Solorigate updates. Congress has a long course of post-riot IT security remediation ahead.

Cyber Attacks, Threats, and Vulnerabilities

Hamas May Be Threat to 8chan, QAnon Online (KrebsOnSecurity) In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company,…

Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports (SecurityWeek) Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports.

SolarWinds Orion: The Weaponization of a Network Management System (Control Global) The SolarWinds Orion platform is essentially a SCADA system for network management. Almost all guidance on addressing SolarWinds has focused on IT or Operational Technology (OT) networks.

Further Fall-Out from Russian Hacking of SolarWinds (The National Law Review) U.S. intelligence agencies, including the FBI, the Office of the Director of National Intelligence, the National Security Agency and the Cybersecurity and Infrastructure Security Agency, have confirme

Sealed U.S. Court Records Exposed in SolarWinds Breach (KrebsOnSecurity) The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.

Corporate Secrets at Risk in Hack of U.S. Courts Documents (Bloomberg Law) A cyberhack of the U.S. federal courts filing system puts at risk a range of highly sensitive competitive and financial information and trade secrets, including companies’ sales figures, contracts, and product plans, attorneys said.

SolarWinds hackers had access to over 3,000 US DOJ email accounts (BleepingComputer) The US Department of Justice said that the attackers behind the SolarWinds supply chain attacks have gained access to roughly 3% of the department's Office 365 email inboxes.

FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack (Dark Reading) CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.

SolarWinds hack: Who’s to blame? It’s complicated. (TechBeacon) The moral of the story? Recruit smart people—and pay them what they’re worth.

Webcast: Discussing Implications of the SolarWinds Breach(es) (Black Hills Information Security) Does the news on SUNBURST and SUPERNOVA have you feeling like you’re flapping in the (Solar)Wind? Join John Strand, Jonathan Ham, and Jake Williams as they discuss the implications of the breaches in this no-FUD webcast. No, we won’t be discussing “cyber Pearl Harbor” – because lets be honest, that’s just hyperbole. Join us to […]

Cybersecurity and the Occupation of the Capitol (Lawfare) This siege has created potentially serious cyber risks for Congress and other affected offices.

Cybersecurity fears loom behind Capitol breach (Axios) Files, emails and other data lifted from lawmakers could have enormous value to bad actors.

The siege of the US Capitol was a disaster for congressional cybersecurity — and experts say Congress will likely have to wipe all its computers and rebuild from scratch (Business Insider) The insurrection Wednesday by Trump supporters also created a cybersecurity disaster that the government must address.

Decrypted: How bad was the US Capitol breach for cybersecurity? (TechCrunch) This week's Decrypted focuses on the aftermath of Trump supporters storming the Capitol, and looks at the latest response to the SolarWinds attack.

Capitol Hill Mob Accessed Congressional Computers—‘Consider Them All Compromised’ (Forbes) Trump supporters may’ve stolen sensitive data from computers and hard drives, as experts warn Capitol Hill cybersecurity was already patchy.

Capitol riots are ‘worst case scenario’ says cybersecurity expert (The Independent) ‘When such a large group of unidentified people has physical access to your unlocked systems and network connections [it] means you can’t trust them anymore’

Capitol riots raise urgent concerns about Congress's information security (CNN) Digital security experts are raising the alarm over Wednesday's breach of the US Capitol, which not only threatened lawmakers' physical safety but also created potential national security and intelligence risks, they say.

Rioters Open Capitol's Doors to Potential Cyberthreats (BankInfo Security) The massive pro-Trump demonstrations that saw large crowds riot and then occupy the U.S. Capitol building in Washington pose a significant potential cybersecurity

White House Condemns Violence at Capitol, Assures 'Orderly Transition of Power' (Epoch Times) The White House condemned the violence that took place Wednesday at the U.S. Capitol and assured there will be an "orderly transition of power."

North Korean hackers launch RokRat Trojan in campaigns against the South (ZDNet) A North Korean hacking group is utilizing the RokRat Trojan in a fresh wave of campaigns against the South Korean government.

'Earth Wendigo' Hackers Exfiltrate Emails Through JavaScript Backdoor (SecurityWeek) Trend Micro said "Earth Wendigo" hackers are targeting multiple organizations, including government entities, research institutions, and universities in Taiwan

Earth Wendigo Injects JavaScript Backdoor for Mailbox Exfiltration (Trend Micro) We discovered a new campaign we named Earth Wendigo that has been targeting several organizations in Taiwan - since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely used in Taiwan.

Ryuk gang estimated to have made more than $150 million from ransomware attacks (ZDNet) Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi.

Ryuk ransomware Bitcoin wallets point to $150 million operation (BleepingComputer) Security researchers following the money circuit from Ryuk ransomware victims into the threat actor's pockets estimate that the criminal organization made at least $150 million.

Malicious Shell Script Steals AWS, Docker Credentials (Trend Micro) In past cryptocurrency mining attacks, malicious shell scripts were commonly used as downloaders. However, recent cases show that these scripts are now used for other purposes such as stealing credentials.

Ezuri Memory Loader Abused in Linux Attacks (SecurityWeek) Ezuri Memory Loader Abused in Linux Attacks

December 2020’s Most Wanted Malware: Emotet Returns as Top Malware Threat (Check Point Software) Our latest Global Threat Index for December 2020 has revealed that the Emotet trojan has returned to first place in the top malware list, impacting 7% of

Dental Network Accused of Losing Patient Info in Breach (1) (Bloomberg Law) A national dental network was hit with a proposed class action alleging it breached its fiduciary duty and invaded patients’ privacy by failing to protect customer data and insurance information from a data breach last year.

Hacker sells Aurora Cannabis files stolen in Christmas cyberattack (BleepingComputer) A hacker is selling the data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas day.

Report: Vast majority of data breaches reported to HHS occur among providers (MedCity News) A new report, from cybersecurity firm Fortified Health Security, shows that nearly 200 more data breaches occurred in the first 10 months of 2020 compared with the year prior — around 80% of which targeted providers.

Farms are Great Targets for Hackers (Farms.com) What would happen if farm data was stolen or hackers turned off the barn ventilator on a hot day?

RFID Proximity Cloning Attacks - Black Hills Information Security (Black Hills Information Security) Ray Felch // Introduction While packing up my KeyWe Smart Lock accessories, and after wrapping up my research and two previous blogs “Reverse Engineering a Smart Lock” and “Machine-in-the-Middle BLE Attack”, I came across a couple of KeyWe RFID tags. Although I was somewhat already familiar with RFID (Radio Frequency ID) technology, I decided this […]

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking (Threatpost) Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

Delta Electronics CNCSoft-B (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Untrusted Pointer Dereference, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to arbitrary code execution.

Eaton EASYsoft (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.8 Vendor: Eaton Equipment: EASYsoft Vulnerabilities: Type Confusion, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to modify or crash the program.

Omron CX-One (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution.

Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: FOX615 Multiservice-Multiplexer Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker remote access to the device without authentication.

Innokas Yhtymä Oy Vital Signs Monitor (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Innokas Yhtymä Oy Equipment: Vital Signs Monitor VC150 Vulnerabilities: Cross-site Scripting, Improper Neutralization of Special Elements in Output Used by a Downstream Component 2.

Hackney Council stolen data published on dark web forum (Computing) Pysa ransomware group has claimed the responsibility for the cyber attack launched last year

Hackney council files including alleged passport documents leaked online after cyber attack (Sky News) The attack has coincided with the pandemic to severely disrupt housing services in the East London council.

Months after this 'serious' cyberattack, stolen data has been leaked online by hackers (ZDNet) The information that was stolen has been published to the dark web.

Delco details cyber attack, admits paying ransom (The Delaware County Daily Times) Delaware County Chief Information Officer Frank Bilotta updated county council during its regular meeting Wednesday night on a cybersecurity breach earlier this year.

New data breach exposes Mirror Trading International’s top earners (My Broadband) The data leak, which is available online, includes information about the top 200 earners in MTI.

Cyber Trends

Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020 (Dark Reading) Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.

Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020 (ZDNet) Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families.

Marketplace

Managed Intelligence Provider Nisos Raises $6 Million to Counter Disinformation and Cyber Threats (BusinessWire) Managed intelligence provider Nisos announces funding to counter disinformation and cyber threats. Company names new CEO to propel expansion.

