Threats & Defense – The Week’s Best News – 2021.07.05

A Review of the Best News of the Week on Cyber Threats & Defense

CISA Adds Ransomware Module to Cyber Security Evaluation Tool (SecurityWeek, Jul 01 2021)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA).

Ransomware hits hundreds of US companies, security firm says (AP, Jul 02 2021)
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammond’s assessment.

Authorities Take Down DoubleVPN Service for Aiding Cybercriminals (SecurityWeek, Jun 30 2021)
Law enforcement agencies in Europe, the US, and Canada on Tuesday announced the takedown of DoubleVPN, a virtual private network (VPN) service that allegedly helped cybercriminals conduct nefarious activities.


Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Attackers Already Unleashing Malware for Apple macOS M1 Chip (Dark Reading, Jun 30 2021)
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.

Another 0-Day Looms for Many Western Digital Users (Krebs on Security, Jul 02 2021)
Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can’t or won’t upgrade to the latest operating system.

SolarWinds hackers breach new victims, including a Microsoft support agent (Ars Technica, Jun 26 2021)
Discovery came as Microsoft was investigating new breaches by the same hacker group.

Cisco security devices targeted with CVE-2020-3580 PoC exploit (Help Net Security, Jun 29 2021)
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software.

SMB Worm Targeting EternalBlue Vuln Spreads to US (Dark Reading, Jun 30 2021)
“Indexsinas” is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.

CISA Urges Orgs to Disable Windows Print Spooler on Critical Systems (Dark Reading, Jul 01 2021)
Patches Microsoft issued last month not effective against exploits targeting “PrintNightmare” flaw, agency and others say.

Why Are There Never Enough Logs During an Incident Response? (Dark Reading, Jul 01 2021)
Patches Microsoft issued last month not effective against exploits targeting “PrintNightmare” flaw, agency and others say.

Hackers Compromise Mongolian Certificate Authority to Spread Malware (SecurityWeek, Jul 02 2021)
An unknown threat actor has compromised the servers of Mongolian certificate authority (CA) MonPass and abused the organization’s website for malware distribution, according to security researchers at Avast.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn