A Review of the Best News of the Week on Cyber Threats & Defense
#RSAC: The Most Dangerous New Attack Techniques (Infosecurity Magazine, May 20 2021)
Annual panel at the RSA Conference identifies a number of areas of concern, including improper session handling and an evolution of ransomware
Vulnerabilities in billions of Wi-Fi devices let hackers bypass firewalls (Ars Technica, May 21 2021)
FragAttacks let hackers inject malicious code or commands into encrypted Wi-Fi traffic.
#RSAC: The Security Risks of Cryptocurrency (Infosecurity Magazine, May 19 2021)
While it’s not likely that cryptocurrency will replace the US dollar as a reserve currency in the short term, RSA Conference session details cryptocurrency security risks and mitigations
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
FBI Issues Conti Ransomware Alert as Attacks Target Healthcare (Dark Reading, May 21 2021)
Officials have identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks.
DarkSide Ransomware Variant Targets Disk Partitions (Dark Reading, May 17 2021)
A newly discovered DarkSide ransomware variant can detect and compromise partitioned hard drives, researchers report.
47% of Criminals Buying Exploits Target Microsoft Products (Dark Reading, May 17 2021)
Researchers examine English- and Russian-language underground exploits to track how exploits are advertised and sold.
Detecting attackers obfuscating their IP address inside AWS (Help Net Security, May 18 2021)
Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials inside AWS. The feature and its exploitation potential “Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define,” AWS explains.
Endpoint security: How to shore up practices for a safer remote enterprise (Help Net Security, May 19 2021)
It’s a long-held belief that enterprise IT teams are overworked. It’s also considered common knowledge that their jobs have only gotten harder in the days since workforces went remote. Unfortunately, steep consequences for network security have surfaced because of the sudden shift to the work-from-home world.
PoC Exploit Released for Wormable Windows Vulnerability (SecurityWeek, May 18 2021)
A researcher has released a proof-of-concept (PoC) exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable.
Security Providers Describe New Solutions (& Growing Threats) at RSAC (Dark Reading, May 20 2021)
Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws (Dark Reading, May 19 2021)
Research underscores the acceleration of attack activity and points to a growing concern that defenders can’t keep pace.
Global Credential Stuffing Attempts Hit 193 Billion in 2020 (Infosecurity Magazine, May 21 2021)
Akamai claims web app attacks also surged to 6.3 billion
#RSAC: Cyber-threat Landscape “the Worst It’s Ever Been” Due to Nation-State Behaviors (Infosecurity Magazine, May 20 2021)
Iran, Russia, North Korea and China are becoming increasingly reckless in their actions
Apple Exec Calls Mac Malware Levels Unacceptable Under Oath (Wired, May 22 2021)
Ireland’s ransomware crisis continues, a Russian scammer gets sentenced, and more of the week’s top security news.