SolarWinds breach updates. Microsoft sinkholes Sunburst’s C&C domain. Facebook takes down inauthentic networks targeting Africa.

the near future: the latest about the next few months.

Acronis predicts 2021 will be the ‘year of extortion’ (ITWire) The latest Cyberthreats Report from cyber protection powerhouse Acronis says that 2021 will see remote workers and managed service providers targeted by cyberattackers, with data exfiltration to outpace data encryption.

Think before you click! New cyberthreat assessment published (Canadian Lawyer) Canadian Centre for Cybersecurity provides new analysis and forecasts on threats to Canadians

3 Things Cyber Resiliency Clients Will Be Asking for in 2021 (Solutions Review) As we prepare to head into a…

Cyber secure habits for 2021 (AwareGO) Don’t let the name fool you – there is nothing dirty about 52 shades of cybersecurity. Cyber secure habits will help you get your data hygiene in order.

Survey: Retail Industry Ramps Up Cybersecurity for 2020 Holiday Season (Tripwire) 78% of cybersecurity pros take additional safeguards this yea

Holiday Cybercrime: Krampus is in Town (Digital Shadows) For the average consumer, Black Friday and holiday shopping look different in 2020. In previous years, we would physically make our way to a store, hoping to score serious product discounts. Some of us (ahem, Rick Holland) make a point to save money throughout the year to splurge on bleeding-edge tech merchandise during Black Friday and Cyber Monday.

How to Defeat Holiday Cyber Security Threats in 2020 (Restore Privacy) Most people love the holiday season. That includes cybercriminals, who see it as an ideal time to make money. Thanks to the pandemic, people are doing more of their holiday activities online. Hackers, scammers, and other online criminals expect to make a killing — but we don’t have to make things easy for them. There’s […]

Cyber Attacks, Threats, and Vulnerabilities

Suspected Russian Cyberattack Began With Ubiquitous Software Company (Wall Street Journal) SolarWinds provides the tools many companies use to manage their computer networks. That’s what made the hack of U.S. government agencies and some of America’s biggest corporations so pernicious.

Giant U.S. Computer Security Breach Exploited Very Common Software (Scientific American) A cybersecurity expert explains how hackers used SolarWinds to steal information from government and industry organizations

US agencies, companies secure networks after huge hack (AP NEWS) U.S. government agencies and private companies rushed Monday to secure their computer networks following the disclosure of a sophisticated and long-running cyber-espionage…

Pentagon, State Department among agencies hacked: report (TheHill) Branches of the Department of Defense and the State Department were among the agencies hacked as part of a massive espionage attack aimed at the federal government by a nation state that came to light this week.&nbs

The Scope of the Latest Russian Hack on the U.S. Is Growing (Intelligencer) The Pentagon, State Department, and more was comprised, which the authorities were reportedly not aware of for months.

SolarWinds Hack Could Affect 18K Customers (KrebsOnSecurity) The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name…

Feds Still Trying to Determine How Screwed They Are After Massive SolarWinds Hack (Gizmodo) A cyberattack that began by targeting an IT firm used by numerous federal government agencies, Fortune 500 companies, and other high-value targets is shaping up to be a historic event.

The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it. (Washington Post) When Russian hackers first slipped their digital Trojan horses into federal government computer systems, probably sometime in the spring, they sat dormant for days, doing nothing but hiding. Then the malicious code sprang into action and began communicating with the outside world.

Foreign hackers pull off successful attack despite Cyber Command’s ‘defend forward’ strategy (Washington Examiner) The U.S. government was successfully hit this year as part of a massive global cyberespionage operation, despite the National Security Agency and U.S. Cyber Command ramping up their “defend forward” strategy in recent years and going on offense around the world.

SolarWinds attack explained: And why it was so hard to detect (CSO Online) A group believed to be Russia’s Cozy Bear gained access to government and other systems through a compromised update to SolarWinds’ Orion software. Most organizations aren’t prepared for this sort of software supply chain attack.

Hackers used SolarWinds’ dominance against it in sprawling spy campaign (Reuters) On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm.

Hackers Used Obscure Texas IT Vendor to Attack U.S. Agencies (Bloomberg) Attackers inserted vulnerability into SolarWinds’ software. As many as 18,000 customers may have installed malicious code.

Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank (SecurityWeek) The threat actor behind the SolarWinds hack targeted a US think tank earlier this year and it used a clever trick to bypass MFA and access emails.

SolarWinds hides list of high-profile customers after devastating hack (The Verge) Whoops.

Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny (CRN) Microsoft has become ensnared in probes surrounding the colossal U.S. government hack, with media reports and company messages focusing on Office 365, Azure Active Directory and a key domain name.

Scope of SolarWinds hack grows as Microsoft moves to protect customers (SiliconANGLE) Scope of SolarWinds hack grows as Microsoft moves to protect customers – SiliconANGLE

Hacking Spree by Suspected Russians Included U.S. Think Tank (Bloomberg) Cybersecurity firm Volexity found same malicious vulnerability. Primary goal of think tank attack was to obtain emails.

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication (Schneier on Security) This is interesting:

The SolarWinds attack and the limits of cyber hygiene (SC Media) The U.S. Treasury Department was part of a massive supply chain attack on the SolarWinds IT management platform by Russia’s APT 29 group. Today’s

Devastating SolarWinds Compromise Makes the Case for: Microsegmentation, Virtual Airgaps and Secure Overlay Fabrics (Tempered) The compromise of ubiquitous network management software from SolarWinds is the most recent reminder of how vulnerable existing networks still can be.

People affiliated with French military used Facebook to meddle in Africa (Washington Post) It’s the first time Facebook has identified people affiliated with a Western government for sanction

Removing Coordinated Inauthentic Behavior from France and Russia (About Facebook) We removed three separate networks of accounts originating in France and Russia that targeted multiple countries in North Africa and the Middle East.

French and Russian Influence Operations Go Head to Head Targeting Audiences in Africa (Graphika) French and Russian Influence Operations Go Head to Head Targeting Audiences in Africa

Revisiting APT1 IoCs with DNS and Subdomain Intelligence (CircleID) Cyber espionage is a type of cyber attack that aims to steal sensitive and often classified information to gain an advantage over a company or government. The 2020 Data Breach Investigations Report (DBIR) revealed that several hundreds of incidents across industries in the previous year were motivated by espionage.

‘PGMiner’ Crypto-Mining Botnet Abuses PostgreSQL for Distribution (SecurityWeek) The PGMiner Linux-based cryptocurrency mining botnet uses PostgreSQL for distribution.

Hackers are Bypassing Transport Layers and Depositing Spam via IMAP (Vade Secure) Vade Secure has detected a wave of spam emails that are being directly deposited into mailboxes without passing through transport layers.

Vendors Respond to Method for Disabling Their Antivirus Products via Safe Mode (SecurityWeek) Microsoft and several vendors have issued a response after a researcher showed that their antivirus products can be disabled remotely using a method that involves the Windows Safe Mode.

Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices (SecurityWeek) Three high-severity vulnerabilities in Medtronic MyCareLink Smart 25000 Patient Reader can allow hackers to control implanted cardiac devices.

Medical Imaging Leaks Highlight Unhealthy Security Practices (Dark Reading) More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.

Hack was hard lesson: School counts cost of cyber attack (Newcastle Herald) “These criminals are getting increasingly clever at the way they badge things”

Print security is the remote working cyber risk very few saw coming (ITProPortal) Decision makers are losing confidence in the security of their print infrastructure.

Industrial Cloud Vulnerable to Cyberattacks (EPS News) The cloud and edge computing have come to the industrial world and they’re here to stay. It’s now inevitable.

WAGO Series 750-88x and 750-352 (Update A) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: WAGO
Equipment: 750-88x and 750-352
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION

This updated advisory is a follow-up to the original advisory titled ICSA-20-308-01 WAGO Series 750-88x and 750-352 that was published November 3, 2020, to the ICS webpage on us-cert.gov.

Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems (ZDNet) AIR-FI technique can send stolen data at speeds of up to 100 b/s to Wi-Fi receivers at a distance of a few meters.

channelnews :
Cyber Criminals Boost Profits From Attacks Targeting Old Users
(CRN) In November, money lost to all types of scams rose to $18.7 million, up 20.2pc from the $15.6 million reported in October. Some 22,122 scams were reported in November across Australia, down 16.3pc from the 26,432 reported in October, according to a report by cyber security company Proofpoint. The report found that scammers targeted… Read More

Security Patches, Mitigations, and Software Updates

Vast Majority of OT Devices Affected by Urgent/11 Vulnerabilities Still Unpatched (SecurityWeek) A vast majority of OT devices affected by the Urgent/11 vulnerabilities and many devices affected by an actively exploited CDPwn flaw remain unpatched.

