Security Snacks #7 – SEO ransomware, Vulnerability lifecycle & Stress blamed for email data breaches

By Anna Hammond

November 27, 2020

Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.

Click here to subscribe

This week, Facebook dodged a pretty serious cybersecurity bullet. A couple of reports showed interesting links between stress and email data beaches, as well as the effects of vulnerability disclosure on exploitation and remediation. And a researcher described a relatively novel ransomware attack leveraging SEO.

Read on for details!

Notable Security News

JARM fingerprinting tool helps network defenders identify malicious servers, malware C2 infrastructure

Salesforce released JARM, a TLS fingerprinting tool that has multiple applications. It can determine whether a group of servers have the same TLS configuration, whether they belong to the same cloud provider, and whether they are part of a malware command & control infrastructure. This is helpful to both defenders who want to identify malicious servers, and network engineers who want to verify the consistency of their TLS configuration.

Facebook Messenger bug allowed Android users to spy on each other

Facebook fixed a vulnerability in Facebook Messenger for Android that allowed callers to connect video and audio calls before callees accepted the call. This allowed for spying on people without their knowledge or permission. Natalie Silvanovich who is part of Google’s Project Zero reported the bug through Facebook’s bug bounty program and was rewarded with a $60,000 bounty, reflecting the severity of the bug.

Malware creates scam online stores on top of hacked WordPress sites

 Search Engine Optimization  (SEO) scams are not new, but they might be a new type of ransomware. An Akamai researcher heard of criminals poisoning search engine results for companies, then demanding ransoms to reverse the effects. He shows how such malware works by detailing a real attack against his WordPress honeypot.

The 2020 Outbound Email Data Breach Report Finds growing email volumes and stressed employees are causing rising breach risk

Egress surveyed IT security leaders in the UK and US across different industries on data breach risks related to email use. The findings are interesting: 93% have experienced data breaches via outbound email in the last 12 months, with the most common root cause cited being “an employee being tired or stressed.”, followed by “remote working”. So, phishing training awareness is important, but stress also plays a significant role. The more stressed, the more likely to click on the wrong file or link!

Responsible Exposure and What It Means for the Industry

Kenna Security analyzed 473 vulnerabilities from 2019 looking for links between their public disclosure and exploitation by criminals. Considering the ongoing debate on this topic, their findings are very interesting. For instance, attackers have a 47-day head start in average once an exploit is published. Also, disclosing exploits before a vulnerability is patched makes it harder for security teams to remedy it (even after patch publication!). This shows that publishing exploits isn’t the expected motivator for improving security, and responsible disclosure yields better results.

Other Interesting News

Cybercrime

Vulnerabilities

Reports

Responsible disclosure

Tech

Misc.

Intigriti News

Yesterday it was announced that Intigriti has won the Rising Star award. The Rising Star 2020 by Deloitte ranks the fastest-growing tech companies in Belgium, based on their level of innovation, growth potential and scalability. Read more…

You may also like