Cybersecurity Digest #14: 30/11/2020 – 11/12/2020

Cybersecurity News

  • At the end of November VMware announced about a 0-day vulnerability CVE-2020-4006 in its products, detected by NSA specialists. Firstly, the company’s specialists talked about temporary ways to secure from the bug, and at the end of last week they finally released fixes.
  • Former NSS Labs CEO launched CyberRatings.org, a member-based organization that will generate ratings, reports, and analysis on security products and services. He aims to provide a more open and inclusive source of security product assessments that also encompasses the consumer sector.
  • Google has released Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version addresses 8 vulnerabilities that an attacker could exploit to take control of an affected system.
  • Disputed bug in Microsoft Teams posed RCE risk. Microsoft declined to assign a CVE for the vulnerability because the issue was resolved without user interaction through an automated update.
  • Germany, France, Spain and ten other EU countries have joined forces to invest in processors and semiconductor technologies, key to internet-connected devices and data processing, in a push to catch up with the United States and Asia.

Cybersecurity Blog Posts

  • Paul German in his article told about using threat-hunting to anticipate the unknown and explained why waiting for a cyberthreat to make an appearance is far too dangerous.
  • Organizations face an ever-evolving threat landscape. With this in mind, it is imperative that organizations keep an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities that may lead to a breach. Matthew Jerzewski compiled a list of 4 things a good vulnerability management policy should include.
  • Nathan King told about dangers of security vulnerability scoring dependency. The author touched on a subject of the Common Vulnerability Scoring System (CVSS) and explained the difference between vulnerabilities and weaknesses.
  • According to data from a recent report, only 60% of office workers worldwide believe their company is resilient against cyberattacks. Nearly one in four (23%) admit to not knowing, while nearly one in five (18%) flat-out think it isn’t. The main conclusions are described in the article by Justine Kurtz.

Research and analytics

  • A group of scientists from the Carnegie Mellon University has conducted a study of Alexa top-100K websites in order to find out how many of them work with only one DNS provider. The study found that in 2020, 89 % of all websites s critically depend on third-party DNS, CDN, or CA providers i.e., rather than running their own DNS server.
  • Prevasio, a cyber security start-up with a focus in container security, has announced its completion of scanning the 4 million container images hosted at Docker Hub. They found that more than half of the containers turned out have one or more critical vulnerability.
  • Vulnerabilities may stay undetected for 4 years and more before being identified. According to the annual GitHub State of the Octoverse report, the use of open-source projects, components, and libraries has become more prevalent than ever.
  • Check Point Research reported that in November the number of phishing emails written from delivery services increased by 440% compared to October. Europe tops the phishing surge, followed by North America and Asia-Pacific region. DHL is the company most impersonated globally in shipping-related phishing emails (56%) during November, followed by Amazon & FedEx.
  • ESET has published the Cybersecurity Trends 2021 report. The experts look back at some of the key themes that defined the cybersecurity landscape in the year that’s ending and give their takes on what to expect in 2021.
  • Anti-Phishing Working Group (APWG) has published Phishing Activity Trends Report, 3rd Quarter 2020, including over two 200 000 unique phishing websites detected in August and September. According to the report, 80% of phishing sites have SSL encryption enabled to fool victims, more than general SSL deployment – at just 66,8 % of websites.
  • Cybernews specialists have analyzed 15 billion passwords appeared in leaks. According to the report, only 2 billion passwords were determined as unique, most people use less than eight characters, and the passwords are too easy to guess.
  • According to the McAffee report The Hidden Costs of Cybercrime, the cost of global cybercrime reached over $1 trillion or just over 1% of global gross domestic product (GDP) and this figure has increased by more than 50% since 2018.
  • According to Webroot report Covid-19 Clicks, 3 in 10 workers worldwide have clicked a phishing link and 1 in 3 in USA in the past year. Read the report to see the whole story and get actionable tips for how businesses and individuals can stay resilient against phishing attacks.
  • Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT, OT and IT devices that present an immediate risk for organizations worldwide. These vulnerabilities primarily cause memory corruption, allowing attackers to compromise devices, execute malicious code, perform denial-of-service attacks and steal sensitive information.
  • ESET researchers found a previously undocumented backdoor and document stealer, dubbed Crutch by its developers, supposably infamous Turla APT group. Crutch is able to bypass some security layers by abusing legitimate infrastructure – here Dropbox – in order to blend into normal network traffic while exfiltrating stolen documents and receiving commands from its operators.

Major Cyber Incidents

  • An Iranian threat-actor published a video of system. The reservoir’s HMI system was connected directly to the internet, without any security appliance defending it or limiting access to it.
  • Brazilian plane manufacturer Embraer said that it had been targeted by hackers, who obtained the “disclosure of data allegedly attributed to the company.” According to the company, the attack had no significant impact on its activities and led to the isolation of some of its systems, “with a temporary impact on some operations.”
  • Foxconn electronics giant suffered a ransomware attack at a Mexican facility. The DoppelPaymer ransomware published files belonging to Foxconn NA on their ransomware data leak site, attackers demand $34 million ransom. The leaked data includes generic business documents and reports but does not contain any financial information or employee’s personal details.
  • Helicopter maker Kopter has fallen victim to a ransomware attack after hackers breached its internal network and encrypted the company’s files. After Kopter refused to engage with the hackers, the stolen data was published on a blog hosted on the dark web and operated by the LockBit ransomware gang. Files shared on this site include business documents, internal projects, and various aerospace and defense industry standards.