POS Device Makers Push Patches for Vulnerabilities (GovInfo Security) Point-of-sale device manufacturers Verifone and Ingenico have released fixes for flaws in some of their devices after researchers found the vulnerabilities could

2020 through a bug bounty lens (GitLab) We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure.

Identity Theft, Cloud App Exposures, At-Risk Devices and Unauthorized Access Concerns Impacting Organizations, According to Pulse Secure and CyberRisk Alliance (GlobeNewswire) The Cybersecurity Resource Allocation and Efficacy (CRAE) Index reports that spending continued to increase, but cybersecurity efficacy has waned in Q3 compared to previous quarter pandemic business continuity and work-from-home initiatives

DDoS Threat Report 2020 Q3 (Nexusguard) The increase in online gaming attracted attention from attackers, resulting in nearly 77% of cyber attacks targeting online gaming and gambling industries in Q3 2020, according to the Nexusguard Q3 2020 Threat Report.

Cyber-espionage growing problem for APAC region, report finds (Security Brief) Asia-Pacific’s public sector is at the greatest risk for advanced cyber-espionage attacks, while the region is hardest hit globally, according to the new Verizon Cyber-Espionage Report (CER).

The Private Sector Needs a Cybersecurity Transformation (Dark Reading) Cybersecurity must get to the point where it’s equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.

Marketplace

Russian hacks weigh on private equity’s software investments (Reuters via KFGO) Some of the world’s biggest private equity firms, including Blackstone Group Inc, Silver Lake Partners LP and Thoma Bravo LP, own major stakes in the software firms whose shares dived on news that they were breached by …

SolarWinds hack offers a murky upshot for D.C. contractors (Washington Business Journal) The company said the wide-ranging cyber breach on government contractors affected as many as 18,000 clients.

3 Cybersecurity Stocks to Focus On Amid Reports Of Russian Hacking (Nasdaq) Cybersecurity companies are benefiting from the heightening necessity of IT security solutions amid the COVID-19 pandemic-led remote-working and online learning wave. The trend has led to a rally in cyber security stocks so far this year.

Network Perception Announces $2.73 Million in Seed Round Funding (BusinessWire) Network Perception (https://www.network-perception.com), the market leading software solution for cyber- compliance and network security in the electr

Cybersecurity Assessment Firm Outpost24 Raises €19 Million (SecurityWeek) Cybersecurity assessment solutions provider Outpost24 on Monday announced that it has raised SEK 200 million (roughly €19 million / $23 million).

Verisk to Acquire Behavioral Data and Intelligence Leader Jornaya (StreetInsider.com) Verisk (Nasdaq: VRSK), a leading data analytics provider, announced today it has entered into an agreement to acquire Jornaya, a…

API startup Noname Security launches out of stealth in a hot area of security with $25 million in funding and its CEO explains why resisting layoffs despite the pandemic was crucial (Business Insider) Noname’s cofounders served together in the Israeli Defense Forces before starting their company earlier this year to help monitor and secure APIs.

Palo Alto Networks Completes Acquisition of Expanse (PR Newswire) Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today announced it has completed its acquisition of Expanse Inc., a leader in…

Los Altos startup 4iQ merges with Spanish firm to form Constella Intelligence (Silicon Valley Business Journal) Los Altos cybersecurity startup 4iQ Inc. is merging with a Spanish company, Alto Analytics, to form a new entity called Constella Intelligence, the new company announced Tuesday. Terms of the deal weren’t disclosed.

Bastille Awarded Phase 5 Contract from Department of Homeland Security (BusinessWire) Bastille, the leader in enterprise threat detection through software-defined radio (SDR), today announced it has been awarded a Phase 5 Other Transact

Gigamon Channel-First Focus Provides Partners Unparalleled Support as Global Business Landscape Continues to Evolve (Gigamon) Company’s Catalyst Channel Program Broadens Reach Through Strong Leadership, Expanded Ecosystem and New Technology Partners

Inside the implosion of the $35 million startup meant to fix the Democratic Party (Vox) Alloy was once seen as Democrats’ next great hope. But chaos awaited.

