Week in review: Python backdoor attacks, Windows zero-days under attack, crowdsourced pentesting

Here’s an overview of some of last week’s most interesting news and articles:

Government-backed cyber attackers increasingly targeting journalists
Since the start of the year, journalists and news outlets have become preferred targets of government-backed cyber attackers, Google’s Threat Analysis Group (TAG) has noticed.

Windows users under attack via two new RCE zero-days
Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. While waiting for Microsoft to provides fixes, ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws.

Widely available ICS attack tools lower the barrier for attackers
The general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology (OT) networks and industrial control systems (ICS).

Python backdoor attacks and how to prevent them
Python backdoor attacks are increasingly common. Iran, for example, used a MechaFlounder Python backdoor attack against Turkey last year. Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region.

What’s preventing organizations from making pragmatic security decisions?
Like quality, security should be everybody’s job and responsibility, not just the QA/security team’s. One of CISOs’ goals should be to improve security culture across the organization, by raising awareness, educating, consulting, promoting and providing processes and tools.

Password vulnerability at Fortune 1000 companies
Despite often repeated advice of using unique passwords for online accounts – or at least the most critical ones – password reuse continues to be rampant. And, according to breach discovery firm SpyCloud, employees of the Fortune 1000 are just as bad about reusing passwords as the rest of us.

Crowdsourced pentesting is not without its issues
Crowdsourced security isn’t new anymore, having existed in one form or another as a consumable enterprise service since 2013 with the launch of the main crowdsourced platforms (HackerOne, Bugcrowd and Synack). Slowly but surely, these platforms challenged traditional pentesting practices and started to eat away at their market share. Further platforms and competitors have since launched within the crowdsourced space to compete for a part of this growing market share.

2020 cybersecurity risks: Insecure security tools, supply chains, abandonware
Considerable time and money are invested into looking for dangerous vulnerabilities in the most commonly used elements of IT infrastructure. Popular operating systems, networks, utilities and security tools constitute attractive targets for malicious hackers. Here are some lessons we should learn from cybersecurity research in 2019.

Evasive malware increasing, evading signature-based antivirus solutions
Evasive malware has grown to record high levels, with over two-thirds of malware detected by WatchGuard in Q4 2019 evading signature-based antivirus solutions.

Cloud-native security considerations for critical enterprise workloads
Since the advent of the public cloud as a viable alternative to on-premise systems, CIOs and CISOs have been citing security as one of the top concerns when it comes to making the switch. While most of their worries have abated over the years, some remain, fuelled by the number of data leak incidents, mainly arising from misconfiguration.

Four ways to prevent data breaches
When it comes to breaches, there are no big fish, small fish, or hiding spots. Almost every type of organization – including yours – has critical personally identifiable information (PII) stored. Storing PII makes you a target regardless of size, industry, or other variables, and all it takes is one employee thinking a phishing attempt is legitimate. That means everyone’s at risk.

Personal data protection today: We should demand more
The growing number of cybersecurity incidents reported each year – and the fact that many attacks remain unreported for security and PR reasons – can leave even the most experienced security professionals worrying about threats to user data and privacy. And while the abundance of security solutions offered today can be somewhat reassuring, it also makes online security more confusing for IT personnel and end-users alike.

Legal industry at great risk from insider data breaches
A staggering 96% of IT leaders in the legal sector say insider breach risk is a significant concern, according to Egress.

Organizations struggle with patching endpoints against critical vulnerabilities
Less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks, and 81 percent have suffered at least one data breach in the last two years, according to Automox.

How to secure customer data for SaaS success
Recently, some of the biggest names in SaaS have experienced customer support data breaches. With data playing an important role in the success of customer support, companies must ensure information security is top of mind to build relationships and develop trust with customers.

Given the extent of the COVID-19 virus diffusion around the globe and the repercussions it has had on our private and working lives, we have inevitably covered a variety of new threats and security implications related to it:

Hackers try to breach WHO, other COVID-19-fighting orgs
“Elite” hackers have tried – and failed – to breach computer systems and networks of the World Health Organization (WHO) earlier this month, Reuters reported.

No, Corona Antivirus can’t fight COVID-19
COVID-19-themed scams are exploding both online and offline. Hijacked Twitter accounts peddling fake cures, scammy sites offering emergency supplies, misinformation campaigns, phishing emails and – can you believe it? – even a computer antivirus solution that protects against COVID-19! What will online scammers think of next?

Top priorities for business leaders during COVID-19 crisis
88% of organizations have encouraged or required employees to work from home, regardless of whether or not they showed coronavirus-related symptoms, according to a Gartner survey of 800 global HR executives.

Five steps to maintain business continuity during the coronavirus pandemic
A five-phase strategic and systematic approach to strengthen the resilience of organizations’ current business models is key to business continuity during the coronavirus pandemic, according to Gartner.

Social isolation is a risk factor for scam loss
The coronavirus crisis is forcing people to distance themselves from others, work remotely, and spend time indoors and online. While social distancing is a good health practice to reduce the spread of the coronavirus, it may be helping scammers.

Webinar: You don’t get a pass on cybersecurity during a crisis
In this webinar, Mark Sangster discusses how the COVID-19 crisis is affecting businesses and individuals and the need to stay vigilant.

How to protect your online streaming accounts from cybercriminals?
As people around the world are being asked to remain in their homes due to the coronavirus pandemic, many are turning to streaming services such as Netflix, Hulu, Disney+, Spotify, and Apple Music for entertainment, Proofpoint cybersecurity strategist Adenike Cosgrove notes. He also posits that, despite cybercriminals having been compromising users’ streaming services’ accounts for ages, they will now likely increase their efforts.




Share this