Solorigate TTPs unpacked. LuckyBoy malvertising. BEC reconnaissance?

Cyber Attacks, Threats, and Vulnerabilities

Microsoft shares how SolarWinds hackers evaded detection (BleepingComputer) Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies.

Microsoft details how SolarWinds hackers hid their espionage (CyberScoop) Attackers behind an espionage campaign that exploited software built by the federal contractor SolarWinds separated their most prized hacking tool from other malicious code on victim networks to avoid detection, Microsoft said Wednesday.

Microsoft details "incredible effort" to hide by SolarWinds hackers (iTnews) Standout opsec and anti-forensic methods applied.

SolarWinds attack opened up 4 separate paths to an M365 cloud breach (SC Media) The SolarWinds supply-chain attackers leveraged 4 techniques to laterally move from victims’ on-premises networks to M365 on the cloud.

SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics (Dark Reading) Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.

Iranian Cyberattacks on the Rise (Hamodia) Israel has been successfully defending against a mounting number of cyberattacks from Iranian sources, Globes reported on Tuesday. Since early December, Israeli targets in Israel and abroad have been targeted, but most were contained near the outset and no major damage was discovered, according to sources with

BEC Target Selection Using Google Forms (Proofpoint) Over the last week, Proofpoint Threat Research observed attackers using Google Forms to bypass email security content filters based on keywords.

Fake collaboration apps are stealing data as staff struggle with home-working security (ZDNet) Cyber criminals know that working from home can provide them with an easier way into corporate networks - resulting in a rise in attacks targeting remote devices.

Automated prerequisite detection of "DNSpooq" vulnerabilities (VDOO) Enabling security and trust for IoT devices throughout the entire device lifecycle

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users (SecurityWeek) LuckyBoy is described as a multi-stage, tag-based malvertising campaign targeting mobile users across Apple, Google and Microsoft platforms.

4 Intriguing Email Attacks Detected by AI in 2020 (Dark Reading) Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. (Sponsored)

Dridex malicious document analysis: Automating the extraction of payload URLs (teiss) The last three months of 2020 saw a sustained increase in malicious spam distributing Dridex malware.

Suspicious Vaccine-Related Domains Triple (Infosecurity Magazine) Security researchers observe increase in number of shady domain names using the word

Data Foreshadows COVID-19 Vaccine Scams (Bolster Blog) Scammers are readying themselves to profit from fear, uncertainty and the misfortune of others.

Hacker leaks full database of 77 million Nitro PDF user records (BleepingComputer) A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.

Investment fraud via dating apps (Interpol) Experienced fraudsters are taking advantage of a surge in dating app users.

Threats to Asset and Wealth Management in 2020-2021 (Digital Shadows) In recent years, financially-motivated cyber criminals have been increasingly drawn to the realm of asset and wealth management companies (AWM).

You Have A New Message From a Hacker: Malicious Files Infiltrating Business File Transfer Portals (Votiro) In order to conduct business operations efficiently and effectively, organizations need to be able to transfer files to relevant parties. That includes transferring files internally between departments, such as Human Resources sending tax forms completed by a new hire to Finance, or sending and receiving files from external sources and third-parties. Many organizations rely on...

Wayne State Foundation responds to data breach (News Channel Nebraska) The Wayne State Foundation is the latest to announce its data is being compromised by Blackbaud, Inc.

Cyberattack knocks county health department's IT systems offline in northern Washington (Becker's Health IT) Okanogan County (Wash.) Public Health is experiencing computer and phone system downtime after a cyberattack Jan. 18 shut down IT operations across the local government's network, according to Spokane, Wash.-based KREM News.

Shame, suicide and the dodgy loan apps plaguing Google’s Play Store (WIRED UK) Instant loan apps have boomed in India during the pandemic. First they lend people money, then they harass and publicly shame them until they can’t cope anymore

Hack of the net: Cyber criminals targeting football clubs in transfer window (CityAM) Football clubs are especially at risk of attack from cyber criminals during the transfer window, say experts. Here's how and why they do it.

Security Patches, Mitigations, and Software Updates

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps (The Hacker News) Google Project Zero discloses spying flaws in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger

Microsoft Taking Additional Steps to Address Zerologon Flaw (BankInfo Security) Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the

Chrome 88 Drops Flash, Patches Critical Vulnerability (SecurityWeek) The first Chrome release of 2021 also helps users quickly identify weak passwords and take action.

Cyber Trends

The Global Risks Report 2021 (World Economic Forum) The 16th edition of the World Economic Forum’s Global Risks Report analyses the risks from societal fractures—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation.

