Hanoi getting into cryptojacking? Dormant sites awaken. Crooks serve Gootkit and REvil. CFAA under Supreme Court review.

Dateline

2021 Forecasts: Six Trends And Predictions For The New Year (Digital Shadows) This year has been a real doozy, y’all. From ransomware capitalizing on extortion and operators compromising thousands of organizations, the COVID-19 pandemic forcing organizations to shift to work-from-home solutions at the drop of a hat, to the dumpster fire of misinformation observed from nation-state threat actors and cybercriminals,

Sequitur Labs Predicts Accelerated Smart Device Innovation Driven by Massive IoT Growth in 2021 (BusinessWire) Sequitur Labs Predicts Accelerated Smart Device Innovation Driven by Massive IoT Growth in 2021

Netwrix Expert Makes 7 Cybersecurity Predictions for 2021 (PR Newswire) Netwrix, a cybersecurity vendor that makes data security easy, today released predictions about key trends that will impact organizations in...

SolarWinds: Looking ahead to a post pandemic future (ITP) We spoke with SolarWinds Head Geek Sascha Giese about how businesses across the region are adapting to life in the post-pandemic world

Das sind die Security-Trends für den Channel (IT-BUSINESS) Der Markt für IT-Sicherheit ist auf einem Allzeithoch. Aus Hersteller- und Partnersicht zeigt sich, dass Fachkräftemangel und Security Awareness weiterhin eine große Rolle spielen, die Umstellung auf Remote Work aber auch neue Themen aufbringt.

Cybersecurity expert offers safety tips for online holiday shopping (VT News) The surge for online shopping brings heightened cybersecurity risks for consumers this holiday season during the COVID-19 pandemic.

How to stay safe while shopping online during Cyber Monday (Komando.com) If you plan on shopping online during Cyber Monday, follow these safety steps to protect yourself this year.

2020's worst cryptocurrency breaches, thefts, and exit scams (ZDNet) Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year.

The biggest hacks, data breaches of 2020 (ZDNet) A pandemic is no reason for hackers to hold off cyberattacks against everything from government bodies to healthcare providers.

Cyber Attacks, Threats, and Vulnerabilities

Vietnam-Linked Cyberspies Use New macOS Backdoor in Attacks (SecurityWeek) Trend Micro’s security researchers have identified a new macOS backdoor that they believe is used by the Vietnamese threat actor OceanLotus.

State-backed threat group using crypto mining malware to evade detection and monetise compromised networks (Computing) There's a growing trend for state-backed APT groups to carry out financially-motivated crimes, alongside their usual espionage operations

Vietnamese State Hackers Deploy Coin Miners to Victims (Infosecurity Magazine) APT32 mining for Monero as it steals sensitive info

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them (Microsoft Security) BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. The group's use of coin miners was unexpected, but it was consistent with their longtime methods of blending in.

Dozens of Dormant North American Networks Suspiciously Resurrected at Once (SecurityWeek) More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals

DarkIRC bot exploits recent Oracle WebLogic vulnerability (Official Juniper Networks Blogs) Juniper Threat Labs is seeing active attacks on Oracle WebLogic software using CVE-2020-14882. This vulnerability, if successfully exploited, allows unauthenticated remote code execution. As of this writing, we found 3,109 open Oracle WebLogic servers using Shodan. We are seeing at least five different variants of attacks/payload. For the purpose of this blog, we will focus on one particular payload that installs a bot called DarkIRC. This bot performs a unique command and control domain generation algorithm that relies on the sent value of a particular crypto wallet. This bot is currently being sold on hack forums for $75USD.

GO SMS Pro Vulnerable to File Theft: Part 2 (Trustwave) Last week we released an advisory about an SMS app called GO SMS Pro. Media files sent via text in the app are stored insecurely on a publicly accessible server. With some very minor scripting, it is trivial to throw a wide net around that content. While it's not directly possible to link the media to specific users, those media files with faces, names, or other identifying characteristics do that for you.

German users targeted with Gootkit banker or REvil ransomware (Malwarebytes Labs) After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

IoT chip maker Advantech confirms ransomware attack, data theft (BleepingComputer) Industrial automation and Industrial IoT (IIoT) chip maker Advantech confirmed a ransomware attack that hit its network and led to the theft of confidential, albeit low-value, company documents.

Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand (Threatpost) The ransomware group has leaked stolen data to add pressure on the company to pay up.

It's hard to keep a big botnet down: TrickBot sputters back toward full health (CyberScoop) Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving.

‘I want blood’: Rachel Maddow’s audience fired up over NYT story baselessly accusing ‘Russian hackers’ of attacking US hospital (RT International) Accusing Russia of hacking anything from the 2016 election to US cancer hospitals may be fun and games for MSNBC host Rachel Maddow, but when her audience responds by demanding apocalypse, the shtick stops being funny.

WebKit Vulnerabilities Allow Remote Code Execution via Malicious Websites (SecurityWeek) The WebKit browser engine is affected by several vulnerabilities, including ones that can be exploited for remote code execution by convincing the targeted user to visit a malicious website

Credit card skimmer fills fake PayPal forms with stolen order info (BleepingComputer) A newly discovered credit card skimmer uses an innovative technique to inject highly convincing PayPal iframes and hijack the checkout process on compromised online stores.

