Cyber Attacks, Threats, and Vulnerabilities
Trump Administration Says Russia Likely Behind Massive SolarWinds Hack (Wall Street Journal) The statement from four federal agencies is the first from the administration to identify Russia as the likely culprit in cyberattack that has hit the U.S. government and private-sector companies.
US: Hack of Federal Agencies 'Likely Russian in Origin' (SecurityWeek) Top national security agencies said Russia was likely responsible for the massive "SolarWinds" hack of U.S. government departments and corporations, rejecting President Donald Trump’s claim that China might be to blame.
Hacking ‘Likely’ Came From Russia, U.S. Says in Belated Official Statement on Major Intrusion (New York Times) The operation was underway for more than a month after it was uncovered, according to four government agencies that described the hacking as an intelligence-gathering effort.
US government formally blames Russia for SolarWinds hack (ZDNet) Joint statement from the FBI, CISA, ODNI, and NSA says SolarWinds hack was "likely Russian in origin."
U.S. Security Agencies: Massive Computer Hack Is 'Likely Russian' (NPR) In its most detailed comment so far, the U.S. government says the breach of government and private company computer networks "will require a sustained and dedicated effort to remediate."
Unraveling SolarWinds hack's fallout for higher ed (Inside Higher Education) Colleges and universities aren't confirming that they were hit by the massive SolarWinds cyberattack, but IT experts say the hack calls for bolstering cybersecurity for the future.
Hackers Exploiting Recently Disclosed Zyxel Vulnerability (SecurityWeek) Hackers are attempt to compromise Zyxel firewalls and WLAN controllers via hardcoded credentials (CVE-2020-29583)
Hackers start exploiting the new backdoor in Zyxel devices (BleepingComputer) Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor.
Egregor ransomware group explained: And how to defend against it (CSO Online) Egregor is one of the most rapidly growing ransomware families. It employs "double ransom" techniques to threaten reputational damage and increase pressure to pay.
ElectroRAT: Attacker Creates Fake Companies to Drain Crypto Wallets (Intezer) Extensive campaign already with thousands of victims promotes trojanized applications on cryptocurrency forums and social media.
Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users (The Hacker News) Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Babuk Locker is the first new enterprise ransomware of 2021 (BleepingComputer) It's a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks.
Babuk Ransomware (Chuong Dong) Malware Analysis Report - Babuk Ransomware
Cyber criminals are taking aim at online gaming for their next big pay day (ZDNet) Researchers find a million compromised corporate accounts of game companies on underground forums, and warn that the industry is a lucrative target for malicious hackers.
Australian cybersecurity agency used as cover in malware campaign (BleepingComputer) The Australian government warns of an ongoing campaign impersonating the Australian Cyber Security Centre (ACSC) to infect targets with malware.
Police warn of new phishing scams involving impersonation of government officials (TODAYonline) The police on Tuesday (Jan 5) warned members of the public of new banking-related phishing scams involving impersonation of government officials.
()
Robservations: Two-year data breach hits employees’ email at WTTW, WFMT (Robert Feder) Window to the World Communications, parent company of WTTW-Channel 11 and WFMT 98.7-FM, alerted employees this week to the discovery of a data breach in its computer system believed to have occurred over nearly a two-year period.
Juspay Data Leak fallout: RBI swings into action to curb cyberattacks (The Economic Times) A team from the Reserve Bank of India (RBI) has reached out to key stakeholders, including Payments Council of India, enquiring about enforcement of new payment aggregator licensing norms.
Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.3
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: Mitsubishi Electric, Multiple Factory Automation Engineering Software products
Vulnerability: Permission Issues
2.
Yokogawa CENTUM (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Yokogawa
Equipment: CENTUM
Vulnerabilities: Improper Authentication, Path Traversal
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-224-01 Yokogawa CENTUM that was published August 11, 2020, on the ICS webpage on us-cert.cisa.gov.
Johnson Controls Sensormatic Electronics American Dynamics victor Web Client and Software House C•CURE Web Client (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Low skill level to exploit
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls
Equipment: American Dynamics victor Web Client
Vulnerability: Improper Authorization
2.
