North Korea has been quietly and effectively prospecting legitimate vulnerability researchers. Anonymous back in Malaysia?

Cyber Attacks, Threats, and Vulnerabilities

New campaign targeting security researchers (Google) Details on an ongoing campaign, which we attribute to a government-backed entity based in North Korea, targeting security researchers working on vulnerability research and development.

Google: North Korean hackers have targeted security researchers via social media (ZDNet) Google TAG warns security researchers to be on the lookout when approached by unknown individuals on social media.

North Korean hackers are targeting security researchers with malware, 0-days (BleepingComputer) A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight.

North Korea infected infosec bods with backdoors via dodgy blog pages, Visual Studio files – Google (Register) Security eggheads discover their PCs chatting with Kim Jong Un's hackers

Security researchers targeted by North Korean hackers (Help Net Security) Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers.

Vulnerability Researchers Hit by North Korean Hackers (BankInfo Security) North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations"

Malaysian government on guard against cyber attacks after new ‘Anonymous’ warning (Yahoo) ‘Guy Fawkes’ is back with new #OpsWakeUp21 movement. This article, Malaysian government on guard against cyber attacks after new ‘Anonymous’ warning, originally appeared on Coconuts, Asia's leading alternative media company.

Security expert says Anonymous Malaysia’s threat must be taken seriously, doesn’t expect all out attack (The Star Online) In its online video, the group claimed that the government's 'security system is low' and 'all data may be leak(ed)' allowing unwanted hackers to sell the information.

Blog: Service Accounts Likely Played a Key Role in the SunBurst Attack (Silverfort) A Research we have conducted at Silverfort labs indicates that service accounts likely played a key role in the SolarWinds attackers’ ability to move laterally within a victim’s environment.

SolarWinds Hacks: Virginia Regulator And $5 Billion Cybersecurity Firm Confirmed As Targets (Forbes) More targets of the unprecedented espionage campaign are revealed.

Twenty-three SUNBURST Targets Identified (Netresec) Remember when Igor Kuznetsov and Costin Raiu announced that two of the victims in FireEye's SUNBURST IOC list were ***net.***.com and central.***.gov on Kaspersky's Securelist blog in December? Reuters later reported that these victims were Cox Communications and Pima County. We can now reveal that[...]

Russian Hack of US Agencies Exposed Supply Chain Weaknesses (SecurityWeek) The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises | The Last Watchdog (The Last Watchdog) SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks. Related: Digital certificates destined to play key role in securing DX Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on […]

After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face (The New Yorker) The prospect of mutually assured destruction has worked so far in the nuclear realm, but there are no rules of engagement in cyberspace.

Cyberattack on EMA - update 6 European Medicines Agency (European Medicines Agency) Further to the cyberattack on EMA last year, some of the unlawfully accessed documents including email correspondence have been made public through the Internet and were subsequently picked up by some media outlets.

The Cybersecurity 202: Vaccine distribution unleashes new cybersecurity risks (Washington Post) Security experts and government officials are bracing for a wave of cyberattacks targeting the coronavirus vaccine distribution process.

DreamBus botnet targets enterprise apps running on Linux servers (ZDNet) DreamBus botnet uses exploits and brute-force to target PostgreSQL, Redis, SaltStack, Hadoop, Spark, and others.

A Look at Linux: Threats, Risks, and Recommendations (Trend Micro) This article aims to discuss the Linux threat landscape and examine how Linux has become an attractive target for attackers, as well as how it can be prone to a variety of threats and risks.

Misconfigured Cloud Server Exposes 66,000 Gamers (Infosecurity Magazine) Users of VIPGames.com at risk of follow-on attacks

SonicWall investigates SMA 100 Series appliances for zero-day vulnerabilities after attack (Computing) SonicWall has identified a coordinated attack on its internal systems by 'highly sophisticated threat actors'

Former LulzSec Hacker Releases VPN Zero-Day Used to Hack Hacking Team (Vice) A security researcher has released an exploit for SonicWall VPNs that was originally found by Phineas Fisher in 2015.

Cybercriminals use deceased staff accounts to spread Nemty ransomware (ZDNet) Researchers explore how ‘ghost’ accounts can become targets for threat actors.

Software Bots Multiply to Cope With ‘Stretched’ Resources (Wall Street Journal) Companies plan to leverage software robots in the months ahead, as many grapple with strained resources and uncertain markets.

