A Review of the Best News of the Week on Cyber Threats & Defense

Microsoft One-Click Tool Mitigates Exchange Server Attacks (Infosecurity Magazine, Mar 16 2021)
Tool designed for customers without dedicated IT or cybersecurity resource

Exploiting Spectre Over the Internet (Schneier on Security, Mar 18 2021)
“Google has demonstrated exploiting the Spectre CPU attack remotely over the web:

Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector.”

The Peculiar Ransomware Piggybacking Off of China’s Big Hack (Wired, Mar 21 2021)
DearCry is the first attack to use the same Microsoft Exchange vulnerabilities, but its lack of sophistication lessens the threat.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Why Intel Finally Fired Back at Apple’s PC Attack (eWEEK, Mar 19 2021)
This week, Intel finally responded, coming to the PC’s defense and using the same actor that Apple used, focusing this new audience on what makes a PC stand out against the Mac. I can see some logical places where this campaign could go next and even have a more significant impact.

Years-old MS Office, Word flaws most exploited to deliver malware (Help Net Security, Mar 18 2021)
29% of malware captured was previously unknown – due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection, according to a HP report. 88% of malware was delivered by email into users’ inboxes, in many cases having bypassed gateway filters. It took 8.8 days, on average, for threats to become known by hash to antivirus engines – giving hackers over a week’s ‘head-start’ to further their campaigns.

Microsoft antivirus now automatically mitigates Exchange Server vulnerability (SC Media, Mar 19 2021)
Microsoft antivirus tools many users already have installed will now automatically mitigate a critical Exchange Server vulnerability, the lynchpin of several recent campaigns to breach on-premises servers.

Cloudflare introduces Magic WAN with Magic Firewall to protect customers’ networks (Help Net Security, Mar 22 2021)
Cloudflare introduced Magic WAN with Magic Firewall and new strategic partnerships with major networking and data center providers as part of Cloudflare One, its cloud-based network-as-a-service solution. Magic WAN with Magic Firewall gives customers of all sizes a one-stop-shop to connect and secure data, devices, offices, cloud networks, and more without relying on hardware boxes. Magic WAN is a SaaS solution that connects any traffic source to Cloudflare’s global network…

CopperStealer malware infected up to 5,000 hosts per day over first three months of 2021 (SC Media, Mar 19 2021)
The malware stole credentials of users on major platforms including Facebook, Instagram, Apple, Amazon, Bing, Google, PayPal, Tumblr and Twitter.

Google: Sophisticated APT Group Burned 11 Zero-Days in Mass Spying Operation (SecurityWeek, Mar 19 2021)
Google has added new details on a pair of exploit servers used by a sophisticated threat actor to hit users of Windows, iOS and Android devices.

Best Practices for Securing Service Accounts (Dark Reading, Mar 16 2021)
While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.

RDP Attacks Persist Near Record Levels in 2021 (Dark Reading, Mar 17 2021)
A wave of attacks targeting Remote Desktop Protocol has continued throughout the pandemic as more employees continue to work from home.

New phishing campaign targets taxpayer credentials (Help Net Security, Mar 19 2021)
A new phishing campaign is targeting U.S. taxpayers with documents that purport to contain tax-related content, but ultimately deliver NetWire and Remcos malware – two prolific remote access trojans (RATs) which allows attackers to take control of victims’ machines through a new phishing email scheme, Cybereason discovered.

FBI Alert: Pysa Ransomware Targeting Education Sector (Infosecurity Magazine, Mar 18 2021)
Threat actors disable AV before deploying ransomware

The financial impact of cybersecurity vulnerabilities on credit unions (Help Net Security, Mar 22 2021)
Cybersecurity vulnerabilities among credit unions and their vendors create the potential for large financial impacts to the credit union industry, according to a Black Kite report. The research analyzed the cybersecurity posture of 250 NCUA credit unions and 150 vendors commonly used by credit unions.

Firms Urged to Patch as Attackers Exploit Critical F5 Bugs (Infosecurity Magazine, Mar 22 2021)
Full chain exploitation now seen in wild