F5 to Acquire Volterra in Deal Valued at $500 Million (SecurityWeek) F5 Networks agreed to acquire Volterra, a Santa Clara, Calif.-based provider of tools that help customers deploy applications and build clouds across multiple cloud providers or their own edge location

RedHat is acquiring container security company StackRox (TechCrunch) RedHat today announced that it’s acquiring container security startup StackRox . The companies did not share the purchase price. RedHat, which is perhaps best known for its enterprise Linux products has been making the shift to the cloud in recent years. IBM purchased the company in 2018 for …

Fairfax tech company acquires Herndon intelligence services firm (Virginia Business) Fairfax-based federal technology company Axiologic Solutions LLC announced Thursday it has acquired Herndon-based intelligence services firm Knowledge Link. It is Axiologic’s first acquisition. Financial terms of the transaction were not disclosed, but the acquisition will nearly double the size of Axiologic, according to a company statement. “Through the combination of Axiologic and Knowledge Link, we’ll…

It’s time to deplatform Trump (The Verge) After today, platforms should finally see the moral clarity about their role in world events.

Michelle Obama calls on Silicon Valley to permanently ban Trump and prevent platform abuse by future leaders (TechCrunch) In a new statement issued by former First Lady Michelle Obama, she calls on Silicon Valley specifically to address its role in the violent insurrection attempt by pro-Trump rioters at the U.S. Capitol building on Wednesday. Obama’s statement also calls out the obviously biased treatment that …

Facebook and Instagram block #StormTheCapitol, lock Trump out of posting for 24 hours (TechCrunch) After removing a video in which President Trump praised a violent group of his supporters who broke into the U.S. Capitol building, Facebook is rolling out a new set of rules in response to the day’s shocking events. Both Facebook and Instagram also announced that the president would be locke…

The other reason Facebook silenced Trump? Republicans just lost their power. (Protocol) Yes, the president's acts were unprecedented. But Facebook is also preparing for a new Washington, controlled by Democrats.

Facebook Forced Its Employees To Stop Discussing Trump's Coup Attempt (BuzzFeed News) “What excuse did we use not to ban him this time?”

Even Mark Zuckerberg Has Had Enough of Trump (Wired) By freezing the president’s accounts, social media platforms finally drew a line. It only took a violent insurrection in the Capitol to get them there.

YouTube says it will punish Trump and other channels that continue to spread election lies (The Verge) YouTube is taking more aggressive action against 2020 election misinformation.

Twitch disables Trump’s account indefinitely (The Verge) The company says it will reassess Trump’s account after he leaves office.

TikTok bans videos of Trump inciting mob, blocks #stormthecapital and other hashtags (TechCrunch) For obvious reasons, Trump doesn’t have a TikTok account. But the president’s speeches that helped incite the mob who yesterday stormed the U.S. Capitol will have no home on TikTok’s platform. The company confirmed to TechCrunch its content policy around the Capitol riots will see…

Shopify Takes Trump Organization and Campaign Stores Offline (Wall Street Journal) Online stores run by the Trump Organization and Trump campaign were taken offline on Thursday by the e-commerce software provider, which said President Trump violated company policy against promoting violence.

Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant (Reuters) The company used by hackers as a springboard for the worst-known breach of U.S. government computers in at least five years has hired some of the biggest names in security to help it recover.

St. Louis Character: How Jarrett Kolthoff found his niche in cybersecurity (St. Louis Business Journal) Jarrett Kolthoff is president and CEO of St. Louis-based cybersecurity and counterintelligence firm SpearTip, which helps protect organizations from digital attacks.

Heather Hinton joins RingCentral as CISO (Security Magazine) RingCentral announced that industry security veteran, Heather Hinton has joined as the company’s Chief Information Security Officer (CISO). Hinton joins RingCentral from IBM, where she spent 13 years in various leadership positions, most recently as vice president and IBM distinguished engineer, and CISO for the company’s Cloud and Cognitive Software business unit.

Malwarebytes promotes Thomas R. Fox to President (Help Net Security) Malwarebytes has announced Thomas R. Fox, its current chief financial officer, has been promoted to President.