Digital Fraud Trends Report 2021 (DataVisor) The events of 2020 created no shortage of challenges for fraud teams. With quarantines and lockdowns looming for much of the year, millions of consumers turned to digital channels to purchase items and conduct business, opening up new opportunities for fraudsters.

Q4 2020 KnowBe4 Finds Work From Home-Related Phishing Email Attacks on the Rise (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today revealed the results of its Q4...

Infosec and Data Protection Research Provides New COVID, Cloud, and Compliance Insights for MSPs as 2021 Opens (Infrascale) Research from Infrascale, a cloud-based data protection company that provides industry-leading cloud backup and disaster recovery solutions, reveals new information security (infosec) insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance.

Ransomware Took Heavy Toll on US in 2020: Researchers (SecurityWeek) Ransomware attacks affected at least 113 federal, state and municipal governments, 560 health facilities and 1,681 schools, colleges and universities in 2020

Crypto Crime Summarized: Scams and Darknet Markets Dominated 2020 by Revenue, But Ransomware Is the Bigger Story (Chainalysis) 2020 was an incredible year for cryptocurrency. In spite of the devastation wrought by the worldwide Covid-19 pandemic,

Ransomware accounts for 81% of all financially motivated cyberattacks in 2020 (Atlas VPN) Ransomware is a type of malicious attack where a criminal encrypts sensitive information, which can be regained if ransomware is paid. Looking at the data from last year, it is clear that this type of cyberattack is by far the most common attack vector.

2020: Cybercrime’s Perfect Storm (Council on Foreign Relations) A rare combination of circumstances led to a perfect storm for cybercrime in 2020.

Cybersecurity: Your freight depends on it (FreightWaves) A catastrophic ransomware attack like the one that hit Forward Air is not inevitable. But transportation and logistics companies need to take cybersecurity seriously.

Quarter of Orgs Don’t Offer Cybersecurity Training Due to Lack of Budget (Infosecurity Magazine) 28% of businesses offer no cybersecurity training at all

Africa’s Evolving Cyber Threats (Africa Center for Strategic Studies) Espionage, critical infrastructure sabotage, organized crime, combat innovation—African governments face fast-evolving digital threats.

Marketplace

Cryptocat author gets insanely fast backing to build P2P tech for social media (Yahoo Finance) A day later cryptography researcher, Nadim Kobeissi -- best known for authoring the open-source E2E-encrypted desktop chat app Cryptocat (now discontinued) -- had pulled in a pre-seed investment of $100,000 for his lightweight mesh-networked microservices concept, with support coming from angel investor and former Coinbase CTO Balaji Srinivasan, William J. Pulte and Wamda Capital.

Logicalis: 'We're hot on the heels of acquisitions in the UK' (CRN) VP of global business development reveals to CRN his priorities for the business and its M&A plans

Silicon Valley Takes the Battlespace (The American Prospect) Through an obscure startup named Rebellion Defense, former Google CEO Eric Schmidt attempts to buy his way into the Biden White House.

Parler was rejected by at least 6 large providers to host it after Amazon took it offline (MSN) Parler lacked the resources to host the site itself, its CEO John Matze said. The hardware alone would cost at least $6 million, he added.

Facebook has no plans to lift Trump ban, sources say (NBC News) Facebook has no plans to lift Trump ban, sources say

Social Media Bans Are Really, Actually, Shockingly Common (Wired) Booting Trump didn’t set a precedent. From Yelp to Uber to Airbnb, platforms regularly ban users and content, but too often behind the scenes.

Thycotic Recognized as a 2021 Gartner Peer Insights Customers' Choice for Privileged Access Management in the Large Enterprise, Finance, and North America categories (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions to more than 12,500 organizations worldwide, including 25 of the Fortune...

QinetiQ Inc. Awarded Contract by General Services Administration (PR Newswire) QinetiQ Inc. is pleased to announce that it has been awarded OASIS Pool 3 and Pool 4 unrestricted prime contracts by the General Services...

General Dynamics secures $695m US Army contract (Defence Connect) The prime is set to continue delivering critical mission support to the United States Army in Europe after being awarded a new $695 million contract. General Dynamics Information Technology (GDIT), a

Huawei: Setting new security standards (TahawulTech) Huawei's top-down cybersecurity governance structure supports the success of its business in the Middle East and around the world.

Successful Q4 Marks End of Record Year for Thycotic (PRWire) APAC region leads the way with cloud-based privilege management solutions

SentinelOne Establishes Korean Office to Further Hypergrowth Expansion (BusinessWire) SentinelOne, the autonomous cybersecurity platform company, today announced the opening of a new office location in Seoul, South Korea, to support its

Scoop: Google is investigating the actions of another top AI ethicist (Axios) The inquiry into the actions of Margaret Mitchell follows the ouster last year of Timnit Gebru.

