A Review of the Best News of the Week on Cyber Threats & Defense
New Age Network Detection: Introduction (Securosis Blog, May 25 2021)
Like the rest of the technology stack, the enterprise network is undergoing a huge transition. With data stores increasingly in the cloud and connectivity to SaaS providers and applications running in Infrastructure as a Service (IaaS) platforms, a likely permanently remote workforce has new networking requirements. Latency and performance continue to be important, but also being able to protect employee devices in all locations…
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances (SC Media, May 28 2021)
FireEye Mandiant, working in in tandem with the Cybersecurity and Infrastructure Security Agency and Ivanti, reported details of 16 malware families exclusively designed to infect Ivanti Pulse Connect Secure VPN appliances, and used by several cyber espionage groups believed to be affiliated with the Chinese government.
The SolarWinds hackers aren’t back—they never went away (Ars Technica, May 30 2021)
A new phishing campaign is less an escalation than a regression to the mean.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
FBI Issues Fortinet Flash Warning (Infosecurity Magazine, May 28 2021)
FBI: APT actors exploiting Fortinet vulnerabilities to gain access for malicious activity
Actively exploited macOS 0-day let hackers take screenshots of infected Macs (Ars Technica, May 24 2021)
Apple patches vulnerability that malware used to bypass macOS privacy protections.
Apple fixes macOS zero-day exploited by malware (CVE-2021-30713) (Help Net Security, May 25 2021)
A zero-day vulnerability (CVE-2021-30713) that allowed XCSSET malware to surreptitiously take screenshots of the victim’s desktop has been fixed by Apple on macOS 11.4 (Big Sur) on Monday.
Vulnerability in VMware product has severity rating of 9.8 out of 10 (Ars Technica, May 25 2021)
Remote code execution flaw in vCenter Server poses “serious” risk to data centers.
Your Network’s Smallest Cracks Are Now Its Biggest Threats (Dark Reading, May 25 2021)
Bad actors have flipped the script by concentrating more on low-risk threats. Here’s how to address the threat and the tactics.
Half-Double: Google Researchers Find New Rowhammer Attack Technique (SecurityWeek, May 26 2021)
A team of researchers from Google has identified a new Rowhammer attack technique that works against recent generations of dynamic random-access memory (DRAM) chips.
As Chips Shrink, Rowhammer Attacks Get Harder to Stop (Wired, May 26 2021)
A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.
New Disk Wiping Malware Targets Israel (Schneier on Security, May 26 2021)
Apostle seems to be a new strain of malware that destroys data.
No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw (Ars Technica, May 26 2021)
WebKit bug that was fixed upstream has yet to find its way into Apple products.
Chinese Phishing Attack Targets High-Profile Uyghurs (Infosecurity Magazine, May 27 2021)
Kaspersky and Check Point team up to reveal latest espionage campaign
SolarWinds Attackers Impersonate USAID in Advanced Email Campaign (Dark Reading, May 28 2021)
Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.
Make sure your laptop backups can handle ransomware (Network World Security, May 31 2021)
With increasingly mobile workforces, it’s important to effectively backup corporate data that resides on laptops, which requires a unique set of features not found in traditional backup systems used for desktops attached to corporate LANs.
US Soldiers Exposed Nuclear Secrets on Digital Flash Ccards (Wired, May 29 2021)
Plus: A major hack in Japan, Citizen app run amok, and more of the week’s top security news.