Cyber Attacks, Threats, and Vulnerabilities
Malwarebytes said it was hacked by the same group who breached SolarWinds (ZDNet) Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike.
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm (The Hacker News) Cybersecurity firm Malwarebytes was breached by SolarWinds hackers to access some of its internal emails
New SolarWinds hack victims emerging every day, as Malwarebytes goes public on breach (Computing) No quick fix to massive hack say security experts as a fourth malware strain is discovered
Internal emails stolen in hack targeting cybersecurity company Malwarebytes (SiliconANGLE) Internal emails stolen in hack targeting cybersecurity company Malwarebytes - SiliconANGLE
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments (Malwarebytes Labs) A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations.
A Chinese hacking group is stealing airline passenger details (ZDNet) Chinese hackers are gathering passenger details from airlines across the world to track high-value targets' movements.
Hundreds of Networks Still Host Devices Infected With VPNFilter Malware (SecurityWeek) Security researchers see 5,447 devices still connecting to a sinkholed VPNFilter C&C domain on a single day.
Radware Research: API Abuse is a Leading Threat; Enterprises are Unprepared for Bot Traffic (Yahoo Finance) Applications Needlessly at Risk for Cyber Attacks Following 2020 Accelerated Cloud Migration
Hacker posts 1.4 million Pixlr user records for free on forum (BleepingComputer) A hacker has leaked 1.4 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.
New Reolink P2P Vulnerabilities Show IoT Security Camera Risks (Nozomi Networks) Nozomi Networks Labs has discovered vulnerabilities in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras – Reolink.
Reolink P2P Cameras (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Reolink
Equipment: P2P protocol
Vulnerabilities: Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could permit unauthorized access to sensitive information.
Dnsmasq by Simon Kelley (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Dnsmasq by Simon Kelley
Equipment: Dnsmasq
Vulnerabilities: Heap-based Buffer Overflow, Insufficient Verification of Data Authenticity, Use of a Broken or Risky Cryptographic Algorithm
Philips Interventional Workstations (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Low skill level to exploit
Vendor: Philips
Equipment: Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum
Vulnerability: OS Command Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability makes it possible for someone within the hospital network to remotely shut down or restart the workstation.
OpenWrt Informs Users of Forum Breach (SecurityWeek) The OpenWrt Project said someone breached its forum over the weekend and downloaded user information.
Texas health system cyber attack exposes patients' personal info: 4 details (Becker's Hospital Review) Abilene, Texas-based Hendrick Health System began notifying patients of a cyberattack that occurred last autumn and may have exposed their personal information.
Security Patches, Mitigations, and Software Updates
Microsoft Taking Additional Steps to Address Zerologon Flaw (Data Breach Today) Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the
Recently Mitigated CVEs (Imperva) Out-of-the-box coverage was recently added for the following list of Common Vulnerabilities and Exposures (CVEs).
Microsoft Enables Automatic Remediation in Defender for Endpoint (SecurityWeek) Defender for Endpoint users who opted into public previews are no longer required to approve remediation for identified threats.
Cyber Trends
The Cybersecurity Pandora’s Box of Remote Work (Sailpoint) The transition to remote work opened a cybersecurity Pandora’s box
Companies Target Workforce Risks in 2021 (Wall Street Journal) Business-risk prognosticators are focused on the future of work—and the challenges that an increasingly remote workforce could continue to pose—in 2021.
Does Work-From-Home Work for Your Company's Cyber Insurance? (The National Law Review) The start of a new year is always a good reminder to take some time to review key areas and assess whether changes are in order. There are many examples of this both personally and professionally, but
Retail and Hospitality Outpaces Other Sectors in Fixing Software Security Vulnerabilities, According to Veracode (Veracode) Findings from Veracode research show sector could improve security with DevSecOps
The Robotic Evolution Bluring the Line Between Man and Machine (EnterpriseTalk) With consumers changing their online usage patterns amid the pandemic, the difference between human and robot evolution behavior is becoming blurred.
Marketplace
SaaS Application Backup Firm Rewind Raises $15 Million (SecurityWeek) The funds will help Rewind continue expanding its backup-as-a-service (BaaS) offering for more business-critical applications.
Veritas acquires HubStor for SaaS data protection (SearchDataBackup) Veritas bought HubStor for its SaaS backup capabilities and its foothold in the enterprise market. HubStor CEO Geoff Bourgeois said the acquisition will allow the HubStor product to reach more enterprise customers.
Softline group acquires majority stake in Embee Software (CRN - India) Read Article Softline Group, a leading global provider of IT solutions and services, acquires Kolkata based Embee Software (“Embee”), one of India’s leading digital transformation service provider and a Microsoft LSP and Cloud solution partner. Softline Group’s Indian operations, led via its subsidiary Softline Services India Pvt Ltd, will strengthen its pan-India presence and capabilities …
Recorded Future scours the web for potential cyberattacks and terrorist activity. Its business is booming (Boston Globe) The Somerville company grew by a record 50 percent in 2020.
Axis Security Named 2021 TAG Cyber Distinguished Vendor (Axis Security) Application Access Cloud is Transforming Enterprise Access for IT Teams, Employees, and Third Parties
Security firms step up presence, services ahead of inauguration (Washington Business Journal) Amid unprecedented federal security surrounding Wednesday’s presidential inauguration, some D.C.-based security firms are also seeing an uptick in interest for their services.
Object Management Group Issues Request for Proposal for Linked Encrypted Transaction Streams Specification (Object Management Group) Press Release: Standardizing, encrypting, and linking transactions for improved business workflows
YouTube extends Trump's suspension for at least another week (CNET) The decision was made "in light of concerns about the ongoing potential for violence."
Verizon Cybertrust’s Longtime Global Security Services Leader, Bryan Sartin, Joins eSentire as Chief Services Officer (BusinessWire) eSentire announces that Bryan Sartin, longtime Global Security Services Leader for Verizon Cybertrust, has joined eSentire as Chief Services Officer.
Cornerstone Defense LLC Announces Ganpat 'Gunner' Wagh as Vice President, Cyber Operations (Herald Mail) Regarding this new opportunity, Mr. Wagh commented, "I feel so fortunate to join the team at Cornerstone. They're an award-winning firm with an exceptional reputation in providing the highest level of technical support to a variety of USG clients in their efforts to protect our great country. I'm excited to help identify growth opportunities in the cyber and digital innovation markets for existing and new customers."
Cisco loses top researcher as Rascagnères moves to Kaspersky (iTWire) The Cisco Talos Intelligence Group has lost one of its better researchers, with Paul Rascagnères moving over to join Kaspersky's Global Threat Research unit this year. Rascagnères, who has been involved in some of the better research posts put out by Talos in the last few years, has been in the...
Products, Services, and Solutions
Anomali Provides Free SolarWinds Sunburst Backdoor Threat Bulletin and Indicators of Compromise (IOCs), Curated Threat Intelligence Helps Any Organization to Detect Related Breaches (Anomali) Custom Threat Intelligence Dashboard Provides Anomali Customers With Immediate Access and Visibility to All Known Sunburst Backdoor IOCs
FireEye Releases New Open Source Tool in Response to SolarWinds Hack (SecurityWeek) FireEye has released an open source tool that checks Microsoft 365 tenants for the use of techniques associated with the SolarWinds hackers.
Major US City Signs Deal with GroupSense for COVID-19 Vaccine Misinformation and Supply Chain Cybersecurity Services (PR Newswire) GroupSense, a digital risk protection services company, today announced it has signed a deal with a major U.S. city to provide its COVID-19...
New Stealthbits Identity-Centric Data Privacy Engine Simplifies and Speeds Compliance with Growing Privacy Regulations (PR Newswire) Stealthbits (now part of Netwrix), a cybersecurity software leader that protects sensitive data and credentials from attackers, today unveiled...
