Gizmodo last night published a brief state-of-the-incident note on SolarWinds, in which it notices the spread, the complex ramifications, of the known and suspected independent exploitation by both Russian and Chinese services. On the Chinese front, Nextgov says that the US Department of Agriculture’s most recent word on a compromise of its National Finance Center Reuters reported earlier this week is that USDA hasn’t seen any evidence that the compromise happened at all.
Acting US CISA Director Wales told a meeting of the National Association of Secretaries of State that CISA's found no evidence that SolarWinds vulnerabilities were exploited against election systems, Reuters' Chris Bing tweeted.
Palo Alto Networks’ Unit 42 has found a malware campaign that targets Kubernetes clusters. The threat actors establish initial access through a misconfigured kubelet, then propagate their malware (which Unit 42 calls “Hildegard”) across as many containers as possible. The goal of the attack appears to be cryptojacking, and Unit 42 attributes the campaign to TeamTNT. Computing sees the campaign as a precursor to a large-scale, Kubernetes-based attack.
ReFirm Labs shares research from colleagues at Florida Tech. They looked at widely-sold home security devices (smart doorbells and security cameras) and found them rife with vulnerabilities that could give attackers remote privileged access sufficient to enable them to spy on unwitting users. ReFirm argues that the results should move industry and its regulators toward a system of IoT security labeling.
Google's Project Zero sees bad patching as a "breeding ground" of exploitation, CyberScoop reports.