Barmak Meftah Joins Nozomi Networks Board of Directors (Nozomi Networks) Nozomi Networks Inc., the leader in OT and IoT security, today announced that Barmak Meftah has joined Nozomi Networks’ board of directors.

Trend Micro appoints Baker as UK boss (CRN) Former sales director tells CRN what partners can expect from the cybersecurity vendor under his leadership

Kroll Cyber Risk Practice Announces New Hires to Fuel Global Expansion (Duff & Phelps) Kroll global cyber team expands exponentially with a total of 78 new hires with vast experience across multiple industries. Read more

Devo Adds Security Industry Trailblazer Ted Julian to Accelerate Product Innovation (Devo) Former IBM executive and serial entrepreneur joins Devo as it continues to set records for revenue and customer growth, pursuing aggressive goals for 2021 and beyond … Devo Adds Security Industry Trailblazer Ted Julian to Accelerate Product Innovation Read More »

Forcepoint Promotes Sean Berg as it Becomes Independent Entity (ExecutiveBiz) Sean Berg, most recently a senior vice president at Forcepoint

INAP Appoints Warren Greenberg as Vice President of US Sales (INAP) INAP, a global provider of performance-driven, secure enterprise hybrid infrastructure solutions, today announced the appointment of Warren Greenberg as Vice President of US Sales.

Products, Services, and Solutions

Making cyber insurance personal (Insurance Business Magazine) As our lives continue to move online – and cybercrime grows in response – Troy Filipcevic and Jeff Gonlin of Emergence share their insights on the increasing importance of personal cyber insurance

Snort 3 Becomes Generally Available (SecurityWeek) Cisco announces the official release and general availability of Snort 3, seven years after the alpha version was unveiled.

WhiteHat Security Introduces AppSec Stats Flash: A Modernized Approach to Application Security Reporting (PR Newswire) WhiteHat Security, a wholly-owned, independent subsidiary of NTT Ltd. and a world leader in application security, today announced the launch of...

Fingerprints celebrates 500 mobile device integrations landmark (Fingerprints) Major milestone reflects mature and central role of biometrics in mobile

Kroll Launches Data Privacy and Digital Trust Solutions Ahead of Data Privacy Day (Duff & Phelps) As privacy concerns evolve, Kroll augments its capabilities to protect data, value digital assets, mitigate risks and build digital trust

SparkCognition and SkyGrid Deploy First AI-Powered Cybersecurity System on Drones (PR Newswire) SparkCognition, the world's leading industrial artificial intelligence (AI) company, and SkyGrid, a Boeing, SparkCognition Company, today...

Technologies, Techniques, and Standards

Microsoft: How 'zero trust' can protect against sophisticated hacking attacks (ZDNet) Microsoft's director of identity security is urging customers to do some security house cleaning: deploy multi-factor authentication and tighten up permissions on user and vendor accounts.

Cyber Hype: Be Wary but Prepared (JD Supra) When it comes to cyber attacks and vulnerabilities, the news cycle and third-party reports can be alarming and distracting. One recent subplot of the...

Legacy security architectures threaten to disrupt remote working (ComputerWeekly) Annual survey of IT leaders finds network security is of prime concern as most companies continue with work-from-home policies.

Panel Reflects on How Orgs Should Approach Security in 2021 (Infosecurity Magazine) Organizations need to embrace transparency regarding their cybersecurity

How Retail Cybersecurity Can Adapt to the 2021 New Normal (PRWeb) A NYC area retail technology consultant and MSP discusses how retail cybersecurity can adapt to the 2021 new normal in a new article on the eMazzanti Techno

Academia

RangeForce Partners with New York University to Provide Hands-on Training Environment for Cybersecurity Master’s Candidates (BusinessWire) Students will have access to more than 400 RangeForce learning modules and gain expertise needed to qualify for job opportunities upon graduation.

How UVA Engineers Help to Prevent Cyber Espionage by Adversarial Governments (UVA Today) UVA Engineering researchers have developed a unique concept to protect our digital world.

Legislation, Policy and Regulation

Russia tells social networks: Stop promoting anti-Kremlin Navalny protests to minors (Reuters) Russia has asked social networks, including the video-sharing app TikTok, to stop the spread of posts encouraging minors to take part in unsanctioned rallies on Saturday in support of jailed Kremlin critic Alexei Navalny.