Flash Is Dead—but Not Gone (Wired) Zombie versions of Adobe’s troubled software can still cause problems in systems around the world.

Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product (SecurityWeek) Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting a Matrikon (Honeywell) OPC UA product.

Leading crane maker Palfinger hit in global cyberattack (BleepingComputer) Leading crane and lifting manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations.

Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems (SecurityWeek) American packaging giant WestRock has disclosed a ransomware incident that impacted both IT and OT systems.

Vulnerability Summary for the Week of January 18, 2021 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

TikTok Had A Vulnerability That Could Have Allowed Hackers To Steal Phone Numbers (Ubergizmo) It can be dangerous to associate your phone number with online services and apps, but sometimes some services do require it. The reason...

CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability (SecurityWeek) An attacker could relay NTLM authentication sessions and execute code remotely using a printer spooler MSRPC interface.

Clothing Brand Bonobos Notifies Users of Data Breach (SecurityWeek) User data affected in the Bonobos breach includes names, addresses, encrypted passwords, and partial credit card numbers.

Illinois Court Exposes More Than 323,000 Sensitive Records (SecurityWeek) Researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County (Illinois) court related records containing highly sensitive personal data.

Brazil fuel distributor Ultrapar says operations back to normal after cyber attack (Brecorder) In a securities filing, Ultrapar said that all security and control measures were taken and, as of Jan. 14, the operating systems of the company and its subsidiaries have been gradually restored.

Westrock hit with cyber attack (WMBB-TV) WestRock Company, which owns a factory in Panama City, announced Friday that it had detected a ransomware incident impacting its operational and information technology sy…

Georgetown County falls victim to cyber attack (WMBF News) Officials say Georgetown County’s computer network suffered a ‘major infrastructure breach’ over the weekend.

Chipmaker Intel Corp. Blames Internal Error on Data Leak (SecurityWeek) Chipmaker Intel Corp. blamed an internal error for a data leak that prompted it to release a quarterly earnings report early, and said its corporate network was not compromised.

Beware cyberattacks disguised as Covid-19 handouts (Khaleej Times) Cybercriminals are leveraging a range of topics including the fear that a person has encountered an infected individual, government vaccine approvals, as well as sign up forms to receive the vaccine.

Got a weird text about a package delivery? It could be a scam. (Vox) Text message scams are getting more creative, mimicking alerts from the USPS, Amazon, and even Covid-19 testing providers.

Security Patches, Mitigations, and Software Updates

TikTok fixes privacy issue discovered by Check Point Research (Check Point Software) In recent months, Check Point Research teams discovered a vulnerability within the TikTok mobile application’s friend finder feature: a vulnerability that

Cyber Trends

Ransomware: analyzing the data from 2020 (Digital Shadows) If you're looking for the latest details on ransomware in 2020 and the ransomware threat landscape for 2021, read on.

PART I: Retrospective 2020: DDoS Was Back -- Bigger and Badder Than Ever Before (Akamai) Never before has the risk of a distributed denial-of-service (DDoS) attack been higher. In 2020, we saw record-breaking attacks, a DDoS extortion campaign impacting thousands of organizations globally, more emergency customer turnups, and more Akamai customers attacked than any year on record -- and we've been successfully fighting DDoS attacks since 2003! We also saw a big increase in attacks targeting verticals that haven't seen as much activity of late, with 7 of 11 of the industries we track seeing peak attack counts in 2020.

Survey Says: Cloud Backup, Security Top Execs' 2021 To-Do Lists (Infrascale) The pandemic sparked accelerated corporate adoption of cloud services, but, as we move into 2021, business executives increasingly seek ways to protect hosted data, infrastructure, and their organizations from an array of potential problems ranging from bad actors to data loss to vendor lock-in. Public cloud will enjoy a compound annual growth rate of 18.3% […]

Phishing email attacks targeting remote workers on the rise (Security Brief) “Just because employees may be more used to their home office environment doesn’t mean that they can let their guard down.

82% of companies give third parties access to all cloud data (Security Magazine) The Wiz Research team conducted extensive research of permissions provided to 3rd party vendors in cloud environments and the results should be a wake-up call: 82% of companies provide 3rd party vendors highly privileged roles. This is a major risk to sensitive data leakage and may pose both a security risk, as well as serious privacy risk.

