Software supply-chain espionage: intentions, TTPs, and class action. Embassy Panda's APT side hustle. Delisting Chinese telcos.

Cyber Attacks, Threats, and Vulnerabilities

Technical Deep Dive Into SolarWinds Breach | Qualys Security Blog (Qualys Security Blog) Many organizations have been compromised by the recent SolarWinds breach, which seems to be a targeted attack against both government and private agencies. The complete scale of this attack is still…

The threats arising from the massive SolarWinds hack (CBS News) Cybersecurity experts discuss the national security implications of the suspected Russian breach — a "cyber virus" — that has infected the computer systems of more than 18,000 private and government customers.

SolarWinds: The more we learn, the worse it looks (ZDNet) While you've been distracted by the holidays, coronavirus, and politics, the more we learn about the SolarWinds security fiasco, the worse it looks.

Microsoft Source Code Exposed: What We Know & What It Means (Dark Reading) Microsoft says there is no increase in security risk; however, experts say access to source code could make some steps easier for attackers.

Cybersecurity firm FireEye says massive Russia hack was waged inside U.S. (Axios) Intruders took advantage of limits on the NSA's domestic surveillance capabilities.

Solar Winds Blow Hard (BlogInfoSec) Unbelievable! But true. The enormous hack, purportedly by Russia (per Secretary of State Mike Pompeo and others), of major U.S. government agencies and the U.S.’s biggest corporations—apparently some 18,000 organizations according to the software maker—came through malware planted in updates to third-party network-monitoring software called Orion from SolarWinds.

The SolarWinds attack: A modern-day Pearl Habor? (Ironnet) Cybersecurity experts, including General (Ret.) Keith Alexander, David E. Sanger, and Richard Clarke, discuss the SolarWinds attack with Ted Koppel.

China's APT hackers move to ransomware attacks (BleepingComputer) Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.

Chinese espionage group APT27 moves into ransomware (SC Media) The Chinese espionage group APT27 has moved into more financially-motivated cybercrimes, using ransomware to encrypt core servers at major gaming companies worldwide.

The Evolution of the FIN7 JSSLoader (Morphisec) The FIN7 cybercrime group has evolved a JSSLoader for their purposes. Read the Morphisec Labs analysis on this FIN7 attack now.

Old Attack Method Against Google's Audio-Based reCAPTCHA Resurrected (SecurityWeek) An attack method discovered in 2017 that defeats Google’s audio-based reCAPTCHA using a speech-to-text API has once again been resurrected.

CellPhish: How Mobile Devices Are Making Companies Vulnerable to Hackers (INKY) The surge in remote workers is being met head-on with a surge in email phishing attacks and mobile devices are making companies more vulnerable than ever. Understand the risks mobile devices pose and how to protect your company from malicious phishers.

Hacker posts data of 10,000 American Express accounts for free (BleepingComputer) A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum post, the actor is also claiming to sell more data of Mexican banking customers of American Express, Santander, and Banamex.

The company that processes payments for Amazon and Swiggy has reported a data leak of over 100 million debit and credit cardholders (Business Insider) Information of over 100 million debit and credit card users has been leaked online from payments processor Juspay. The leak includes the user’s names, contact

Customers'' card details, passwords secure: Juspay on data breach (Outlook India) Payment processor Juspay on Tuesday said the data compromised during the breach did not contain any transaction information, and customers'' card numbers and passwords remain secure.

T-Mobile discloses its fourth data breach in three years (ZDNet) Personal details and financial information was not exposed, T-Mobile said.

T-Mobile says hackers accessed some customer call records in data breach (TechCrunch) The U.S. cell carrier said hackers accessed customer call records.

T-Mobile: Breach exposed call information for some customers (CyberScoop) T-Mobile says that it “recently identified and quickly shut down” a data breach that included call-related information about some accounts.

The anatomy of a modern day ransomware conglomerate (CyberScoop) If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need.

Ransomware 'businesses': Does acting legitimate pay off? (SearchSecurity) Numerous ransomware gangs have utilized tactics to make themselves appear to be legitimate businesses. SearchSecurity asked cybersecurity experts to weigh in on why this occurs, and answers ranged from it being humorous to how the gangs truly view themselves.

Apex Laboratory Says Patient Data Stolen in Ransomware Attack (SecurityWeek) Medical testing services provider Apex Laboratory informs patients of compromised personal information.

Cyber-Attack on US Laboratory (Infosecurity Magazine) Apex Laboratory discloses summertime cyber-attack

Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again (Check Point Software) At the end of October 2020, we reported that hospitals and healthcare organizations had been targeted by a rising wave of ransomware attacks, with the

Ryuk ransomware is the top threat for the healthcare sector (BleepingComputer) Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent.

Amey hit by cyber attack (Construction News) Amey was hit by a cyber attack in December, it has emerged. The firm’s systems were hit by what is believed to be a ransomware attack, becoming the latest

FBI warns of cyberattacks to distance learning (ABC News) FBI warns of cyberattacks to distance learning.

Darknet Threat Actors Are Not Playing Games with the Gaming Industry (Kela) The gaming industry should really thank Covid-19: People are stuck at home, seeking indoor hobbies, and giving online gaming a chance.

Employee credentials from top gaming companies found for sale on the dark web (SiliconANGLE) Security researchers have found more than 500,000 leaked credentials tied to leading gaming companies for sale on the dark web, the corner of the internet known for illicit activity.

Video game developer’s sites remain down after cyber attack (Business Insurance) Japan-based video game developer Koei Tecmo Holdings Co. Ltd.’s European and American websites are still down after a cyber attack on Dec. 25.

Online Gaming Adds More Risk to WFH (Security Boulevard) Online gaming could be yet another vector for a cyberattack on your home network and eventually on your company's network and data.

Beware: PayPal phishing texts state your account is 'limited' (BleepingComputer) A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft.

Vulnerability Summary for the Week of December 28, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Slack starts 2021 with a massive outage (The Verge) It’s the first day back to work for many after the holiday break

Slack goes down as millions return to work (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.

Cyber Trends

Austin breach could reshape cybersecurity (Texarkana Gazette) As investigations continued into the massive data breach linked to Austin-based software company SolarWinds, experts say the attack could lead to long-term changes in cybersecurity policies and procedures for government entities and private companies alike.

If Microsoft Can Be Hacked, What About Your Company? How AI Is Transforming Cybersecurity (Forbes) The hackers are starting to use AI, and the only way to successfully defend against future threats is for your company to use AI as well.

Study: Romanian companies plan to spend 14 percent of their IT budgets on cybersecurity in 2021 (Business Review) Romanian companies are inclined to increase their spending on enhancing the cybersecurity of their business, indicates a study commissioned by Safetech

Marketplace

Cybersecurity Firm Iboss Raises $145 Million as Cloud Market Stays Hot (Wall Street Journal) The shift to remote work during the coronavirus pandemic helped turn cloud-native cybersecurity companies into Wall Street darlings. Iboss wants to join the party.

NYSE says it will no longer delist three Chinese telecom giants (CNBC) The NYSE reversed an announcement four days earlier that it would delist American depositary shares of China Telecom, China Mobile and China Unicom.

Looming Delisting Jolts Chinese Telecom Stocks (Wall Street Journal) Shares in China’s three large telecom carriers were roiled, after the New York Stock Exchange moved to delist the trio to comply with a U.S. ban.

Huawei looks to cloud services as US sanctions hit smartphone business (South China Morning Post) Firm’s founder Ren Zhengfei says the Chinese giant should learn from global leaders Amazon and Microsoft.

Google, Alphabet employees unionize (TechCrunch) A group of more than 200 Google and Alphabet workers have announced the formation of the Alphabet Workers Union, The New York Times first reported. With the help of Communication Workers of America Union’s Campaign to Organize Digital Employees (CODE-CWA), the union will be open to both emplo…

In Georgia, Facebook’s Changes Brought Back a Partisan News Feed (The Markup) Ahead of crucial senate runoffs, Facebook reversed its political ad ban, and the impact was visible on users’ feeds

ARCYBER, Georgia Cyber Center's partnership already paying off (WFXG) It’s a courtship year in the making, and now the partnership between Army Cyber Command and the Georgia Cyber Center is paying dividends all across the CSRA.

OPSWAT Relocates Corporate Headquarters to Tampa (PR Newswire) OPSWAT, a leader in critical infrastructure protection (CIP) and trusted by more than 1,000 global organizations for providing comprehensive...

RevBits recognized as one of the Top 25 Cybersecurity Companies of 2020 (PR Newswire) RevBits today announced it made the list of Top 25 Cybersecurity Companies of 2020 as presented by The Software Report. The companies selected...

Cysiv Listed as a Representative Vendor in Gartner's 2020 Market Guide for Managed Security Services (PR Newswire) Cysiv Inc., an innovator in the provision of security operations center (SOC)-as-a-Service, today announced that it has been identified as a...

Proofpoint Snags Bitdefender Vet Joe Sykora To Lead Channels (CRN) Proofpoint has brought on longtime Bitdefender and Fortinet partner leader Joe Sykora to serve as the fast-growing email security vendor’s first-ever global channel chief.

Products, Services, and Solutions

Cyber security company helps kids, parents sort out facts from fiction online (ABC7 Chicago) Lynette Owens talked about the tool and how Trend Micro is working to fight misinformation.

Technologies, Techniques, and Standards

What can agencies do today to guard against hacks like SolarWinds? (GCN) By establishing strong supply chain risk management requirements and verifying all updates for critical networks and third-party software, agencies can better protect their networks against future incursions.

Why remote working doesn’t have to mean compromising on security (Techiexpert.com) Whether you work fully onsite, remotely, or do a mix of the two, it can be natural to worry that any kind of remote working can compromise your security.

Five things all MSPs should be asking themselves as threat actors target the channel (CRN) As Exclusive Networks becomes the latest casualty in a series of cyberattacks on channel firms, CRN asks cybersecurity specialists what the sector should be doing to prevent themselves becoming targets

Making PCI Compliance a Good Habit (Infosecurity Magazine) What causes a company’s compliance to slip, after the all-important first audit?

Václav Havel Airport Prague opens high-tech Cyber Security Operational Centre on-site (Passenger Terminal Today) In October 2020, Václav Havel Airport Prague opened what it describes as ‘one of the most modern and technically advanced cybersecurity workplaces in the Czech Republic’. The new Cyber Security Operational Centre (CSOC), which is situated in the administrative quarters on the airport site, runs 24 hours a day and is designed to protect theRead More

Design and Innovation

Blockchain Solution in Response to New Drone Regulations (iHLS) A new identity blockchain solution helps secure drones. Commercial drones are being used across various

Legislation, Policy and Regulation

Over 80,000 UK-registered .eu websites and related emails stop working due to Brexit (Computing) British nationals or organisations who shifts their domain's registration address to somewhere in the EU are eligible to retain their domain

Opinion: The Russian hack and securing our 5G broadband future (GreenwichTime) Information technology specialist stresses urgency to make cyber security part of...

Russia hack requires new cybersecurity paradigm (TheHill) Viewing the SolarWinds and Microsoft hacks as an impediment to deeper reform in the cybersecurity mission is a short-sighted and costly mistake.

After SolarWinds breach, where do we go from here? (Federal News Network) The federal government has a big data loss problem and a reputational black eye from the recently-discovered Russian cybersecurity attack successes.

Ericsson CEO lobbied Swedish minister over Huawei ban – report (FierceWireless) Ericsson CEO Börje Ekholm reportedly lobbied a Swedish minister to reverse a ban on Huawei and ZTE from Sweden’s rollout of 5G.

White House to release maritime cybersecurity update (CyberScoop) The White House is planning to release an update to the country's maritime security strategy, according to administration officials.

Defense Funding Measure Includes 77 Cybersecurity Provisions (BankInfo Security) Lawmakers who participated in the bipartisan Cyberspace Solarium Commission applauded Congress’ override of President Donald Trump’s veto of the National

DOD Formalizes Program Giving Companies More Access to Classified Info (Air Force Magazine) The Pentagon has formally created a group of defense companies with broader visibility into Special Access Programs.

U.S. Army Reserve Names Robert Powell to Serve as Deputy Commanding General of Cyber; Maj. Gen. Stephen Hager Quoted (Executive Gov) The U.S. Army Reserve has appointed Brig. Gen. Robert Powell to serve as a deputy commanding general

Litigation, Investigation, and Enforcement

The GDPR Fines 2020 Report (Finbold.com) Find out which countries violate GDPR the most and the total combined fine of the EU countries in 2020

UK ranks second for GDPR fines (Scottish Legal News) A total of €171.3 million in GDPR fines were issued against European countries in 2020, a new report shows. The fines were issued between January 1st, 2020, and January 1st, 2021, according to the GDPR Fines 2020 Report by Finbold. The report reveals that Italy accounts for the highest fines at €58.16 million of the total fines from 34 violations. The UK ranks second with €43.9m i ...

SolarWinds Hit With Shareholder Suit Over Nation-State Hack (Law360) SolarWinds Corp. misled investors by failing to disclose a security vulnerability that suspected Russian-linked hackers are believed to have exploited to gain a foothold into the information technology provider's expansive roster of clients, including Microsoft Corp. and several federal government agencies, according to a proposed class action filed in Texas federal court Monday.

Singapore police can access COVID-19 contact tracing data for criminal investigations (ZDNet) Under the country's Criminal Procedure Code, the Singapore Police Force can obtain any data -- including information gathered by the contact tracing TraceTogether app and wearable token -- to facilitate criminal probes, confirms cabinet minister.

‘It’s Easy Money’: Nigerian Scammer Laughs about Huge Sums Stolen from COVID Welfare Programs in Bombshell Interview (Foundation for Economic Education) An astonishing $36 billion has been lost to fraud in pandemic unemployment benefits, the Department of Labor reports. ‘It’s easy money,’ one glib Nigerian scammer admitted to reporters.

Facebook Asks Court To Wait On Consolidating Antitrust Suits (Law360) Facebook Inc. on Monday urged a District of Columbia federal court to hold off on deciding whether to consolidate a pair of antitrust suits brought by the Federal Trade Commission and 48 attorneys general, arguing that the social media giant should be permitted time to answer each suit first.

TikTok Faces Suit Over Child Privacy From London Preteen (Law360) A judge has ruled that a 12-year-old girl can remain anonymous in her pursuit of claims that the video-sharing app TikTok is illegally exploiting the personal data of children.

Software supply-chain espionage: intentions, TTPs, and class action. Embassy Panda's APT side hustle. Delisting Chinese telcos.

Aerospace news worthy of attention.