A Review of the Best News of the Week on Cyber Threats & Defense

83% of Businesses Hit With a Firmware Attack in Past Two Years (Dark Reading, Mar 31 2021)
A new Microsoft-commissioned report finds less than 30% of organizations allocate security budget toward preventing firmware attacks.

Spotlight: Malware Lead Generation At Scale (Elie on Internet Security and Privacy., Apr 05 2021)
Malware is one of the key threats to online security today, with applications ranging from phishing mailers to ransomware and trojans. We present Spotlight, a large-scale malware lead-generation framework.

Wi-Fi Devices as Physical Object Sensors (Schneier on Security, Apr 05 2021)
“The new 802.11bf standard will turn Wi-Fi devices into object sensors:

In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals.”

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities (Ars Technica, Apr 02 2021)
Exploits allow hackers to log into VPNs and then access other network resources.

Malware Hidden in Call of Duty Cheating Software (Schneier on Security, Apr 02 2021)
Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesn’t mention which forum they were posted on (that certainly would’ve been helpful), it does say that these offerings have popped up a number of times

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain (Dark Reading, Mar 30 2021)
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.

Fileless Malware Detections Soar 900% in 2020 (Infosecurity Magazine, Mar 30 2021)
Attackers continue to look for ways to evade detection

Iranian credential thieves targeting medical researchers (SC Media, Mar 31 2021)
In late 2020, a well-known hacker group believed to be sponsored by the Iranian government started a credential harvesting campaign targeting United States and Israeli medical personnel, according to new research from Proofpoint.

The Often-Overlooked Element of a Hack: Endpoints (SecurityWeek, Mar 31 2021)
It is Vital to Maintain Granular Visibility and Control Over Access Points to Establish Resilience 

North Korean hackers return, target infosec researchers in new operation (Ars Technica, Apr 01 2021)
Google outs the new op two months after shutting down a previous campaign.

NIST Publishes Guide for Securing Hotel Property Management Systems (Dark Reading, Apr 01 2021)
These sensitive systems store guests’ personal data and payment-card information.

SolarWinds breach severity perception increasing over time (Help Net Security, Apr 01 2021)
(ISC)² has published the results of an online survey of 303 cybersecurity professionals from around the globe in which respondents compared their perception of the severity of the SolarWinds Orion software breach between when it was first reported and several weeks later as more information was revealed. Respondents also relayed how the breach has impacted their jobs, recommended changes to organizational security practices and provided lessons learned.

Trustwave Uncovers Vulnerability in Popular Website CMS (Infosecurity Magazine, Apr 02 2021)
Privilege escalation issue found on website CMS Umbraco

CISA and RH-ISAC to Run Cybersecurity Drill (Infosecurity Magazine, Mar 31 2021)
First retail, hospitality, and travel industry–wide cybersecurity exercise announced

Qualys: Breach limited to 3rd-party vendor, but attackers trying to make exposure seem worse (SC Media, Apr 02 2021)
In a detailed update posted on the Qualys website April 2, CISO Ben Carr said that an independent, third-party forensic firm has verified the company’s initial determination that the attack did not jump from Accellion’s file transfer appliance server to Qualys’ larger corporate network.