IoT security picks up momentum (GCN) With attacks on connected infrastructure are becoming more frequent and sophisticated, securing the internet of things has become even more critical.

Next Pathway Research: 65% of Companies Report Cloud Migration Is a Top Priority (PR Newswire) Next Pathway Inc., the Automated Cloud Migration company, today announced the results of a third-party study assessing the state of data...

The Internet of Tip-Offs (An IoT Security Study) (Risk Recon) Our latest blog discusses our new research report that examines IoT security issues across enterprise organizations.

Marketplace

Passwordless Authentication Provider Axiad Raises $20 Million (SecurityWeek) Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm from Invictus Growth Partners.

Charterhouse Bolsters Cybersecurity Offering with Latest Acquisition (UC Today) UC Today reports on the latest technology news from around the globe. Read similar Unified Communications news to 'Charterhouse Bolsters Cybersecurity Offering with Latest Acquisition' here

Entrust Acquires HyTrust, Expanding Encryption, Key Management and Security Posture Management for Virtualised and Multi-Cloud Environments (Yahoo) Entrust a global leader in trusted identity, payments and data protection, today announced that it has acquired HyTrust, Inc., an innovative provider of virtualised and multi-cloud data encryption, key management, and cloud security posture management solutions. Terms of the deal will not be disclosed. By acquiring HyTrust, Entrust adds a critical management layer for encryption, cryptographic keys, and cloud security policy to its digital security solutions, serving the data protection and compliance needs of organisations accelerating their digital transformations.

Deloitte acquires Root9B (Intelligence Community News) Deloitte & Touche LLP announced on January 25 its acquisition of substantially all the assets of Root9B, LLC (R9B), a leading provider of advanced cyber threat hunting services and solutions.

Mission Secure Announces Series B Venture Funding to Further Advance Its Patented OT Cybersecurity Protection Platform (PR Newswire) The expansion of digital technologies accompanied by an upswing in ICS-specific threats targeting these critical infrastructure ecosystems is...

Axiom Cloud Closes Seed Financing led by Ulu Ventures (PR Newswire) Axiom Cloud, a company that develops software solutions to solve retail grocery's biggest energy and maintenance problems, today announced that...

Cybersecurity startup SpiderSilk raises $2.25M to help prevent data breaches (TechCrunch) The startup helps companies understand their attack surface by looking for things that are exposed but shouldn't be.

Datto Named to Ransomware Task Force by Institute for Security and Technology (Yahoo Finance) Datto Holding Corp. ("Datto"), (NYSE:MSP), the leading global provider of cloud-based software and technology solutions purpose-built for delivery by managed service providers (MSPs), today announced it was invited by the Institute for Security and Technology to join its Multi-Sector Ransomware Task Force. As a founding member, Datto joins other world-renowned experts in the fight against cybercrime and will represent the MSP community, focusing on the interests and needs of small and mid-sized businesses (SMBs).

Snyk Achieves 2020 Record Growth and Announces Plans to Lead Cloud Native Application Security Market (PR Newswire) Snyk, the leader in cloud native application security, today reported 2020 achievements and growth plans for the year ahead. Ending the fiscal...

Increased Market Demand for Skybox Security Posture Management (PR Newswire) Skybox Security, a global leader in security posture management, today announced global growth and increased market demand during 2020. Driven...

Huawei ban timeline: Chinese company reportedly considers selling some phone brands (CNET) Here's a breakdown of the controversial Chinese telecom giant's saga so far.

INSA Names Six Defense Sector Execs to 2021 Board; Letitia Long Quoted (GovCon Wire) Six executives from the defense industry have joined the Intelligence and National Security Alliance

Claroty Hires Simon Chassar as Chief Revenue Officer as Demand for its Industrial Cybersecurity Platform Accelerates - Claroty (Claroty) Seasoned Cybersecurity Sales Executive Joins After Company’s Year of Record Global Growth in Customers, Partners, and Employees

Products, Services, and Solutions

Huntress Launches Managed Antivirus Service to Streamline Endpoint Security for MSPs and IT Administrators (GlobeNewswire) The new service enables simplified and centralized management of Microsoft Defender Antivirus

CounterCraft Brings World-Class Active Defense Technology to U.S. Department of Defense (PR Newswire) CounterCraft, the global leader in deception-powered threat intelligence and active defense technology, has been awarded an Other Transaction...