SecZetta Adds Ronen Zoran to Board of Advisors (SecZetta) SecZetta announced the appointment of Ronen Zoran to its Board of Advisors. An accomplished corporate executive with decades of experience building and counseling high-growth companies in the security industry, Zoran will advise the SecZetta leadership team on its go-to-market strategy.

Cloudentity Appoints Cybersecurity Veteran Jim Pflaging to Board of Directors (Yahoo) Cloudentity, a cloud-based provider of dynamic fine-grained authorization and governance solutions, today announced the appointment of renowned cybersecurity expert Jim Pflaging to its board of directors. Following its Series A funding round, led by prominent cybersecurity investors ForgePoint Capital and WestWave Capital, Pflaging’s appointment to the board marks another significant milestone.

Cooley Grows New York Office With Ex-Facebook, EDNY Atty (Law360) An experienced trial attorney whose resume boasts major positions at a U.S. attorney’s office and Facebook has just joined Cooley LLP as a partner in the BigLaw firm’s cybersecurity practice.

Products, Services, and Solutions

CodeZero Launches New Digital Identity Card Powered By LISNR Ultrasonic Technology (LISNR) Contactless Authentication. LISNR’s ultrasonic data-over-sound technology enables contactless transactions for merchants, financial service providers and mobility companies.

Trend Micro Announces World’s First Cloud-Native File Storage Security (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today announced the world’s first cloud-native, fully serverless…

SlashNext Protects World’s Leading Brands and Reputations with New 2.0 Real-time Phishing Defense APIs (PR Newswire) SlashNext, the phishing authority and provider of real-time AI phishing defense services, today announced the release of its 2.0 Real-time…

WatchGuard’s New Firewalls Deliver the Power and Protection Organizations Need Today with the Agility to Evolve Tomorrow (WatchGuard Technologies) New high-performance Firebox M Series appliances provide simplified, extensive and flexible security for organizations managing the increased shift to remote workforces

AttackIQ Security Optimization Platform Validates NIST 800-53 Security Controls Against MITRE ATT&CK®, Verifying Effective Compliance and Aligning Preeminent Cybersecurity Frameworks – AttackIQ (AttackIQ) Aligned with the MITRE ATT&CK framework, security teams can now use AttackIQ scenarios to test their controls against NIST 800-53 safely, at scale, and in a production environment.

Breach Detection & Response added to Defendify’s all-in-one cybersecurity platform (Defendify) Today’s cybercrime requires cyber alarm systems to detect, alert, and stop digital criminals in their tracks, making 24/7 detection and response key to a strong cybersecurity posture.

Technologies, Techniques, and Standards

9 best practices to achieve effective cloud security (Security Magazine) While there are several security concerns that cloud users must address in the long run, here are three critical areas that must be given immediate attention, especially now as organizations are planning to scale their remote work setup, and nine best practices organizations must follow to ensure optimal safety of their cloud instances.

Phishing tricks that really work – and how to avoid them (Naked Security) Get inside the mindset of your adversaries to increase your chances of spotting a phish.

Strike a balance: Ensuring secure remote work without hindering productivity (CIO) The expanded remote workforce requires a balanced, secure approach to accessing data, apps, and systems.

Design and Innovation

Here comes the bride: New map matches threat intel to cyberdefenses (CyberScoop) A popular method that organizations lean on to reduce their cybersecurity risks is marrying a popular tool that cyber pros consult when they analyze hacking groups — in a way they think everyone can use.

Apple officially rolls out privacy labels (Security Magazine) Apple has officially rolled out the new privacy labels on its App Store, which allows users to understand the type of data collected by each app.

Academia

Department of Defense funds $1.475 million for cyber institute (University of North Georgia) The University of North Georgia (UNG) and the nation’s other five senior military colleges have received approximately $1.475 million each of federal money to establish cybersecurity institutes as pilot programs on their campuses in fall 2020.

Legislation, Policy, and Regulation

White House National Security Adviser O’Brien Cuts Trip Short to Address SolarWinds Hack (Wall Street Journal) U.S. government activating coordination group to respond to cyber intrusion.

Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks. (Washington Post) The details are still trickling in, but it seems possible that the latest Russian cyberattacks against the Departments of Homeland Security, Treasury and State; the National Institutes of Health; and possibly dozens of companies and departments will turn out to be one of the most important hacking campaigns in history.

Tech Giants Face New Rules in Europe, Backed by Huge Fines (Wall Street Journal) European officials want new powers to oversee internal workings at large tech companies such as Facebook, backed by threats of multibillion-dollar fines, in a bid to expand their role as global tech enforcers.

China is ‘Greatest Threat’ Facing UK as it Seeks to ‘Exploit Pandemic,’ Warns Cyber Spy Agency Chief (Sputnik) Amid the ongoing pandemic that’s laid bare chinks in the UK’s cyber defences, the Government Communications Headquarters (GCHQ) and Ministry of Defence Chiefs spoke…

FCC order to “rip and replace” Chinese 5G gear will confront Biden – Roll Call (Roll Call) Timing of the Federal Communications Commission’s latest effort to rid U.S. wireless networks of equipment from Chinese companies Huawei and ZTE means it will fall to President-elect Joe Biden and Congress to take action.

DOL Stepping Up Cybersecurity Focus (National Association of Plan Advisors) There’s been increasing awareness—and litigation—regarding cyber security and participant accounts—and the Labor Department has taken notice.

At nearly a year old the Space Force joins the Intelligence Community (Federal News Network) The Space Force will be the 18th member of the collection of agencies providing national security information.

House GOP leaders ask Pelosi to remove Swalwell from Intelligence Committee (CNN) House Republicans sent a letter Tuesday to Speaker Nancy Pelosi asking that Democratic Rep. Eric Swalwell of California be removed from the House Intelligence Committee following a report that he had been targeted by a suspected Chinese intelligence operative as part of a broader effort to establish ties with US politicians.

Litigation, Investigation, and Law Enforcement

Microsoft and industry partners seize key domain used in SolarWinds hack (ZDNet) By seizing the domain, Microsoft and its partners hope to identify all victims, but are also preventing attackers from escalating intrusions in currently infected networks.

Exclusive: States close to filing new Google antitrust suit (Politico PRO) The bipartisan case, led by the attorneys general of Colorado and Nebraska, could be filed as soon as Thursday.

First CCPA Settlement Reached in Hanna Andersson Case (The National Law Review) CPW readers are already familiar with the California Consumer Privacy Act (“CCPA”) which took effect this year.  Well, buckle your seatbelts and … bolster your internal security practices as the first settlement under the CCPA has been announced and the area in which it has the greatest impact has nothing to do with the monetary relief provided to the class.

Twitter fined ~$550K over a data breach in Ireland’s first major GDPR decision (TechCrunch) Ireland’s Data Protection Commission (DPC) has issued Twitter with a fine of €450,000 (~$547,000) for failing to promptly declare and properly document a data breach under Europe’s General Data Protection Regulation (GDPR). The decision is noteworthy as it’s the first such cross-b…

Twitter Fined In Europe For Delay In Disclosing Data Breach (MediaPost) Regulators in Europe said Tuesday they have fined Twitter around $546,000 for waiting too long to disclose a data breach that may have affected Android users.

Twitter’s tiny $547K GDPR fine leaves many scratching their heads (Compliance Week) Ireland’s first major decision against a Big Tech company under the GDPR has stirred controversy as the country’s data regulator hit Twitter with an underwhelming €450,000 (U.S. $547,000) fine for a 2018 data breach.

Service NSW data breach affected 80,000 fewer people than first thought (Sydney Morning Herald) Service NSW revealed in September that 186,000 people were affected by a data breach. The true figure is 80,000 less – and about 25,000 people were wrongfully warned their data had been compromised.

Walmart Denies Data Breach In Calif. Motion To Dismiss (Law360) Walmart has urged a California federal judge to toss a proposed class action alleging the retail giant’s lax security practices led to an exposure of customers’ personal data, saying there was no data breach and scoffing at the plaintiff’s claims that he found his information for sale on the so-called dark web.

Defunct Bitcoin Exchange Mt. Gox CEO Fights Class Cert. Bid (Law360) The former CEO of defunct Japanese bitcoin exchange Mt. Gox urged an Illinois federal judge Monday not to certify a class that claims it lost $400 million, saying there’s a “glaring problem” with the claim that cites vague “misrepresentations.”

Comments are closed.