Fime Enables Remote Card & Mobile App Testing with Cloud-based Tool (MyTechMag) Fime has continued its mission to evolve and digitize testing processes with the launch of its fully cloud-based, automated test tool, Global+. The new tool is qualified to validate Level 2 card and mobile applications in line with a wide range of global and domestic schemes.
Rancher Kubernetes Management Now Available on BoxBoat Technologies’ GSA MAS Schedule Contract for Faster Government Procurement (BusinessWire) Rancher Federal's enterprise platform for managed Kubernetes is now available through BoxBoat’s MAS contract with the GSA
Brave becomes first browser to add native support for the IPFS protocol (ZDNet) Brave users will now be able to seamlessly access ipfs:// links.
Object Management Group Announces Kaiko to Expand Financial Instruments Global Identifier® (FIGI®) Standard for Crypto Assets | Object Management Group (Object Management Group) Financial Instruments Global Identifier® (FIGI®) is an open standard for the issuance of unique identifiers that can be assigned to financial instruments including common stock, options, derivatives, futures, corporate and government bonds, municipals, currencies, and mortgage products.
Technologies, Techniques, and Standards
The ROI of Cybersecurity (My TechDecisions) Although investing in cybersecurity doesn't provide immediate returns, it will save your company whole heck of a lot of headaches.
Legislation, Policy, and Regulation
2021 Is the Year the Internet Gets Rewritten (Foreign Policy) As Silicon Valley flails to combat an insurrection at home, Europe is marching ahead with a plan to revise the web’s basic rulebook.
How China Took Western Tech Firms Hostage (Foreign Policy) And what the United States and Europe can do about it.
India asks WhatsApp to withdraw new privacy policy (TechCrunch) India has asked WhatsApp to withdraw the planned change to its privacy policy, posing a new headache to the Facebook-owned service that identifies the South Asian nation as its biggest market by users. In an email to WhatsApp head Will Cathcart, the nation’s IT ministry said the upcoming upda…
Turkey slaps ad ban on Twitter under new social media law (Reuters) Ankara has imposed advertising bans on Twitter, Periscope and Pinterest after they failed to appoint local representatives in Turkey under a new social media law, according to decisions published on Tuesday.
President Trump signs order aimed at thwarting cyber interference (CNET) The order comes on Trump's last full day in office.
Trump seeks to curb foreign cyber meddling on last day in office (Reuters) Outgoing President Donald Trump has signed an executive order aimed at thwarting foreign use of cloud computing products for malicious cyber operations against the United States, the White House said on Tuesday, Trump's last full day in office.
Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic
Text of a Letter to the Speaker of the House of Representatives and the President of the Senate (The White House) Dear Madam Speaker: (Dear Mr. President:) Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emerge
SolarWinds hack blights the Trump administration's cybersecurity record (FCW) The consequences of the SolarWinds Orion hack are far from clear, but analysts and lawmakers say that officials at CISA and NSA made notable strides to improve the government's cybersecurity posture.
New proposed rule requires banks to notify regulators within 36 hours of a cybersecurity incident (Hogan Lovells) On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a...
The big cyber issues Joe Biden will face his first day in office (CyberScoop) Joe Biden has his work cut out for him. Biden will be sworn into office on Jan. 20 with a long list of challenges ranging from the coronavirus pandemic to re-considering America’s place on the world stage. There’s also the fallout from a far-reaching hacking campaign that the U.S. has suggested is the work of the Russian government.
The Cybersecurity 202: Biden nominees entering administration behind on big hack (Washington Post) Nomination hearings for President-elect Joe Biden's top security picks reveal gaps in knowledge about a massive government hack that could slow down the new administration's response plans.
Five ways the Biden administration could impact cyber insurance (PropertyCasualty360) Recent remarks from the soon-to-be president have alluded to a greater government presence in cybersecurity arenas.