Products, Services, and Solutions

Actionable Threat Intelligence Available for Sunburst Cyber Attacks on SolarWinds (Anomali) On Dec. 13, FireEye published a detailed analysis about the attack carried out against SolarWinds, which appears to have compromised its Orion IT monitoring and management platform to spread the Sunburst Backdoor malware.

Detecting Sunburst (AKA the SolarWinds Compromise) With RITA and AI-Hunter (Active Countermeasures) Intro By now you’ve seen multiple news reports that FireEye, NASA, the Pentagon, the Treasury and Commerce departments, and possibly even the White […]

Kubernetes Security Essentials Course Now Available (Linux Foundation - Training) Today Linux Foundation Training & Certification and the Cloud Native Computing Foundation are announcing the availability of our newest training course, LFS260 – Kubernetes Security Essentials. The course provides skills...

Motorola (MSI) Enhances Cybersecurity Services for Public Safety (Nasdaq) In a bid to curb the rising incidences of cyber threats, Motorola Solutions, Inc. MSI recently announced the inclusion of additional services to its cybersecurity services portfolio.

Texas Security Bank increases cybersecurity precautions (Dallas Business Journal) The bank has partnered with several third-party vendors to up its defense against cyber attacks.

Technologies, Techniques, and Standards

Defending against SolarWinds attacks: What can be done? (SearchSecurity) Security experts and vendors weigh in on a defense strategy against nation-state hackers such as Cozy Bear, suspected to be responsible for the SolarWinds attacks. To combat the threat, experts recommend methods like zero trust, behavioral monitoring and account protections.

Washington Sets IoT Cybersecurity Standards (Semiconductor Engineering) Recent movements toward more stringent IoT security requirements are encouraging, but are they enough?

How Changing Data Privacy Laws Affect Retail Consumer Trust (PRWeb) Messaging Architects, an eMazzanti Technologies Company and data governance consultant, explains how what consumers and retailers both want, transparent dat

How to Spot a Phishing Email (and What to Do if You Took the Bait) (Money) Take a moment to check for these red flags.

Legislation, Policy and Regulation

Even Small Nations Have Jumped into the Cyber Espionage Game (Dark Reading) While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a zero-click iMessage exploit that targeted journalists last year.

For Chinese firms, theft of your data is now a legal requirement (TheHill) Cooperating with Chinese firms means cooperating with the Communist Party and its predatory mining of data and other property.

Vietnam ramps up crackdown on dissent ahead of Communist Party congress (South China Morning Post) The harsh jail terms given to three journalists this week, including prominent activist Pham Chi Dung, are just the latest in a string of sentences handed out to critics.

The known unknowns of post-Brexit data transfers (Computing) With many aspects of the trade deal still to be ratified, organisations that transfer data to and from the EU need to start preparing now

The Cybersecurity 202: U.S. government ability to protect itself from Russian hackers has gotten worse, experts say (Washington Post) The U.S. government's ability to protect itself from Russian hackers has gotten worse, according to a majority of experts surveyed by The Cybersecurity 202.

State Department sets up new bureau for cybersecurity and emerging technologies (TheHill) Secretary of State Mike Pompeo on Thursday approved the creation of a new office at the State Department to address cybersecurity and emerging technologies.

Pompeo approves new cyber-security bureau, citing threats from N. Korea, others (Yonhap News Agency) By Byun Duk-kun WASHINGTON, Jan. 7 (Yonhap) -- U.S. Secretary of State Mike Pompeo has a...

Warner: White House 'again' holding back on naming Russia (FCW) The Virginia Democrat, who is set to become the chairman of the intelligence committee, also called a 'full sum review' of reporting obligations by public and private sector entities following cybersecurity breaches.

Feds Issue Recommendations for Maritime Cybersecurity (Threatpost) Report outlines deep cybersecurity challenges for the public/private seagoing sector.

White House Publishes Maritime Cybersecurity Strategy (Washington Post) A White House plan for enhancing maritime cybersecurity warns that the sector’s growing reliance on technology has introduced previously unknown risks.