Hotel Kämp focuses on world-class quality and security – payment card security verified by Nixu (News Powered by Cision) Hotel Kämp, located in Helsinki, is now compliant with the international Payment Card Industry Data Security Standard (PCI DSS), cementing its position as one of the pioneers of payment card security in the hospitality industry in Europe.

Palo Alto Networks Pumps Up Prisma Cloud (SDxCentral) Palo Alto Networks updated its Prisma Cloud security product to provide more options for customers securing their cloud native deployments.

Darktrace Version 5 Released For General Availability To Protect Cloud And Remote Workforce (PR Newswire) Darktrace, the world's leading cyber AI company, today launched Version 5 of its autonomous, self-learning Darktrace Immune System for general...

Kratos Awarded Contract with Juniper Networks for CMMC Advisory Services (Kratos) Kratos Defense & Security Solutions, Inc. (Nasdaq: KTOS), a leading National Security Solutions provider, announced today that Juniper Networks has awarded the company a second Cybersecurity Maturity Model Certification (CMMC) Advisory Services contract.

CybelAngel Uncovers Risks from Invisible Devices and Hidden Data Exposures with New Asset Discovery and Monitoring Service (BusinessWire) CybelAngel announces the addition of Asset Discovery and Monitoring capabilities to the company’s AI-powered, Digital Risk Protection Platform.

Netskope and Silver Peak Accelerate Network and Security Transformation with a Best-of-Breed, SASE-ready WAN Edge Solution (PR Newswire) Netskope, the leading security cloud, today announced new integration between Netskope Security Cloud Services powered by the NewEdge network,...

Secret Double Octopus Joins the ForgeRock Trust Partner Network (PR Newswire) Secret Double Octopus, the leader in enterprise passwordless authentication, announced today it completed its integration with ForgeRock®, a...

Beyond Identity Makes Passwordless Free (Beyond Identity) At a Critical Time for Remote Workers, the Company is Offering Businesses the Ability to Adopt Its Core Passwordless Technology for Free, for All Their Customers or Employees, Forever

Ivanti Extends Neurons Platform to Manage and Secure Healthcare IoT Devices, and Deliver Secure and (Ivanti) Ivanti Neurons helps manage and secure healthcare IoT Devices, and integrates with MobileIron Cloud, as Ivanti continues to deliver on its mission to self-heal and self-secure devices, and self-service end users, in the everywhere enterprise

Fortinet Announces AI-powered XDR for Fully Automated Threat Detection, Investigation, and Response (Fortinet) FortiXDR is the Only Extended Detection and Response Solution That Can Autonomously Manage Cyber Incidents From Identification to Remediation

Certero Receives Oracle Verification for Certero for Oracle - Certero (Certero) Certero has today announced that Oracle has verified its Oracle product “Certero for Oracle” to become one of only a handful of solution providers to meet the “Verified Third-Party Tool Vendors” certification.

Technologies, Techniques, and Standards

Five reasons every CISO needs SOAR (Security Magazine) Having a central location to integrate your security tools and processes to allow your people to collaborate and work together across teams is absolutely critical in today’s threat landscape. But there are five more important reasons why CISOs are prioritizing the adoption of a SOAR platform.

SolarWinds Cyberattack: Layered OT Security Creates Best Defense (Nozomi Networks) The recent SolarWinds supply chain cyberattacks serve to underscore an age-old cybersecurity tenant, and the reason we need to continue beating the drum as cybersecurity professionals: Use a layered approach to OT security.

Keep your WFH safe with these top tips (TechnoCodex) Related Posts Skagen Jorn Hybrid HR review: Better than Fossil? Jan 26, 2021 Walmart knocks over $50 off the 44mm Apple Watch Series 6 Jan 26, 2021 With 2020 finally behind us, the new year offers a chance of a fresh start and optimism for the 12 months ahead. However it’s unlikely that 2021 will […]

Explosion in remote working is proving to be a fertile ground for hackers. (OneLogin) Find out what you can do to stay secure while working remotely.

What Is a Hash Function in Cryptography? A Beginner’s Guide (Hashed Out by The SSL Store™) This cryptographic tool aids secure authentication and ensures data message integrity across digital channels — here’s what to know about what a hash function is and how it works What’s...

Design and Innovation

Google says it may have found a privacy-friendly substitute to cookies (Axios) Tests show advertisers can expect at least 95% of conversions per dollar spent on ads, compared to cookie-based advertising, Google said.

Research and Development

Byos Awarded Patent for Cybersecurity Protection Technology for Securing Endpoint Devices (BusinessWire) Byos, Inc., whose award-winning solutions protect endpoints using the novel approach of hardware-enforced isolation from the risks of home and public

Patent 3058867 Summary (Canadian Patent Database / Base de données sur les brevets canadiens) Device and Method for Securing a Network Connection; Dispositif et Procede de Securitisation d'une Connection Reseau

Legislation, Policy and Regulation

High-Profile Hacks Spark Calls for Global Cyber Response (Wall Street Journal) The challenges posed by modern cyber threats require international cooperation to solve, analysts and lawmakers say, but figuring out how to do that is the hard part.

Trump Got a Space Force. Biden Should Get a Cyber Force. (Bloomberg) The SolarWinds debacle shows the need for better scrutiny of software supply chains, public-private information sharing, and splitting up the NSA and Cyber Command.

No decisions yet on any changes to TikTok or Huawei cases, White House says (CyberScoop) The Biden administration is still reviewing how it will approach any national security challenges posed by Chinese-owned video-sharing app TikTok and telecommunications provider Huawei, the White House said Monday. “We need a comprehensive strategy … and a more systematic approach that actually addresses the full range of these issues,” White House Press Secretary Jen Psaki said of China-related technology and national security concerns that intensified during the Trump administration.

Can the SolarWinds incident spur more action, less talk about supply chain security? (Federal News Network) NIST will finalize new publication NISTIR 8276 that will include eight key principles for protecting IT supply chains and release the draft to update SP 800-161, which will includes specific steps for…

Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment' (Threatpost) Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.

White House Eyes Jen Easterly, Robert Silvers, Eric Goldstein to Fill Top Cyber Positions (GovCon Wire) President Joe Biden plans to appoint former Obama administration officials Jen Easterly, Robert Silv

A Lower Bar for the Cyber Czar (War on the Rocks) For years, critics of U.S. cyber security policy have called for more centralization. Government efforts are spread across many organizations, we are

Utah bill called solid ‘first step’ toward facial recognition policy (StateScoop) The bill would require state agencies to file written requests before using facial recognition, though privacy advocates said the law could go further.

Litigation, Investigation, and Enforcement

Iran arrests US dual national on spying charges (BBC News) The case could complicate plans by new US President Joe Biden to engage with the Tehran government.

Former airman sentenced to 11 years in scheme to offer information to Russia (Air Force Times) Elizabeth Jo Shirley, 47, pleaded guilty last year as part of a plea agreement to one count each of willful retention of national defense information and international parental kidnapping.

Justice Department Concerned Riley Williams, Pa. Woman Accused Of Stealing Nancy Pelosi's Laptop, Might Destroy Evidence (CBS Local Pittsburgh) The Justice Department says it is concerned that the Pennsylvania woman charged with stealing Nancy Pelosi's laptop during the Capitol riot might destroy evidence.

Grindr is fined $11.7 million under European privacy law. (New York Times) Regulators in Norway said Grindr had illegally shared details on users’ sexual orientation and locations with several advertising companies.

Judge OKs Hy-Vee's $20M Data Breach Settlement (Law360) An Illinois federal judge on Monday gave his blessing to a settlement between Hy-Vee Inc. and a class of customers who alleged that the grocery chain's lax security systems allowed cyberthieves to steal millions of credit card numbers.

User Fights To Keep Twitter In Phone Number Privacy Suit (Law360) A Twitter user urged a Washington federal judge not to let the social media platform slip out of a proposed class action accusing it of fraudulently obtaining users' phone numbers, saying a state law forbids the manner in which Twitter used the data.

Ala. Man Cleared On Rape Sues Facebook For Negligence (Law360) A central Alabama man and his family have sued Facebook, county officials, a minor who allegedly accused him of rape and others, alleging civil rights violations and claims including defamation and negligence.

Father of 5 killed in confrontation with teens over daughter's cyber bullying, family says (ABC13 Houston) His wife said their 15-year-old daughter has been bullied on social media by the same teen boy for nine months. She said her dad deserves justice.