Biden's Cabinet picks face cyber questions from Congress as SolarWinds looms large (CyberScoop) President-elect Joe Biden’s choices to take on key cabinet roles outlined their approaches to pressing cybersecurity issues facing the new administration during Senate confirmation hearings on Tuesday.
Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig (CyberScoop) Michael Sulmeyer, a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone, will take the position of senior director for cyber in the Biden White House. Sulmeyer’s selection came with no formal announcement. Instead, the transition website posted his position Monday evening. Sulmeyer is a cybersecurity veteran with broad experience, one of many to join the Biden administration. He’s also one of several whose tenures have included roles in the Trump administration.
DHS Nominee Mayorkas to Make Cybersecurity a Priority if Confirmed (Meritalk) In a Senate Homeland Security Committee hearing, Alejandro Mayorkas, President-elect Joe Biden’s nominee for Secretary of the Department of Homeland Security (DHS), laid out his vision for the nation’s cybersecurity and promised to make it a priority if confirmed.
Sen. Hawley moves to block swift confirmation for Biden’s homeland security pick (Washington Post) Homeland security nominee Alejandro Mayorkas told senators he would carry out President-elect Joe Biden’s immigration overhaul while intensifying efforts to combat domestic extremism, during a hearing Tuesday that highlighted Republican opposition to his confirmation.
Biden Pick for Spy Chief Sees Scant Role in Domestic Extremism Fight (Wall Street Journal) At her confirmation hearing, Avril Haines was cautious about expanding spy agencies’ role in countering threats from domestic extremism, saying the prime responsibility should remain with the FBI and Homeland Security.
Defense nominee favors proactive cyber posture (C4ISRNET) Secretary of defense nominee Lloyd Austin told senators that the DoD needs to continue a proactive and assertive approach to thwart cyber actors.
DHS Claims It Cannot Find Any Records of Communications Between the Agency and WH About Trump’s Firing of Election Security Official Chris Krebs (Law & Crime) DHS officials told government watchdog group American Oversight that they have no records of communications discussing Chris Krebs’ firing with any White House officials.
Litigation, Investigation, and Law Enforcement
Memorandum on Declassification of Certain Materials Related to the FBI’s Crossfire Hurricane Investigation (The White House) MEMORANDUM FOR THE ATTORNEY GENERAL THE DIRECTOR OF NATIONAL INTELLIGENCE THE DIRECTOR OF THE CENTRAL INTELLIGENCE AGENCY SUBJECT: Declassification of C
The Latest: Trump declassifies Crossfire Hurricane material (Washington Post) In his final full day in office, President Donald Trump says he has declassified information related to the FBI’s investigation into ties between Russia and his 2016 presidential campaign
Trump orders further declassification of FBI’s ‘Crossfire Hurricane’ documents (The Washington Times) President Trump on his last night in office ordered the declassification of more documents related to the FBI’s investigation of his campaign in 2016, saying he wants to release the information “to the maximum extent possible.”
Acting Defense secretary says 'no intelligence' indicating insider threat to inauguration (TheHill) Acting Defense Secretary Christopher Miller said Monday that law enforcement officials are vetting National Guard troops stationed in the nation’s capital but that officials have “no intelligence indicating an insider threat” to President-elect Joe Biden’s inauguration this week.
Monitoring of Employees Faces Scrutiny in Europe (Wall Street Journal) German electronics retailer notebooksbilliger.de is the latest company to be fined by European privacy regulators.
EUR114 million in fines have been imposed by European authorities under GDPR (DLA Piper) Over 160,000 data breach notifications have been reported across the 28 European Union Member States plus Norway, Iceland and Liechtenstein since the GDPR came into force on 25th May 2018.
Kogan fined for spamming customers (CRN Australia) ACMA alleges emails were not easy to unsubscribe to.
Guard Llama Drama (Washington Business Journal) Chicago 'Shark Tank' startup goes dark on customers as its founder is charged with drug trafficking