China sanctions Pompeo and more than two dozen US figures (TheHill) China announced multiple sanctions against Trump administration officials and allies on Wednesday, including Secretary of State Mike Pompeo, just as former President Trump's term ends and President Biden’s administr

Biden administration calls China sanctions on Trump officials 'unproductive and cynical' (Reuters) China's move to sanction former Trump administration officials was "unproductive and cynical", a spokeswoman for President Joe Biden's National Security Council said on Wednesday, urging Americans from both parties to condemn the action.

Huawei ban timeline as Trump administration ends and Joe Biden takes office (CNET) Here's a breakdown of the controversial Chinese telecom giant's saga so far.

Trump Administration Imposed More Postelection Sanctions Than Recent Administrations (Wall Street Journal) The U.S. Treasury Department’s Office of Foreign Assets Control announced 307 designations of blacklisted individuals and entities between Nov. 3 and Tuesday, the last full day under the Trump presidency, according to data analysis from law firm Gibson, Dunn & Crutcher LLP.

An Overview of Cybersecurity Law in Taiwan (Lexology) In Taiwan, there are two main branches of legislation pertaining to information security: legislation on cybersecurity and legislation protecting…

The Diego Garcia dispute hits cyberspace (Lowy Institute) As internet domains go, .io is a money spinner. Would a change to the “British Indian Ocean Territory” cancel an asset?

Biden administration considering White House antitrust czar, Reuters says (NASDAQ:GOOGL) (SeekingAlpha) Biden's administration is considering the creation of a White House position focused on antitrust.

Intelligence and the Biden Administration (War on the Rocks) After four...strange years, what can we expect from the Biden administration on the intelligence front? From key appointments to the strategic context,

President Biden's Tech To-do List (ET CIO) Here’s a glimpse at opportunities and challenges in technology policy for the new Biden administration:

Biden's Cabinet picks face cyber questions from Congress as SolarWinds looms large (CyberScoop) President-elect Joe Biden’s choices to take on key cabinet roles outlined their approaches to pressing cybersecurity issues facing the new administration during Senate confirmation hearings on Tuesday.

Biden's nominees promise fresh approach on national security (LancasterOnline) President-elect Joe Biden’s nominees to lead his national security team promised a turnabout from the Trump administration’s approach on the world stage, saying Tuesday they would keep

The Cybersecurity 202: Here's what lawmakers want Biden to do on cybersecurity in his first 100 days (Washington Post) The brand-new Biden administration is already thinking about how to counter a sweeping Russian-led hacking campaign that breached several federal agencies.

Biden-Harris American Rescue Plan includes more than $10b in cyber, IT funds (Security Magazine) President-elect Joe Biden has announced the American Rescue Plan to "build a bridge towards economic recovery," during the coronavirus pandemic. The $1.9 trillion plan also aims to modernize federal information technology to protect against future cyberattacks.

What Role Will the National Cyber Director Play? (Fed Tech Magazine) The newly created position will help lead the response to a major cyberattack but has yet to be filled by the Biden administration.

Haines pledges to ‘speak truth to power’ if confirmed as Biden’s intel chief (POLITICO) “When it comes to intelligence, there is simply no place for politics — ever,” Avril Haines told senators.

After huge hack, Biden security picks want more cyber coordination with industry (C4ISRNET) Nominees for defense secretary and director of national intelligence say more government-private information sharing is needed to prevent breaches.

Biden DHS, Intel picks stress need to prioritize cybersecurity after SolarWinds hack (TheHill) President-elect Joe Biden’s nominees to serve as secretary of the Department of Homeland Security (DHS) and as director of national intelligence (DNI) both said Tuesday that if confirmed they will make a priority ou

Biden Nominee Vows to Track Foreign Influence on Domestic Extremist Groups (New York Times) Avril Haines, who has been nominated to be director of national intelligence, told senators that she would assist with a public written assessment of the threat from QAnon.

Austin tackles cyber and social policy in nomination hearing (FCW) Senators question defense secretary nominee about cyber and racism as several National Guardsmen removed from inauguration duty.

SecDef nominee pledges to evaluate information operations (C4ISRNET) Austin told senators he plans to review the DoD's posture in the information environment if confirmed.

Five ways the Biden administration could impact cyber insurance (PropertyCasualty360) Recent remarks from the newly inaugurated president have alluded to a greater government presence in cybersecurity arenas.

Lawmakers Criticize State Department’s Approval of Cyber Bureau (Meritalk) Four lawmakers are criticizing Secretary of State Mike Pompeo’s approval of a new cybersecurity and emerging technologies bureau and calling for President-elect Joe Biden to hit pause when he is sworn in and takes office.

