A Review of the Best News of the Week on Cyber Threats & Defense
Kaseya Releases Security Patch as Companies Continue to Recover (Dark Reading, Jul 12 2021)
Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.
New Age Network Detection: Collection and Analysis (Securosis Blog, Jul 06 2021)
“As we get back into the New Age Network Detection series, let’s revisit the first post. We made the case that we’re undergoing technology disruption on a scale and at a velocity that we haven’t seen. Unfortunately, security has failed to keep pace with the attackers. The industry’s response has been to move the goalposts focusing on new shiny tech widgets every couple of years. We summed it up pretty well in the first post.”
CISA Analysis Reveals Successful Attack Techniques of FY 2020 (Dark Reading, Jul 09 2021)
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA’s Risk and Vulnerability Assessments.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
2020 threat landscape: See what evaded perimeter defenses (Help Net Security, Jul 12 2021)
Today’s reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses. It’s relatively easy to take advantage of vulnerabilities on the edge of the network or trick a user into granting access to their device.
Solarwinds Confirms New Zero-Day Flaw Under Attack (SecurityWeek, Jul 12 2021)
Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as “limited, targeted attacks.”
The Unfixed Flaw at the Heart of REvil’s Ransomware Spree (Wired, Jul 08 2021)
Security researchers warned Kaseya about its IT management software in April, but the patches didn’t come fast enough to avert last week’s disaster.
Bitcoin cyber attacks surge following rising demand and increasing price of bitcoin (Help Net Security, Jul 05 2021)
Phishing impersonations and business email compromise (BEC) attacks designed to steal victims’ bitcoin surged by 192% between October 2020 and May 2021, closely following the rising demand and increasing price of bitcoin over the last eight months, according to analysis by Barracuda Networks.
Researchers Learn From Nation-State Attackers’ OpSec Mistakes (Dark Reading, Jul 06 2021)
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.
Emails Offering Kaseya Patches Deliver Malware (SecurityWeek, Jul 08 2021)
IT management software maker Kaseya is still working on patching the vulnerabilities exploited in the recent ransomware attack, but some cybercriminals are sending out emails offering the patches in an effort to distribute their malware.
Mac Malware Used in Attacks Targeting Industrial Organizations in Middle East (SecurityWeek, Jul 08 2021)
A malicious campaign focused on the industrial sector in the Middle East has been expanded to also target Mac computers, security researchers at Kaspersky have discovered.
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry (Dark Reading, Jul 09 2021)
The ElectroRAT Trojan attacker’s success highlights the increasingly sophisticated nature of threats to cryptocurrency exchanges, wallets, brokerages, investing, and other services.
New WildPressure Malware Capable of Targeting Windows and MacOS (Dark Reading, Jul 08 2021)
The Trojan sends information back to the attackers’ servers about the programming language of a target device.
Navigating Active Directory Security: Dangers and Defenses (Dark Reading, Jul 12 2021)
Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data.
Understanding and stopping 5 popular cybersecurity exploitation techniques (Help Net Security, Jul 12 2021)
With more than 550,000 new malware samples being discovered every day, closing the security gaps that enable these cyberthreats to access systems should be a priority for organizations. Unfortunately, many are leaving themselves needlessly exposed to risk.
Morgan Stanley Hit by Accellion Hack Through Third-Party Vendor (SecurityWeek, Jul 08 2021)
Investment banking firm Morgan Stanley has informed the New Hampshire Attorney General that personal information of some customers was compromised through a third-party vendor that was using the Accellion FTA service.
Israel Says It’s Targeting Hamas’ Cryptocurrency Accounts (SecurityWeek, Jul 08 2021)
Israel said Thursday it will begin seizing cryptocurrency accounts used by the Palestinian Hamas group to raise money for its armed wing.
An Office Phone Flaw Can’t Be Fixed by Cisco Alone (Wired, Jul 09 2021)
The company released a patch this week, but security researchers say the root of the problem is beyond its control—and symptomatic of a larger issue.