A Review of the Best News of the Week on Cyber Threats & Defense

Microsoft Reports ‘DearCry’ Ransomware Targeting Exchange Servers (Dark Reading:, Mar 12 2021)
Attackers have begun to deploy ransomware on Microsoft Exchange Servers compromised by the ProxyLogon exploits.

New Side-Channel Attack Targets Intel CPU Ring Interconnect (SecurityWeek, Mar 08 2021)
A team of researchers from the University of Illinois at Urbana-Champaign has published a paper detailing a new side-channel attack method that can be launched against devices with Intel CPUs.

Google Releases PoC Exploit for Browser-Based Spectre Attack (SecurityWeek, Mar 15 2021)
Google last week announced the release of proof-of-concept (PoC) code designed to exploit the notorious Spectre vulnerability and leak information from web browsers.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Google Chrome users take at least one month to update, as zero-days lurk (SC Media, Mar 08 2021)
And starting January 2020, Microsoft’s Edge browser became based on Chromium. Developing an exploit for Chrome now gives the attackers a much larger attack surface to go after.

Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild (SecurityWeek, Mar 09 2021)
A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns.

Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github (VICE US – Motherboard, Mar 11 2021)
Microsoft-owned Github quickly deleted the code, which exploited vulnerabilities apparently used by Chinese hackers to break into a series of companies.

Metadata Left in Security Agency PDFs (Schneier on Security, Mar 12 2021)
“Really interesting research:

“Exploitation and Sanitization of Hidden Data in PDF Files”

Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization.”

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak (Help Net Security, Mar 15 2021)
Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early March. While the initial attacks were attributed by Microsoft to a threat actor dubbed Hafnium, believed to be a state-sponsored group that operates from China, the same exploits were subsequently used by at least 10 APT groups – mostly for data theft, espionage, and for covert crypto-mining.

Ransomware Gang Fully Doxes Bank Employees in Extortion Attempt (VICE US – Motherboard, Mar 08 2021)
Hackers posted the alleged names, social security numbers, and home addresses of several Flagstar Bank workers.

New malware tied to China targets Linux endpoints and servers (SC Media, Mar 10 2021)
The malware, called RedXOR because it was compiled on Red Hat Enterprise Linux and uses a network data encoding scheme based on XOR, creates a backdoor in systems that gives an attacker near full control over infected machines.

Apple Patches Remote Code Execution Bug in WebKit (SecurityWeek, Mar 09 2021)
Apple on Monday released patches for a vulnerability in WebKit that could allow attackers to execute code remotely on affected devices.

Rise in remote work leads to increase in IT security gaps (Help Net Security, Mar 12 2021)
Companies have not done enough to prevent heightened security risk in light of remote working, according to Lynx Software. In fact, 36% have been, or know someone who has been, impacted by a cybersecurity attack since the start of COVID-19.

Three flaws that sat in Linux kernel since 2006 could deliver root privileges to attackers (SC Media, Mar 12 2021)
Three recently unearthed vulnerabilities in the Linux kernel, located in the iSCSI module used for accessing shared data storage facilities, could allow root privileges to anyone with a user account.

Mac Malware ‘XCSSET’ Adapted for Devices With M1 Chips (SecurityWeek, Mar 12 2021)
An increasing number of Mac malware developers have started creating variants that are specifically designed to run on devices powered by Apple’s M1 chip.

With Spectre Still Lurking, Google Looks to Protect the Web (Security Latest, Mar 12 2021)
To show how browsers can guard against the speculative execution bug, Google security researchers have shown how an attack would work.

Security Analysis of Apple’s “Find My…” Protocol (Schneier on Security, Mar 15 2021)
“Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“:

Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet.”