This Week In Cybersecurity

This week on Between the Hacks, new social media phishing campaigns, Microsoft reports of ZeroLogon attacks, a sports official data breach, and the EFF releases a new tool.

Microsoft Security Intelligence Warns of Active ZeroLogon attacks

Earlier this week Microsoft tweeted that they are actively tracking threat actor activity that is exploiting the ZeroLogon vulnerability in Windows serve. Microsoft stated, “We strongly recommend customers to immediately apply security updates.”

“Microsoft released a patch for the vulnerability in August, but it is not uncommon for businesses to delay deploying updates for days or weeks while testing to ensure the fixes do not interfere with or disrupt specific applications and software” reported Brian Krebs.

In addition to Microsoft’s warning, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) issued an emergency directive on September 18th that required all federal agencies to patch the vulnerability and report status by September 21st. While the directive applied to Executive Branch departments and agencies, CISA strongly recommended, “state and local governments, the private sector, and others patch this critical vulnerability as soon as possible.”

Sports Referee Data Breach

“ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues, said it fended off a ransomware attack in July this year” according to ZDNet.

While the ransomware was detected and stopped, unfortunately, the the attackers were able to steal a copy of the company’s data backups which included sensitive data about the users of the software such as account usernames and passwords, names, addresses, email addresses, dates of birth, and Social Security Numbers reports Graham Cluley.

Since the attackers had the sensitive data they demanded a ransom even though the ransomware attempt failed. ArbiterSports paid the ransom and "obtained confirmation that the unauthorized party deleted the files” However, it is certainly possible that the attackers made a copy of that data.

Tip of the Week

“YAYA”, a New Threat Hunting Tool From EFF Threat Lab

This week the EFF Threat Lab released a new, open source Linux tool called YAYA. The EFF Threat Lab describes this tool as follows.

‘At the EFF Threat Lab we spend a lot of time hunting for malware that targets vulnerable populations, but we also spend time trying to classify malware samples that we have come across. One of the tools we use for this is YARA. YARA is described as “The Pattern Matching Swiss Knife for Malware Researchers.” Put simply, YARA is a program that lets you create descriptions of malware (YARA rules) and scan files or processes with them to see if they match.

Managing a ton of YARA rules in different repositories, plus your own sets of rules, can be a headache, so we decided to create a tool to help us manage our YARA rules and run scans. Today we are presenting this open source tool free to the public: YAYA, or Yet Another YARA Automation.” - https://www.eff.org/deeplinks/2020/09/introducing-yaya-new-threat-hunting-tool-eff-threat-lab

While we try to keep our writings at a level where most computer users can understand what we’re talking about, this week’s tip is quite a bit more technical than most. But for the malware researchers and threat hunters out there, this could be very useful.

Picture of the Week