Trump Executive Order Bans 8 More Chinese Apps (GovInfo Security) Although two earlier executive orders from President Donald Trump banning the use of the Chinese-made apps TikTok and WeChat are still hung up in the courts, the

WSJ News Exclusive | U.S. Weighs Adding Alibaba, Tencent to China Stock Ban (Wall Street Journal) Federal officials have discussed expanding a blacklist of companies off limits to U.S. investments over concerns about ties to Chinese authorities.

FCC chairman withdraws plans to revise social-media liability shield (NASDAQ:FB) (SeekingAlpha) FCC Chairman Ajit Pai is backing away from a effort to change up regulations of social media - defying a request from President Trump that he revise the companies' liability shield.

Biden's pick as White House cyber czar provides critical federal leadership and diversity (SC Media) NSA's Anne Neuberger will assume her new role on the heels of some other shifts among cyber leaders: John Costello resigned as deputy assistant secretary for intelligence and security at the Commerce Department, and ousted CISA director Chris Krebs is heading to SolarWinds.

Army Reserve Gets First Cyber General (Infosecurity Magazine) United States Army promotes first Army Reserve cyber officer to brigadier general

Litigation, Investigation, and Enforcement

The catastrophic police failure at the US Capitol, explained (Vox) Police failed to stop a mob from storming the halls of Congress. Lawmakers want to know why.

Platforms Must Pay for Their Role in the Insurrection (Wired) Facebook, Twitter, and YouTube have spent years fomenting and enabling yesterday’s violence at the Capitol. Policymakers need to do something about it.

Extremists consider Capitol raid a success, UNO counterterrorism expert says (Omaha.com) The Trump-supporting extremist groups who led Wednesday's raid on the U.S. Capitol are pleased with the results said the leader of a new counterterrorism center at the University of Nebraska

Capitol Rioters Planned for Weeks in Plain Sight. The Police Weren’t Ready. (Defense One) Insurrectionists made no effort to hide their intentions, but law enforcement protecting Congress was caught flat-footed.

The Rioters Who Took Over The Capitol Have Been Planning Online In The Open For Weeks (BuzzFeed News) The mob that forced Congress to flee organized on both obscure and mainstream sites.

ADHA sees 'inconsequential' My Health Record data breach notices eroding trust (iTnews) Calls for lesser need to disclose.

British Airways Plans £3bn Breach Settlement (Infosecurity Magazine) British Airways to start £3bn settlement discussions over data breaches affecting 500,000 customers

Huawei appeals Swedish court decision over 5G network exclusion (Reuters) Huawei has appealed against a court decision that allowed Swedish telecoms regulator PTS to resume 5G spectrum auctions when the Chinese telecom equipment maker is excluded from the country's 5G rollout. A Swedish court on Dec. 16 backed an appeal by PTS against a ruling...

The Institute for Security and Technology (IST) Launches Multi-Sector Ransomware Task Force (RTF) (Institute for Security and Technology (IST)) The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is today launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.

Russian hacker gets 12 years in massive data theft scheme (AP NEWS) A prolific Russian hacker who stole data from over a dozen U.S. companies and information about over 100 million U.S. consumers was sentenced Thursday to 12 years in prison after...

Russian Hacker Who Hit JPMorgan Gets 12 Years In Prison (Law360) A Manhattan federal judge sentenced Russian hacker Andrei Tyurin to 12 years in prison Thursday, cutting off time from a request by prosecutors for a term in the range of 17 years for what they describe as the "brazen and prolific" hack of 80 million JPMorgan Chase customers.

Belden Sued Over Data Breach Affecting Workers (Law360) Networking equipment vendor Belden Inc. is facing an Illinois state court suit claiming the company failed to protect its employees' personal information well enough to prevent a November data breach, which it also took too long to publicly disclose.

Ill. Chocolate Supplier Hit With Biometric Privacy Claims (Law360) The largest cocoa processor and ingredient chocolate supplier in North America faces putative class claims that it violated Illinois' landmark biometric privacy law by requiring workers to scan their fingerprints to clock in and out of work without first getting written permission and making required disclosures.

Solorigate updates. Congress has a long course of post-riot IT security remediation ahead.

Aerospace news worthy of attention.