CMMC: Experts parse DoD’s new cybersecurity rules (SME) Current and prospective member companies of the defense industrial base (DIB) have watched with interest as the U.S. Department of Defense (DoD) developed its all-encompassing Cybersecurity Maturity Model Certification (CMMC) program.

SCYTHE Library: Parsing an Executive Order: Streaming on Your TV Soon (Scythe) The Executive Order’s proposed know your customer-style and information sharing regulations are more geared towards addressing intellectual property piracy than thwarting a SolarWinds style attack. The required customer contact information collection will make the post-attack and post-breach legal process easier but it will not prevent or deter an attack that utilized stolen infrastructure.

Outgoing FCC Chief Says Government Laid Groundwork for Faster Networks (Wall Street Journal) Ajit Pai says he focused on fostering investment while maintaining independence. The departing official oversaw a collection of networks that grew bigger, faster and more varied over the past four years.

Senate confirms Avril Haines as director of national intelligence (Washington Post) The Senate on Wednesday confirmed Avril D. Haines, a lawyer and former deputy director of the CIA, as the director of national intelligence. The 84-to-10 vote signaled early bipartisan support for President Biden’s slate of national security nominees.

Pentagon announces new acting CIO as Deasy departs (C4ISRNET) The department's principal deputy CIO takes over from Dana Deasy until President Joe Biden's eventual pick gets confirmed.

Roth takes over as acting Air Force secretary (Air Force Times) Former Air Force Secretary Barbara Barrett received the traditional farewell clap-out for departing Pentagon officials on Tuesday.

Former GOP operative Michael Ellis placed on administrative leave from NSA’s top lawyer job (Washington Post) The director of the National Security Agency on Wednesday put the agency’s top lawyer on administrative leave days after the Pentagon ordered the installation of the ex-GOP operative in the job, according to a U.S. official familiar with the matter.

Why the Trump administration’s Michael Ellis gambit is problematic (Washington Post) In one of its final acts, the Trump administration is attempting to install a top political loyalist into a key job in U.S. intelligence that is generally reserved for apolitical career civil servants.

New York Proposes Biometrics Privacy Law (Decipher) New York lawmakers are moving ahead with their own privacy legislation to regulate how private companies handle biometric data.

Litigation, Investigation, and Enforcement

Self-styled militia members planned on storming the U.S. Capitol days in advance of Jan. 6 attack, court documents say (Washington Post) Self-styled militia members from Virginia, Ohio and other states made plans to storm the U.S. Capitol days in advance of the Jan. 6 attack, and then communicated in real time as they breached the building on opposite sides and talked about hunting for lawmakers, according to court documents filed Tuesday.

A Site Published Every Face From Parler's Capitol Riot Videos (Wired) Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

U.S. v Thomas Edward Caldwell, Donovan Ray Crowl and Jessica Marie Watkins (Washington Post) This Affidavit is submitted in support of an Amended Criminal Complaint charging THOMAS EDWARD CALDWELL, DONOVAN RAY CROWL, and JESSICA MARIE WATKINS with violations of 18 U.S.C. §§ 371, 372, 1361, 1512(c)(2), 1752(a), and 40 U.S.C. § 5104(e)(2) (hereinafter, “Subject Offenses”).

Nowhere To Hide: Controllers have “Constructive Awareness” Of Processor Data Breaches (JD Supra) On December 15, 2020, Ireland’s Data Protection Commission (“DPC”) announced its decision to fine Twitter International Company (“Twitter”) €450,000...

Underground Carding Marketplace Joker's Stash Announces Shutdown (SecurityWeek) Joker’s Stash, a large underground marketplace for stolen payment card data, has announced plans to shut down operations on February 15, 2021.

Driveline Employees Denied Class Status in Data Breach Lawsuit (Bloomberg Law) Driveline Retail Merchandising Inc. won’t have to face an employee class over a data breach that allegedly exposed the personal information of nearly 16,000 workers, following an Illinois federal court’s ruling that individual issues would dominate the litigation.

Foreign-Language Training Companies Admit to Participating in Conspiracy to Defraud the United States (US Department of Justice) Two providers of foreign-language services, Comprehensive Language Center Inc. (CLCI), based in the Washington, D.C., area, and Berlitz Languages Inc. (Berlitz), based in New Jersey, were charged with participating in a conspiracy to defraud the United States by impeding, impairing, obstructing, and defeating competitive bidding for a multi-million dollar foreign-language training contract issued by the National Security Agency (NSA) in 2017, the Department of Justice announced today.