked to each other but not to the infamous SolarWinds attack attributed to Russia.
FireEye CEO: Reckless Microsoft Hack Unusual for China (SecurityWeek, Mar 09 2021)
Cyber sleuths have already blamed China for a hack that exposed tens of thousands of servers running its Exchange email program to potential hacks.
Alleged Hacker Who Broke Into AI Surveillance Company Raided By Police (VICE, Mar 12 2021)
Kottman previously shared videos and images taken from cameras made by surveillance manufacturer Verkada. Kottman shared a list of Verkada users with Motherboard. 24,000 unique entities included K-12 schools, seemingly private residences marked as “condos,” shopping malls, credit unions, multiple universities across America and Canada, pharmaceutical companies, marketing agencies, pubs and bars, breweries, a Salvation Army center, churches, the Professional Golfers Association, museums, a newspaper’s office, airports, and more.
Microsoft Adopted an ‘Aggressive’ Strategy for Sharing SolarWinds Attack Intel (Dark Reading, Mar 05 2021)
Only 12% of enterprises have fully embraced SASE (Help Net Security, Mar 08 2021)
The survey also found that two-thirds (67%) of respondents report confidence in their understanding of the comprehensive SASE framework. However, one quarter of organizations (26%) do not embrace the SASE philosophy at all (nor do they have immediate plans to), while just over one-third (35%) currently embrace it in less than half of their technology stack.
It’s Open Season for Microsoft Exchange Server Hacks (Wired, Mar 10 2021)
A patch for the vulnerabilities China exploited has been released. Now, criminal groups are going to reverse engineer it—if they haven’t already.
Critics fume after Github removes exploit code for Exchange vulnerabilities (Ars Technica, Mar 11 2021)
Microsoft-owned Github pulls down proof-of-concept code posted by researcher.
Molson Coors Beer Operations Halted by Hack (Dark Reading, Mar 11 2021)
No details yet disclosed on the cyberattack.