ARC Informatique PcVue (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ARC Informatique
Equipment: PcVue
Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an Unauthorized Actor
2.
PTC Kepware KEPServerEX (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: PTC
Equipment: Kepware KEPServerEX
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
2.
Delta Electronics CNCSoft ScreenEditor (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics
Equipment: CNCSoft ScreenEditor
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow arbitrary code execution.
Delta Electronics DOPSoft (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics
Equipment: DOPSoft
Vulnerabilities: Out-of-bounds Write, Untrusted Pointer Dereference
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow arbitrary code execution.
Red Lion Crimson 3.1 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Red Lion
Equipment: Crimson 3.1
Vulnerabilities: NULL Pointer Dereference, Missing Authentication for Critical Function, Improper Resource Shutdown or Release
2.
GE Reason RT43X Clocks (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: GE
Equipment: Reason RT43X Clocks
Vulnerabilities: Code Injection, Use of Hard-coded Cryptographic Key
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary code on the system or intercept and decrypt encrypted traffic.
Panasonic FPWIN Pro (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: Panasonic
Equipment: FPWIN Pro
Vulnerability: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in an out-of-bounds read, which may allow remote code execution.
Schneider Electric Web Server on Modicon M340 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy
Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Classic Buffer Overflow
2.
Security Patches, Mitigations, and Software Updates
Google Releases January 2021 Security Updates for Android (SecurityWeek) Google patches critical code execution and denial of service vulnerabilities in Android with the January 2021 security updates
Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances (SecurityWeek) Citrix has released firmware updates for its ADC and Gateway appliances after threat actors started abusing them to launch DDoS attacks.
SolarWinds, Solorigate, and what it means for Windows updates (Computerworld) The recent SolarWinds attack raised serious questions about how safe companies (and government agencies) are when OS or software updates roll out. Since Microsoft was also hit, it’s important to understand what happened.
Cyber Trends
CISQ Publishes the Cost of Poor Software Quality in the U.S. A 2020 Report (Consortium for Information & Software Quality) Software quality is crucial to delivering value to organizations, U.S. economy.
Looking back at 2020: A Year in Review (Digital Shadows) This year was also made up of some pretty significant events in the cyber threat landscape, and I thought I'd highlight the three most important ones in my mind to round up what happened in these
Digital Fraud’s Evolution in 2020 and How to Prepare for 2021 (TransUnion) As the year comes to a close, we look toward 2021 as the time to reexamine fraud protection frameworks and implement more sophisticated tools to combat identity-based fraud across the customer lifecycle.
Marketplace
Leading SASE Cloud Security Provider iboss Raises $145 Million to Support Company's Rapid Growth in $25B Expanding Market (Yahoo) iboss, the leader in cloud delivered network security, announces it has raised $145 million in new funding. The financing will be used to support the company's rapid growth as organizations increasingly recognize iboss as the leading provider of cutting-edge network security through the cloud.
Data Security Providers Netwrix and Stealthbits Merge (SecurityWeek) The combined entity will continue to offer security solutions for data security risk detection and cyber-attack protection, response, and recovery.
Quest Software Acquires erwin, Inc. to Enable Organizations to Fully Harness the Business Benefits of Data (Quest) Erwin adds industry-leading data modeling, data governance, and business process modeling solutions to Quest portfolio. Organizations benefit from Quest's end-to-end capabilities to better understand and govern data in use across their enterprise...
101 Best Cyber Security Startups To Follow In 2021 (The Startup Pill) This article showcases Startup Pill's top picks for the best Cyber Security startups. These startups are taking a variety of approaches to innovating inside of the Cyber Security industry and around the world. They are all exceptional startups well worth a follow. We selected these startups for exceptional performance in one of these categories: InnovationInnovative
2020 was a record year for Israel’s security startup ecosystem (TechCrunch) The start of a new year presents the perfect opportunity to reflect on the annual performance of our focus, the Israeli cybersecurity ecosystem.
