A Review of the Best News of the Week on Cyber Threats & Defense

MITRE Adds MacOS, More Data Types to ATT&CK Framework (Dark Reading, Apr 30 2021)
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.

Tesla Car Hacked Remotely From Drone via Zero-Click Exploit (SecurityWeek, May 03 2021)
Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone.

Inside One of the Biggest Apple Device Hacks Ever (VICE, Apr 30 2021)
On the latest CYBER we talk about wow hackers exploited a MacOs bug.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

48 recommendations for a global fight against ransomware (Help Net Security, Apr 29 2021)
The Institute for Security and Technology’s Ransomware Task Force (RTF) has released a comprehensive strategic framework to help worldwide organizations fight against ransomware and will be delivering it to the U.S. President’s team. The 81-pages-long report includes an overview of the ransomware threat, its impact, how the cyber insurance and the rise of cryptocurrencies influenced its proliferation…

Q1 2021 ransomware trends: Most attacks involved threat to leak stolen data (Help Net Security, Apr 29 2021)
The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal. The stolen data has likely been held by multiple parties and not secured, and victimized organizations can’t be sure that it has been destroyed and not traded, sold, misplaced, or held for a future extortion attempt, they explained.

NSA Issues Guidance on Securing IT-OT Connectivity (SecurityWeek, May 03 2021)
The U.S. National Security Agency (NSA) last week released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly in terms of connectivity to IT systems.

US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks (Dark Reading, Apr 26 2021)
Actors working for Moscow’s Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.

Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat (Dark Reading, Apr 28 2021)
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.

Microsoft SharePoint vulnerability and China Chopper web shell used in ransomware attacks (SC Media, Apr 27 2021)
Researchers reported that to ignite a ransomware payload, the attackers abuse a Cobalt Strike beacon. The researchers believe the China Chopper web shell was used in a likely attempt to circumvent detection with known samples.

FBI/DHS Issue Guidance for Network Defenders to Mitigate Russian Gov Hacking (SecurityWeek, Apr 27 2021)
The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service (SVR) via the cyber actor known as APT 29 (aka the Dukes, Cozy Bear, Yttrium and CozyDuke).

How to Secure Employees’ Home Wi-Fi Networks (Dark Reading, Apr 28 2021)
Businesses must ensure their remote workers’ Wi-Fi networks don’t risk exposing business data or secrets due to fixable vulnerabilities.

Chinese Cyberspies Target Military Organizations in Asia With New Malware (SecurityWeek, Apr 29 2021)
A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday.

Adobe Open Sources Tool for Anomaly Research (Dark Reading, Apr 29 2021)
The One-Stop Anomaly Shop (OSAS) project packages machine-learning algorithms into a Docker container for finding anomalies in security log data.

58% of orgs predict remote workers will expose them to data breach risk (Help Net Security, May 02 2021)
35% of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey conducted by Apricorn. This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15%) and their technology does not support secure mobile/remote working …

Researchers develop program that helps assess encryption systems’ vulnerabilities (Help Net Security, Apr 30 2021)
Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. The algorithm was also implemented in a program, which can be used to find vulnerabilities in ciphers.

BIND Vulnerabilities Expose DNS Servers to Remote Attacks (SecurityWeek, Apr 30 2021)
The Internet Systems Consortium (ISC) has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service (DoS) attacks and one possibly even for remote code execution.