A Review of the Best News of the Week on Cyber Threats & Defense

Colonial Pipeline Struggles to Restart After Ransomware Attack (SecurityWeek, May 09 2021)
Operators of the Colonial Pipeline are struggling to get fuel flowing at normal capacity after a cyberattack forced a shutdown of distribution system, the largest refined products pipeline in the United States.

Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time (VICE, May 10 2021)
“Our goal is to make money, and not creating problems for society,” the statement continues.

FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity (Dark Reading, May 07 2021)
The report provides additional details on tactics of Russia’s Foreign Intelligence Service following public attribution of the group to last year’s SolarWinds attack.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

New Variant of Buer Malware Loader Written in Rust to Evade Detection (SecurityWeek, May 04 2021)
A new variant of the Buer malware loader has been detected, written in Rust. The original version is written in C. Rust is efficient, easy-to-use, and an increasingly popular programming language – Microsoft uses it, and joined the Rust Foundation in February 2021.

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack (Dark Reading, May 04 2021)
Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.

U.S. Organizations Targeted by New Cybercrime Group With Sophisticated Malware (SecurityWeek, May 05 2021)
A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries using several new pieces of malware, FireEye reported on Tuesday.

How North Korean APT Kimsuky Is Evolving Its Tactics (Dark Reading, May 07 2021)
Researchers find differences in Kimsuky’s operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.

New Spectre-Like Attacks (Schneier on Security, May 05 2021)
“There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago.


The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process…”

Panda Stealer Targets Crypto Wallets (Infosecurity Magazine, May 05 2021)
Crypto wallets and Discord credentials among targets of new information stealer

Researchers Explore Active Directory Attack Vectors (Dark Reading, May 03 2021)
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.

A New Resource for API Security Best Practices (Cloud Security Alliance, Apr 30 2021)
The applicative infrastructure is becoming more and more complex due to different requirements, design patterns, and technologies. In many of these cases, one of those requirements is to connect other parties to systems, and in other cases, to connect systems to other parties. Nowadays, the most common connection method is to use Application Programming Interfaces (APIs).

Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security (Dark Reading, May 06 2021)
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.

Attackers Seek New Strategies to Improve Macros’ Effectiveness (Dark Reading, May 05 2021)
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.

Defending Against Web Scraping Attacks (Dark Reading, May 07 2021)
Web scraping attacks, like Facebook’s recent data leak, can easily lead to more significant breaches.

Exploiting common URL redirection methods to create effective phishing attacks (Help Net Security, May 10 2021)
“Simple” can often be harder than “complex.” When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as the part causing the trouble. However, URL forwarding is one method that is often abused by cybercriminals to create multi-layered phishing attacks. Why? The short answer is in three E’s: easy, evasive, and elusive (to the eye).

Ransomware Gangs Get More Aggressive Against Law Enforcement (SecurityWeek, May 10 2021)
Police Chief Will Cunningham came to work four years ago to find that his six-officer department was the victim of a crime.

Hackers had taken advantage of a weak password to break in and encrypt the files of the department in Roxana, a small town in Illinois near St. Louis, and were demanding $6,000 of bitcoin.

Cyberattack on US Pipeline is Linked to Criminal Gang (SecurityWeek, May 10 2021)
The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation said Sunday.