Defense Digital Service Kicks Off Third ‘Hack the Army’ Bug Bounty Challenge with HackerOne (HackerOne) Military and civilian hackers invited to discover and disclose vulnerabilities in digital assets affiliated with the largest branch of the U.S. Military
NYSE Mulls Reverting to Original Plan to Delist China Shares (Bloomberg) Possible reversal follows Mnuchin call to NYSE’s Cunningham. Exchange’s surprise announcement caught White House off guard.
More Cyber Attacks Could Spur On Insurance Space (Crunchbase News) Although investment in cyber insurance made up a small percentage of the nearly $6.5 billion invested in cybersecurity in the U.S. last year, those who watch the area think that could start to change soon, perhaps even this year.
Top 10 Must-Have Cybersecurity Skills for Career Success (SearchSecurity) What are the cybersecurity skills that advance security careers? We consulted with experts to come up with a top 10 list, including eight technical skills in high demand and two all-important soft skills.
The Top Cybersecurity Certifications in 2021 (IT Security Expert) A UK view on Cyber (IT Security) & Information Security. Covers everything Computer Security from the basics to the advanced
App Development Security is the most wanted cybersecurity skill in 2021 (Atlas VPN) According to the data presented by the [Atlas VPN](https://atlasvpn.com/) team, the fastest-growing cybersecurity skill in 2021 is Application Development Security. The demand for this competence is determined to rise by 164% in five years.
Top Internet and Data Privacy Lawyer Tod Cohen Joins O’Melveny (O’Melveny) O’Melveny announced today that one of the nation’s top data privacy and policy experts, Tod Cohen, has joined the firm as a partner.
Morrison & Foerster Elects Nine Partners (Morrison & Foerster) Morrison & Foerster, a leading global law firm, is pleased to announce the election of nine lawyers to the firm’s partnership, effective January 1, 2021. The class of 2021 includes lawyers from a wide range of thriving practices across seven offices in the U.S., Europe, and Asia.
LIFARS Appoints Gaspare J. Marturano as Chief Marketing Officer (LIFARS) LIFARS, a leading cybersecurity firm with specialized services in digital forensics, incident response, cyber resiliency, LIFARS Appoints Gaspare J. Marturano as Chief Marketing Officer
Products, Services, and Solutions
SolarWinds Orion/SUNBURST - Armis Can See Impacted Devices & Attacks | Armis (Armis) After the news broke that the U.S. Treasury, Commerce and Homeland Security had been hacked using exploits in SolarWinds Orion, more information has been coming to light almost daily. It is now clear that the exploit has been leveraged broadly by state actors and it is imperative that everyone who uses SolarWinds knows if they are vulnerable. Armis can help identify the vulnerable devices and malicious traffic & behavior associated with the breach.
Bird Levels Up Micromobility ID Verification with AU10TIX to Prevent Underage Riding (AU10TIX) Today, Bird published the following blog to announce its partnership with AU10TIX: “With great power comes great responsibility.”
Verizon indefinitely delays 3G network shutdown (Light Reading) First Verizon planned to shutter its 3G network at the end of 2019. Then it delayed that plan to the end of 2020. Now, Verizon says 'we don't have a plan to shut it down at this time.'
WatServ Provides Innovative, Multi-Cloud Solutions with Alert Logic's Managed Detection and Response Capabilities (PR Newswire) WatServ, an IT solutions provider helping organizations digitally transform their businesses through cloud technologies and services, is proud...
Coalfire Collaborates With AWS On Compliance Automation (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today announced it is working with Amazon Web Services (AWS) to deploy...
BackupAssist Partners with Wasabi to Deliver Disruptive Price and Performance Model for Cyber-Resilient Data Backup (PR Newswire) BackupAssist®, the leading provider of automated backup and recovery software for small and medium enterprises (SMEs), today announced Wasabi,...
Technologies, Techniques, and Standards
What does CMMC really mean for small businesses? (Federal News Network) The recent emergence of the Cybersecurity Maturity Model Certification initiative essentially ups the ante for its Defense Industrial Base.
Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (FDIC) AGENCY: The Office of the Comptroller of the Currency, Treasury (OCC); the Board of Governors of the Federal Reserve System (Board); and the Federal Deposit Insurance Corporation (FDIC). ACTION: Notice of proposed rulemaking. SUMMARY: The OCC, Board, and FDIC (together, the agencies) invite comment on a notice of proposed rulemaking (proposed rule or proposal) that would require a banking organization to provide its primary federal regulator with prompt notification of any “computer-security incident” that rises to the level of a “notification incident.”
Making the Business Case for Cybersecurity (My TechDecisions) As cyber attacks increase in frequency and sophistication, it's imperative that your organization invests in adequate cyber defenses.
Disclosing a security breach results in less damage (IT-Online) There is a correlation between the way a data breach is disclosed and the total financial losses an organisation experiences following a cybersecurity incident. According to a new Kaspersky report, ‘How businesses can minimise the cost of a data breach’, enterprises in the Middle East, Turkey and Africa (META) that decide to voluntarily inform their […]
Legislation, Policy, and Regulation
The U.S. Failed to Execute Its Cyberstrategy—and Russia Pounced (Foreign Affairs) Even the Best Playbook Is Useless If You Don’t Follow It
The Meddlers (Foreign Affairs) Moscow’s and Washington’s Covert Campaigns
UK's regulatory regime for big tech to take shape in 2021 – experts (S&P Global) As firms adjust to post-Brexit rules on data protection, they also face a new U.K. competition regime aimed at digital markets, and stricter local content moderation laws.
Russian Aggression Spurs Neighbors to Rebuild Defenses (Wall Street Journal) A series of moves by Russia has alarmed neighboring countries including Sweden, which has overturned decades of its own defense and foreign policy to strengthen its military and tighten ties with the U.S.
The SolarWinds hack is stunning. Here's what should be done (KCTV Kansas City) The information that is emerging about Russia's extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now
Trump bars U.S. transactions with eight Chinese apps including Alipay (Reuters) U.S. President Donald Trump on Tuesday signed an executive order banning transactions with eight Chinese software applications, including Ant Group's Alipay mobile payment app, the White House said, escalating tensions with Beijing two weeks before President-elect Joe Biden...
Trump Issues New Ban on Alipay and Other Chinese Apps (Wall Street Journal) In the executive order, the president said the apps can access private information from their users, which could be used by the Chinese government.
US-Built Center in Cyprus to Offer Region Security Training (SecurityWeek) A U.S.-funded center in Cyprus will help train officials from countries in the eastern Mediterranean region and the Middle East on the latest techniques in border, customs, maritime and cyber security.
10 Dos and Don'ts for Government Cybersecurity Leaders (Government Technology) The new decade offers more challenges for cybersecurity leaders than ever, from tracking evolving threats to navigating budget constraints. Keep these best practices in mind for effective security management.
Biden transition team names White House tech officials (FedScoop) The Biden transition team announced two familiar faces from the Obama White House to serve in tech roles for the incoming administration.
Litigation, Investigation, and Law Enforcement
UK judge denies bail for WikiLeaks founder Julian Assange (CNN) A British judge denied bail for WikiLeaks founder Julian Assange, just days after she rejected a US request to extradite him to America.
81,000 UK-owned .eu domains suspended as Brexit transition ends (ZDNet) The UK lost its right to a .eu website when it left the European bloc, leaving many domain name owners in limbo.
Over 80,000 UK-registered .eu websites and related emails stop working due to Brexit (Computing) British nationals or organisations who shifts their domain's registration address to somewhere in the EU are eligible to retain their domain
Pa. Convenience Store Data Breach Suit Is Trimmed (Law360) A Pennsylvania federal judge on Tuesday trimmed a proposed class action alleging a chain of gas stations and convenience stores failed to protect customers' financial information amid a 2018 data breach, but found that most of the claims can survive dismissal this early in the case.