A Review of the Best News of the Week on Cyber Threats & Defense

This is not a drill: VMware vuln with 9.8 severity rating is under attack (Ars Technica, Jun 04 2021)
Code execution flaw in vCenter is exploited to install web shell on unpatched machines.

How to Protect Your Files From Ransomware (Wired, Jun 06 2021)
It’s a growing threat for individual users and businesses alike—but there are ways to protect yourself.

Ransomware will now get priority treatment at the Justice Department (Ars Technica, Jun 04 2021)
Directive comes as ransomware is exposing the fragility of critical supply chains.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems (SC Media, Jun 03 2021)
Hackers used vulnerabilities in the Pulse Secure VPN to plant web shells on servers in MTA’s environment.

Microsoft 365: Most Common Threat Vectors & Defensive Tips (Dark Reading, Jun 02 2021)
Security pros discuss the most typical ways attackers leverage Microsoft 365 and share their guidance for defenders.

New Barebones Ransomware Strain Surfaces (Dark Reading, Jun 01 2021)
The authors of Epsilon Red have offloaded many tasks that are usually integrated into the ransomware — such as Volume Shadow Copy deletion — to PowerShell scripts.

Cisco Discloses Details of macOS SMB Vulnerabilities (SecurityWeek, Jun 02 2021)
Cisco’s Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system.

Poisoned Installers Found in SolarWinds Hackers Toolkit (SecurityWeek, Jun 01 2021)
The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks.

Malware-related attacks jump by 54% (Help Net Security, Jun 03 2021)
Extensive analysis of cyberthreats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019. Medical institutions ranked first in ransomware attacks, Positive Technologies reports.

Chinese Hackers Using Previously Unknown Backdoor (SecurityWeek, Jun 03 2021)
Newly discovered cyber weapon uses elaborate multi-stage infection-chain to make detection and analysis difficult

REvil Behind JBS Ransomware Attack: FBI (Dark Reading, Jun 03 2021)
Officials attribute the attack to REvil/Sodinokibi and say they are working to bring the threat actors to justice.

Beware of “Ransomware system update” emails! (Help Net Security, Jun 07 2021)
Emails referencing the Colonial Pipeline ransomware attack and looking like they’ve been sent from the corporate IT help desk have been hitting employees’ inboxes and asking them to download and run a “ransomware system update.” “Phishers excel at leveraging current events and other cyber-attacks to create urgency in their communications.

CIS Community Defense Model v2.0 is coming this summer (Help Net Security, Jun 03 2021)
Changes and advances in technology (and changes in workplace circumstances) have prompted a revamp of the CIS Community Defense Model (CDM). Set to go live in a few months, the new and improved CIS CDM v2.0 plays off of the foundational principles that made v1.0 so great!