A Review of the Best News of the Week on Cyber Threats & Defense
Avast, NordVPN Breaches Tied to Phantom User Accounts — Krebs on Security (Krebs on Security, Oct 25 2019)
“Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.”
Skip-2.0 backdoor malware provides ‘magic password’ to access MSSQL accounts (SC Magazine, Oct 21 2019)
Researchers revealed their discovery of what they believe to be the first publicly documented case of a backdoor targeting Microsoft SQL Server (MSSQL) databases – attributing the malware to the threat actor Winnti Group.
Facebook lays out plan to protect elections (WeLiveSecurity, Oct 24 2019)
The social network has also launched a new Facebook Protect feature, which adds an extra layer of security to the accounts of political figures and their staff. The feature includes mandatory two-factor authentication, and accounts using Facebook Protect will be actively monitored for hacking.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Google Boosts Site Isolation in Chrome (SecurityWeek, Oct 21 2019)
Google has improved the Site Isolation feature in Chrome to help defend against more types of attacks.
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money (McAfee, Oct 22 2019)
Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to
Researchers Analyze North Korea-Linked NukeSped RAT (SecurityWeek, Oct 24 2019)
Fortinet security researchers took a deep dive into NukeSped malware samples that share multiple similarities with other malware families used by North Korean threat actors.
Man planted keyloggers in companies’ networks and stole their data (Ars Technica, Oct 24 2019)
Ankur Agarwal admits to stealing secrets the old-fashioned way: with physical trespass.
Microsoft Office Bug Remains Top Malware Delivery Vector (Dark Reading, Oct 25 2019)
CVE-2017-11882 has been attackers’ favorite malware delivery mechanism throughout the second and third quarters of 2019.
PHP RCE flaw actively exploited to pop NGINX servers (Help Net Security, Oct 28 2019)
A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers