A Review of the Best News of the Week on Cyber Threats & Defense

Detection capabilities improve, but ransomware surges on (Help Net Security, Apr 14 2021)
A FireEye report outlines critical details on trending attacker techniques and malware, the proliferation of multifaceted extortion and ransomware, preparing for expected UNC2452 / SUNBURST copycat threat actors, growing insider threats, plus pandemic and industry targeting trends. Global median dwell time drops below one month for first time

CISA Urges Caution for Security Researchers Targeted in Attack Campaign (Dark Reading, Apr 14 2021)
The agency urges researchers to take precautions amid an ongoing targeted threat campaign.

NSA Discloses Vulnerabilities in Microsoft Exchange (Schneier on Security, Apr 16 2021)
Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Compromised Microsoft Exchange Server Used to Host Cryptominer (Dark Reading, Apr 13 2021)
Researchers say an unknown attacker is targeting vulnerable Exchange Servers with a payload hosted on a compromised Exchange Server.

NSA Alerted Microsoft to New Exchange Server Vulnerabilities (Dark Reading, Apr 13 2021)
Microsoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day.

Microsoft Warns of Malware Delivery via Google URLs (Dark Reading, Apr 12 2021)
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.

New DNS vulnerabilities have the potential to impact millions of devices (Help Net Security, Apr 13 2021)
Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET and NetX – which are commonly present in well-known IT software and popular IoT/OT firmware and have the potential to impact millions of IoT devices around the world.

Ransomware’s evolving tools and technical tactics confuse forensic analysis (SC Media, Apr 12 2021)
Adversaries attempt to gain an upper hand by compromising the Active Directory, encrypting VM environments, and abusing Rclone.

Capcom Says Older VPN Device at Heart of Ransomware Attack (SecurityWeek, Apr 14 2021)
Japanese video game giant Capcom revealed on Tuesday that, as part of the November 2020 ransomware attack, adversaries targeted an older backup VPN device for initial access.

‘Counter Strike’ Bug Allows Hackers to Take Over a PC With a Steam Invite (VICE, Apr 13 2021)
A security researcher found a “critical” bug in Valve’s game engine that powers the popular online game. And the company has been slow to fix it.

Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched (SecurityWeek, Apr 15 2021)
A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project. This is the second Chromium proof-of-concept (PoC) exploit released this week.

6 Tips for Managing Operational Risk in a Downturn (Dark Reading, Apr 15 2021)
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.

Trickbot Actors Target Slack and BaseCamp Users (Infosecurity Magazine, Apr 16 2021)
Customized scam messages designed to deploy malware loader

Securing APIs: Empowering Security (Securosis, Apr 15 2021)
As discussed in Application Architecture Disrupted, macro changes including the migration to cloud disrupting the tech stack, application design patterns bringing microservices to the forefront, and DevOps changing dev/release practices dramatically impact building and deploying applications. In this environment, the focus turns to APIs as the fabric that weaves together modern applications.

COVID-19-themed cyberattack detections continue to surge (Help Net Security, Apr 19 2021)
McAfee released its new report, examining cybercriminal activity related to malware and the evolution of cyber threats in the third and fourth quarters of 2020. In Q4, there was an average of 648 threats per minute, an increase of 60 threats per minute (10%) over Q3.

Bad bot traffic reaching an all-time high over the past year (Help Net Security, Apr 18 2021)
In 2020, Imperva saw the highest percentage of bad bot traffic (25.6%) since 2014, while traffic from humans fell by 5.7%. More than 40% of all web traffic requests originated from a bot last year, suggesting the growing scale and widespread impact of bots in daily life. Advanced Persistent Bots remained the majority of bad bot traffic over the past year, amounting to 57.1%.

US Issues Russian SVR Warning (Infosecurity Magazine, Apr 16 2021)
America urges organizations to patch five vulnerabilities being exploited by Russia’s Foreign Intelligence Service

FCC to Focus Efforts on 5G, Software and Cloud Service Vulnerabilities (SecurityWeek, Apr 19 2021)
Former Chairman of the Federal Communications Commission (FCC), Ajit Pai, resigned on the day of President Biden’s inauguration. He was replaced by Acting Chairwoman Jessica Rosenworcel, who last month delivered her first major action by fining Texas based telemarketers a record $225 million.

Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks (SecurityWeek, Apr 16 2021)
Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer.