SolarWinds updates. Hildegard infests Kubernetes clusters. Consumer IoT insecurity. Bad patching breeds exploitation.

Cyber Attacks, Threats, and Vulnerabilities

A Second SolarWinds Hack Deepens Third-Party Software Fears (Wired) It appears that not only Russia but also China targeted the company, a reminder of the many ways interconnectedness can go wrong.

SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad Based Attack (CRN) Hackers most likely entered SolarWinds’s environment through compromised credentials and/or a third-party application that capitalized on a zero-day vulnerability, CEO Sudhakar Ramakrishna said.

The SolarWinds Hack Just Keeps Getting More Wild (Gizmodo) Here's everything we know so far.

The Hack Roundup: USDA Denies Data Breach at Payroll Facility (Nextgov.com) Here are the news and updates you may have missed.

Blox Tales: Microsoft Office Phishing Attack Hosted on Google Firebase (Armorblox) This blog focuses on an email attack that pretends to share information about an EFT payment with a link to download an HTML invoice. Opening the HTML loads a page with Microsoft Office branding that’s hosted on Google Firebase. The attack phishes for users' Microsoft login credentials and phone numbers.

Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests (Avast Threat Labs) This blog post brings more technical details on CacheFlow: a threat that we first reported about in December 2020. We described a huge campaign composed of dozens of malicious Chrome and Edge browser extensions with more than three million installations in total.

Bad patching practices are a breeding ground for zero-day exploits, Google warns - CyberScoop (CyberScoop) Customers of major software vendors take comfort whenever a vendor issues a security fix for a critical software vulnerability.

Déjà vu-lnerability (Google Project Zero) A Year in Review of 0-days Exploited In-The-Wild in 2020 Posted by Maddie Stone, Project Zero 2020 was a year full of 0-day exploits. Many o...

New CTV Fraud Scheme Dwarfs Previous Attacks (Double Verify) DV’s Fraud Lab recently identified and blocked the biggest CTV fraud scheme to date, ParrotTerra. Before ParrotTerra, this title was held by LeoTerra, a similar server-side ad insertion (SSAI) scheme, which was first identified by DV in July 2020 and later resurged in December 2020, when other companies identified this same scheme using the name “StreamScam.”

The Cybersecurity 202: Smart home devices with known security flaws are still on the market, researchers say (Washington Post) Popular retailers including Amazon and Walmart are selling smart doorbells and other internet-connected devices with significant cybersecurity vulnerabilities, researchers at the Florida Institute of Technology found.

Florida Tech Cybersecurity Researchers Discover Hidden Vulnerabilities in Wireless Doorbells, Cameras (ReFirm Labs) This a true buyer beware story! Hidden vulnerabilities discovered by Florida Tech researchers in products sold at Walmart and Amazon.

Doorbells and IoT Security Certification: Retailers Need to Step Up (ReFirm Labs) Backdoors in doorbells by Merkury/Geeni flout IoT security are still available from Walmart, Amazon, Home Depot, Best Buy and more.

Hildegard malware targeting Kubernetes to mine cryptocurrency (Computing) Researchers expect a large-scale attack leveraging Kubernetes resources soon

Hildegard: New TeamTNT Malware Targeting Kubernetes (Unit42) Hildegard is a new malware campaign believed to originate from TeamTNT. It targets Kubernetes clusters and launches cryptojacking operations.

Attackers Use File Storage Platform to Secretly Mine Bitcoin (Decrypt) File storage provider QNAP has issued an advisory to protect clients against targeted Bitcoin mining attacks.

Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module (VDOO) In this article we provide a technical description of the new vulnerabilities that we discovered and disclosed in Realtek’s RTL8195A Wi-Fi module.

Wind River Systems Investigating Possible Data Breach (BankInfo Security) Embedded software vendor Wind River Systems is investigating a security incident within its internal network, according to a notification filed with California

Lack of visibility into remote endpoints leaves companies vulnerable to ransomware (Help Net Security) Most organizations have a severe lack of visibility into remote endpoints, and few have a way to stop ransomware from spreading.

Hacker selling off Facebook users' phone numbers following data breach (Daily Record) The hacker is exploiting a security breach that occurred in 2019 but many Scots may still be affected

Why Insider ‘Zoom Bombs’ Are So Hard to Stop (Wired) Researchers have found that most calls to disrupt videoconferences originate with the participants, especially in high schools and colleges.

Vendor Responsible for Goodwin Breach Has Some Other Big Law Clients | The American Lawyer (The American Lawyer) Accellion, a Palo Alto-based cybersecurity company, was responsible for the breach at Goodwin Procter, sources confirmed.

Security Patches, Mitigations, and Software Updates

Five Critical Android Bugs Patched, Part of Feb. Security Bulletin (Threatpost) February’s security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8.

Cyber Trends

The Next Cyberattack Is Already Under Way (The New Yorker) Amid a global gold rush for digital weapons, the infrastructure of our daily lives has never been more vulnerable.

2021 Cyber Threat Trends Outlook (Booz Allen Hamilton) The year 2020 has been unlike any we have experienced, and this is true with regard to cyber threats, too. If this year has taught us anything, it is the importance of preparing for known threats

Claroty Biannual ICS Risk & Vulnerability Report: 2H 2020 (Claroty) The Claroty Biannual ICS Risk & Vulnerability Report: 2H 2020 offers an in-depth look at all ICS flaws disclosed in the second half of 2020 to shed light on emerging trends affecting how decision makers will tactically and strategically manage risk.

Over 300 million individuals affected by the US data leaks in 2020 (Atlas VPN) The year 2020 was full of challenges. The global pandemic threatened our health and digital safety as cybercriminals took advantage of the worldwide uncertainty for a quick gain.

Personal Antivirus Consumer Usage, Adoption & Shopping Study: 2021 (Security.org) Among the many challenges brought on by COVID-19 has been an increase in reported scams, particularly online scams such as phishing. The Federal Trade Commission first saw spikes in reports on April 24th, 2020, peaking in May with 1,479 reports in a single day. The security software market, currently estimated to be $224 billion globally, … Continued

Council Post: When Military Cybertech Goes Mainstream (Forbes) Where are the private offensive cybersecurity centers, and how have they managed to change the face and public perceptions of cybersecurity for individuals and nations alike?

The Attacker Defender Divide (InfoQ) Kenna Security and Cyentia analyzed over 18,000 CVEs to determine the paths between when a vulnerability is known, exploited, patchable, and patched. The result demonstrates that attackers have the upper hand for most issues.

Rise in ransomware attacks mistakenly causing data destruction (BleepingComputer) More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption.

Ransomware Payments Decline in Q4 2020 (Coveware) Coveware’s Q4 Ransomware Report finds that fewer companies are paying criminal extortionists that are holding stolen data for ransom.

New Report Reveals Significant Delays Revoking System Access, Impacting Security Risk (SecurityBrief) Only 34% of organizations report that a typical worker has their system access revoked on the day that they leave, the Identity Defined Security Alliance finds.

Identity and Access Management: The Stakeholder Perspective A survey of HR, Sales, and Help Desk Professionals (IDS Alliance) With the number of identities in the enterprise exploding, the processes and technologies for managing them have become increasingly important.

Vietnam loses over US$1 billion due to cyber virus in 2020 (SGGP English Edition) In 2020, Vietnamese internet users suffered a loss ofVND24 trillion (US$1 billion ) due to cyber virus, the Bach Khoa Anti-Virus Center (Bkav) has said following a study which was carried out in December, 2020 and was released today.

Marketplace

SolarWinds could have ‘chilling effect’ on cyber insurance (PropertyCasualty360) Is this massive cyberattack ushering in a new era of hackers increasing their focus on supply chain vulnerabilities?

HelpSystems Acquires Digital Defense to Enhance Cybersecurity Portfolio (PR Newswire) HelpSystems announced today the acquisition of Digital Defense, a leader in vulnerability management and threat assessment solutions. Digital...

Cryptocat author gets insanely fast backing to build P2P tech for social media (Yahoo Finance) A day later cryptography researcher, Nadim Kobeissi -- best known for authoring the open-source E2E-encrypted desktop chat app Cryptocat (now discontinued) -- had pulled in a pre-seed investment of $100,000 for his lightweight mesh-networked microservices concept, with support coming from angel investor and former Coinbase CTO Balaji Srinivasan, William J. Pulte and Wamda Capital.

As Demand Increases for Cybersecurity, Defendify Innovates and Expands (PRWeb) Throughout the pandemic, Defendify, the all-in-one, award-winning cybersecurity platform, sees significant increase in new users as they continue to inno

Akamai announces Inverse buyout; intends to expand zero trust portfolio (Northwest Diamond Notes) Tapping its potential across delivering digital values and IoT, Akamai Technologies, one of the intelligent edge platforms, has recently announced acquiring Montreal-based Inverse Inc., for an undisclosed amount.

Hack A Cryptocurrency Wallet Filled With Bitcoin to Get Hired By A Cybersecurity Firm (BitcoinExchangeGuide) Red Balloon Cyber Security Company is using a unique way to get their next recruits. The company asks prospective candidates to crack an encrypted hard drive before they are offered the opportunity to work with the security firm. According to the company’s description, anyone with “the skills and passion” to crack the hard drive will […]

Cybersecurity firm uses encrypted hard drive with Bitcoin to test applicants (Cointelegraph) Crypto Twitter users reported Red Balloon Security had sent out similar encryption tests as part of the Defcon hackers' conference in 2017.

Cymulate Recognized as the #1 Innovation Leader in Breach and Attack Simulation Market by Frost and Sullivan (PR Newswire) Cymulate, the only SaaS-based Continuous Security Validation platform to operationalize the MITRE ATT&CK® framework end-to-end, announced today...

KnowBe4 Ranked Second on List of Top 100 Cybersecurity Companies Curated by the University of San Diego (GlobeNewswire) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is pleased to announce that the organization placed second on the University of San Diego’s annual list of the Top 100 Cybersecurity Companies of 2020.

AppSec Market Leader Veracode Continues Strong Growth and Business Momentum (Veracode) Year underscored by progress integrating security into developer workflows and recognition for innovation by leading research firms and customers

The Chrome Update Is Bad for Advertisers but Good for Google (Wired) The world’s most popular browser is about to make it a lot harder for advertisers to track your online activity.

Parler CEO Says He Was Fired by Conservative Political Donor Rebekah Mercer (Wall Street Journal) The moderation-light social media platform that appealed to conservatives was forced offline last month by tech giants in the wake of the Capitol riot by Trump supporters.

Ankura Names Ted Theisen Senior Managing Director, Cyber Practice (Executive Gov) Ankura has appointed Ted Theisen as a senior managing director of the company’s Cyber Practice, Anku

Marianne Budnik joins CrowdStrike as CMO (Help Net Security) CrowdStrike announced the appointment of Marianne Budnik as the company’s new chief marketing officer (CMO).

Illumio appoints David Shephard as VP of sales in APAC (WhaTech) Illumio, the leading provider of end-to-end Zero Trust segmentation, today announced a senior appointment to further drive its enterprise customer...

ForgePoint Capital Promotes Will Lin to Managing Director, Ernie Bio to Principal, and Rohit Gupta to Associate (PR Newswire) ForgePoint Capital, the most active sector-focused cybersecurity venture investor in 2020 with $770 million under management, announced today...

Products, Services, and Solutions

Positive Technologies launches 5G Security Program to support mobile operators in securing their next generation networks against new and hidden threats - Membership (Membership) Positive Technologies launches its 5G Security Program to help operators to reinforce their security strategies and build appropriate practices to maintain the resilience of their 5G SA/NSA networks and services. The UK is one of the most developed markets in Europe in terms of 5G deployments, as people and critical national infrastructure become more dependent […]

WitFoo Partners with SYNNEX Corporation (News Direct) Expands Distribution of Precinct Platform into Government & Cloud Marketplaces

RSA NetWitness® Detect AI Harnesses Unsupervised Machine Learning to Detect Advanced Cyber-Threats (RSA.com) Cloud-native solution provides advanced analytics for high-fidelity, actionable threat detection

Introducing RSA NetWitness® Detect AI (RSA.com) Introducing RSA NetWitness® Detect AI, the new cloud analytics solution for advanced threat detection.

RiskRecon and CyberGRX Form Strategic Partnership to Give Organizations Complete View of Third-Party Cyber Risk Posture (BusinessWire) RiskRecon, a Mastercard Company, and CyberGRX, provider of the world’s first and largest global cyber risk exchange, announced a strategic partnership

CyberSheath ensures compliance with new cybersecurity standards for defense contractors (Help Net Security) CyberSheath launched its Managed IT Services for Defense Contractors to ensure compliance with the new cybersecurity standards.

Cleanshelf integrates Okta’s provisioning capabilities into its platform (Help Net Security) Cleanshelf has combined SaaS visibility and access management into a single platform with Okta Identity Cloud integration.

RangeForce Introduces Role Based Self-Directed Training for Top Cyber Security Positions (BusinessWire) Job specific Battle Paths are available for the most in-demand cyber security openings such as SOC Analyst, Threat Hunter, Cloud Security and more.

Positive Technologies launches 5G Security Program to support mobile operators in securing their next generation networks against new and hidden threats (Telecom Reseller) Positive Technologies today launches its 5G Security Program to help operators to reinforce their security strategies and build appropriate practices to maintain the resilience of their 5G SA/NSA networks and services.

Announcing the general availability of Azure Defender for IoT (Microsoft Security) As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology (OT) endpoints is growing dramatically—industry analysts have estimated that CISOs will soon be responsible for an attack surface multiple times larger than just a few years ago. Today we are announcing that Azure Defender for IoT is…

Cisco AppDynamics Delivers Industry-First Solution for Strengthening Security Posture Against Threats While Achieving Peak Application Performance (Cisco) New Cisco Secure Application solution simplifies vulnerability management and defends applications against slowdowns and exploits.

Qatari research center chooses Leonardo for cyber range (C4ISRNET) The training platform is capable of simulating cyberattacks so users can assess the resilience of digital infrastructure.

Technologies, Techniques, and Standards

Google Cloud BrandVoice: Less Trust, More Security: The New Model Of Cloud Operations (Forbes) To be able to trust cloud computing, you need to be able to trust it less. Here’s a look at the cloud/trust paradox, and what your business can take away from it.

CISA Issues Guidance on Enhancing Cloud Security Controls (Fed Tech) The Cybersecurity and Infrastructure Security Agency warns that malicious actors are taking advantage of lax cyber hygiene for cloud services.

What should you say if you have a data breach? Catch up with Jason Nurse at Sophos Evolve (Naked Security) Learn why it’s way better to rehearse what to say if you suffer a data breach than to make it up as you go along.

Survey Highlights Security Is Top of Mind for SAP Transformation and Cloud Migration Projects (Onapsis) In coordination with Onapsis, the Americas SAP Users’ Group (ASUG) recently conducted a research project to better understand how SAP customers are thinking about major transformation and cloud migration projects, the decision-makers involved and how they are moving their businesses forward.

US Army Europe Wants New Hub for Artillery Fire (Defense One) A new targeting center and mobile artillery-and-cyber teams will dominate the way the Army conducts operations, says Gen. Cavoli.

Design and Innovation

iProov Research: U.S. Banks Missing Out on Online Growth Opportunities (Morningstar) Survey reveals that a lack of secure authentication is preventing existing bank customers from accessing new products online

TikTok will prompt users when videos are flagged as misleading (Axios) It's one of the most dramatic steps TikTok has taken to reduce the spread of misinformation.

Pornhub Announces 'Biometric Technology' to Verify Users (Vice) Following bans from payment processors and mass deletion of most of its content, Pornhub announced new details on its improved trust and safety polices.

Data Drought Slows Advance of AI in Cybersecurity (Wall Street Journal) It’s early days, but both government and business want to solidify their cyberwalls with AI. Yet training AI models requires reams of just the right sort of data.

Examples of AI as a force for social good (Computing) Nesta in Scotland showcases a number of projects in which humans and AI work as a team

Research and Development

CISA to Demonstrate Tech for Emergency Comms on the Energy Grid (Executive Gov) The Cybersecurity and Infrastructure Security Agency (CISA) plans to test a new technology designed

IBM reveals new quantum roadmap (Computing) IBM foresees a 1,000-qubit device by 2023, and 'frictionless quantum computing' by 2025

Academia

IBM plans grant program to help schools fend off ransomware (EdScoop) The company plans to give six school districts $500,000 worth of its cybersecurity expertise to improve their defenses against the ongoing threat.

Legislation, Policy and Regulation

Myanmar military government orders telecom networks to temporarily block Facebook – TechCrunch (TechCrunch) Myanmar’s new military government has ordered local telecom firms to temporarily block Facebook until February 7 midnight, days after the military seized power in the Southeast Asian nation in a military coup. Several users on Myanmar subreddit reported moments ago that Facebook was already i…

After Fueling A Genocide, Facebook Takes A Stand Against A Myanmar Coup (BuzzFeed News) In an internal post, the company outlined how it will try to protect people opposing Myanmar’s military coup.

India warns Twitter over lifting block on accounts and noncompliance of order (TechCrunch) India has issued a notice to Twitter, warning the American social firm to comply with New Delhi’s order to block accounts and content related to a protest by farmers and not “assume the role of a court and justify non-compliance.” Failure to comply with the order may prompt penal action against Twi…

Twitter Unblocked Accounts That Criticized India’s Government. Now, Its Employees Are Being Threatened With Jail Time Unless It Blocks Them Again. (BuzzFeed News) The social media company is refusing an order to take down accounts the government wants gone.

Volunteer force to patrol cyber world for ‘anti-national’ posts (Brighter Kashmir) Volunteer force to patrol cyber world for ‘anti-national’ posts

Microsoft backs Australia's proposed media laws, eyes expansion (Reuters) Microsoft Corp said on Wednesday it fully supported proposed new laws in Australia that would force internet giants Google and Facebook Inc to pay domestic media outlets for their content.

UK 'must learn from 5G Huawei U-turn supplier squeeze' (BBC News) MPs call for a strategy for new technologies such as artificial intelligence and quantum computing.

Global Tech Tax Is Expected to Arrive This Summer (Bloomberg) Hey all, it’s Natalia. Tech giants including Alphabet Inc., Apple Inc. and Facebook Inc. could soon be hit with higher taxes around the world after global talks moved closer to an agreement.

HASC adds cybersecurity subcommittee (FCW) Rep. Jim Langevin (D-R.I.) will chair a new subcommittee of the House Armed Services Committee focused on cybersecurity, emerging tech and information systems.

Peters outlines Key priorities for Senate Homeland Security and Governmental Affairs Committee (WKZO) Wednesday, U.S. Senator Gary Peters (D-MI), the Chairman of the Senate Homelan...

Time to End the Dual Hat? (Council on Foreign Relations) Following the SolarWinds breach, there have been renewed calls for the end of the dual-hat authority that governs the National Security Agency and U.S. Cyber Command.

NSA’s cyber directorate marks a year in operation (Federal News Network) The NSA’s Cybersecurity Directorate has marked a full year of operations. For details on what it’s managed to get done, deputy director Dave Luber spoke to Tom Temin.

Army National Guard transitions cyber task force mission (DVIDS) The transition of authority between two Army National Guard battalions was a quiet and seamless affair, taking place without the traditional ‘pomp and circumstance’ normally associated with significant Army events. The transition marked the end of a 15-month deployment for the Soldiers of the 124th Cyber Protection Battalion (CPB), who hail from Arkansas, Maryland, Missouri, Nebraska, Virginia and Utah, and the beginning for the Army National Guardsmen of the 123rd CPB, who call Illinois, Minnesota, Virginia, and Wisconsin their home states.

DHS cyber agency rethinking its debunking of election falsehoods after right-wing backlash (POLITICO) “Some of the actions that CISA took in the last election cycle were controversial,” said Brandon Wales.

Litigation, Investigation, and Enforcement

Robinhood Faces Civil Lawsuits Over Trading Restrictions (Wall Street Journal) Robinhood Markets is facing more than 30 civil lawsuits in relation to trading restrictions imposed by the online brokerage that temporarily limited purchases of certain securities last week, according to court records.

Google Can't Shake NM AG's Children Online Privacy Claims (Law360) A New Mexico federal judge rejected Google's bid to dismiss children's privacy law and intrusion on privacy claims against it initiated by the state's attorney general over surreptitiously collecting children's location and personal data via app games.

Canadian Regulator Calls Clearview AI's Data Scraping Illegal (Law360) Facial recognition company Clearview AI's scraping of billions of people's images from the internet to create an identification database marketed to police departments and companies is a clear breach of Canadian law, the country's privacy watchdog said Wednesday.

Canadian Regulators Say Clearview Violated Privacy Laws (Wall Street Journal) Canadian regulators on Wednesday said facial-recognition-software company Clearview AI Inc. violated federal and provincial privacy laws in the country by offering its services there, though they acknowledged having limited enforcement powers in penalizing the New York-based company and others like it.

Google's Consent Defense Can't Ax Data Privacy Suit Outright (Law360) A California magistrate judge has trimmed claims from an Android smartphone user's proposed class action alleging Google illegally harvests third-party app data to gain an advantage over rivals like TikTok, but she rejected Google's argument that users clearly agreed to the data collection by accepting its privacy policy.

US Fertility Sued Over Ransomware Attack, Health Data Exfiltration (HealthITSecurity) US Fertility has been sued by the patients impacted by its ransomware attack in September. The incident lasted for a month before it was discovered, and allowed hackers to exfiltrate health data.

SolarWinds updates. Hildegard infests Kubernetes clusters. Consumer IoT insecurity. Bad patching breeds exploitation.

Aerospace news worthy of attention.