A Review of the Best News of the Week on Cyber Threats & Defense

Mysterious Israeli Spyware Vendor’s Windows Zero-Days Caught in the Wild (VICE, Jul 15 2021)
Microsoft and Citizen Lab found a new kind of spyware made by the mysterious Israeli vendor Candiru, and targeting someone in Europe based on their political beliefs.

CISA Issues Emergency Directive to Address ‘PrintNightmare’ Vulnerability (SecurityWeek, Jul 14 2021)
CISA says multiple threat actors are exploiting the Windows ‘PrintNightmare’ vulnerability

UK Spy Agency Releases Annual Threat Report (SecurityWeek, Jul 16 2021)
MI5’s UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Disable the Windows print spooler to prevent hacks, Microsoft tells customers (Ars Technica, Jul 16 2021)
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.

CISA Launches New Website to Aid Ransomware Defenders (Dark Reading, Jul 15 2021)
StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.

Enterprises Altering Their Supply Chain Defenses on Heels of Latest Breaches (Dark Reading, Jul 13 2021)
More than half of enterprises surveyed for Dark Reading’s State of Malware Threats report indicate they are making at least a few changes to their supply chain security defenses following recent attacks on software vendors such as SolarWinds.

The Everyday IT Tools That Can Offer ‘God Mode’ to Hackers (Wired, Jul 12 2021)
Attackers are increasingly attuned to the power and potential of remote management software.

SolarWinds 0-day gave Chinese hackers privileged access to customer servers (Ars Technica, Jul 13 2021)
Hackers IDed as DEV-0322 have a fondness for defense contractors and software-makers.

Why We Need to Raise the Red Flag Against FragAttacks (Dark Reading, Jul 13 2021)
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.

Defeating the Organized Cybercrime Ecosystem (SecurityWeek, Jul 13 2021)
The recent attack against users of the Kaseya VSA platform is yet another example of the increasingly organized dynamic of cybercrime. The days of the lone attacker are long gone; these attacks are now big business with significant reconnaissance. Unofficial reports have identified the REvil ransomware threat actors as being behind this supply chain attack.

CMS interoperability rule enacted: How providers should tackle API security (SC Media, Jul 14 2021)
As CMS developed its interoperability rule, stakeholders raised a number of security concerns posed by APIs. Imperva’s VP shares how providers can keep PHI secure.

Lenovo Working on Patches for BIOS Vulnerabilities Affecting Many Laptops (SecurityWeek, Jul 15 2021)
Lenovo this week published information on three vulnerabilities that impact the BIOS of two of its desktop products and approximately 60 laptop and notebook models.

Hackers got past Windows Hello by tricking a webcam (Ars Technica, Jul 18 2021)
Researchers used infrared photos and third-party hardware to best facial-recognition tech.

Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE (Dark Reading, Jul 15 2021)
At least two government-backed actors — including one Russian group — used the now-patched flaws in separate campaigns, Google says.

57% of reported incidents are caused by insiders (Help Net Security, Jul 16 2021)
Insider data breaches were the top cause of data and cybersecurity incidents reported in the first quarter of 2021, according to the ICO. 57% of reported incidents were caused by insiders, with over 1,000 incidents reported in the first three months of 2021. Misdirected email was behind most of the incidents, with over 400 reports. Phishing was the second-biggest named cause, with over 200 incidents caused by employees falling for malicious emails.

Virginia Tech Says it Was Targeted in 2 Recent Cyberattacks (SecurityWeek, Jul 18 2021)
Virginia Tech says it was targeted in two recent cyberattacks but feels confident no data was stolen.

Facebook: Iranian Hackers Target Military, Aerospace Entities in the US (SecurityWeek, Jul 15 2021)
An Iran-linked hacking group tracked as Tortoiseshell has expanded its list of targets to newer industries and more geographies, according to a new warning from Facebook’s security team.

Chinese Hackers Hid Hacked Data Inside a Donald Trump Picture (VICE, Jul 19 2021)
The US government has indicted four Chinese government hackers for crimes spanning from 2011 to 2018.

Amazon Shuts Down NSO Group Infrastructure (VICE, Jul 19 2021)
The move comes as activist and media organizations publish new findings on the Israeli surveillance vendor.

Google patches Chrome zero‑day vulnerability exploited in the wild (WeLiveSecurity, Jul 16 2021)
The newest update fixes a total of eight vulnerabilities affecting the desktop versions of the popular browser.