SD-WAN Product Vulnerabilities Allow Hackers to Steer Traffic, Shut Down Networks (SecurityWeek) Vulnerabilities discovered by researchers in SD-WAN products from Silver Peak (now owned by HP), Cisco, Citrix and VMware can be exploited to steer traffic or completely shut down a company’s network.

Baltimore County public school classes to resume Wednesday following ransomware attack (Baltimore Sun) Baltimore County public schools will restore online classes for all students Wednesday after an extensive ransomware attack paralyzed the school system’s network last week.

Huntsville City Schools closing early for cyber threat (al.com) Huntsville City Schools is closing early because of an unspecified "cyber threat"

CPS elementary students received flood of ‘inappropriate’ emails, district says (Chicago Sun-Times) An initial message sparked an email chain riddled with profanity and question marks.

Surprising findings: K-12 vulnerabilities. (Armis) Device vulnerabilities are exposing K-12 school districts to attack and cyber criminals have wasted no time in exploiting them, having even gone so far as to demand ransoms from school districts. In this blog we’ll share some first hand and very surprising findings from recent experiences working with K-12 school environments across the U.S. highlighting how Armis addresses the issue.

Disruption Continues Two Weeks After Manchester United Cyber-Attack (Silicon UK) Manchester United has confirmed it was struck by a 'sophisticated' cyber-attack but declined to comment on reported ransom demands

Notice of Data Incident (Fairchild Medical Center) Fairchild Medical Center (“FMC”) is notifying individuals of an event that may affect the security of some personal information. While, to date, we have no evidence that information has been misused, we are providing information about the event, our response to it, and resources available to help protect information.

Absa employee at the centre of a data breach (CapeTown ETC) Personal information of some Absa customers were shared to external parties due to an isolated internal data leak at the bank by an employee.

Malicious dark web activity unevenly prevalent in free nations, researchers find (VT News) Eric Jardine, an assistant professor of political science, sought to understand the prevalence of internet users employing the dark web for malicious purposes in nations across the globe. The findings present a variety of consequences.

Vulnerability Summary for the Week of November 23, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Amazon: Here's what caused the major AWS outage last week (ZDNet) AWS explains how adding a small amount of capacity to Kinesis servers knocked out dozens of services for hours.

AWS apologises for cloud outage from Amazon Kinesis (CRN Australia) Outage caused by capacity increase on Amazon’s Kinesis server fleet.

Cyber Trends

XDR at the Center of the New SOC (Hunters) Read the key takeaways from ESG’s most recent survey report “The Impact of XDR in the Modern SOC” and learn why XDR is redefining secops.

The Impact of XDR in the Modern SOC (Hunters) Download this 2020 ESG survey e-book to learn about new needs for extended detection and response (XDR) in the modern SOC

Annual Sumo Logic Continuous Intelligence Report (Techwire.net) The state of modern applications and DevSecOps during the COVID-19 global pandemic

The US Is Number One for Data Theft (PCMAG) Uswitch’s data-breach report names the US the data theft capital of the world, outranking China, India, and the UK.

Over 600 Japan entities hit by cyberattacks amid rise in telework (The Japan Times) The National Police Agency also said it has had 46 cases of unauthorized access since August last year.

Marketplace

EclecticIQ raises €20 million in Series C funding (PR Newswire) EclecticIQ, a global threat intelligence, hunting and response technology provider, has raised €20 million ($24 million) in Series C financing,...

Plume Acquires Network and Security Intelligence Specialist Walleye Networks (PR Newswire) Smart Home Services pioneer Plume® has acquired Walleye Networks, a Canadian network and security intelligence solutions provider specializing...

Kinetic Investments Seeks to Empower PrivacySavvy, a Startup Cybersecurity Resource Center (WBOC) London based Investment company Kinetic Investments has shaken hands with PrivacySavvy as part of their latest venture. PrivacySavvy is a startup digital resource center...

Avatier Joins Cloud Security Alliance (AiThority) Avatier Corporation, announced that it has joined the Cloud Security Alliance (CSA), the world's leading organization.

Laura J. Schumacher Joins CrowdStrike’s Board of Directors (StreetInsider.com) CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint and workload protection, today announced the appointment of Laura J. Schumacher to its board of...

Exabeam Appoints Sherry Lowe as Chief Marketing Officer (BusinessWire) Exabeam today announced the appointment of Sherry Lowe to CMO.

Keeper Bolsters its Executive Team with Two Cybersecurity Industry Veterans, Fueling its Growth Plans for 2021 (Cherokee Tribune Ledger News) Keeper Security, provider of the highly-rated cybersecurity platform for preventing password-related data breaches and cyberthreats, announced today the appointment of two key additions to

Products, Services, and Solutions

Trend Micro launches cloud native security solution for modern applications and APIs (Security Brief) “Application security is an invaluable part of the Cloud One platform, integrating technology to provide superior protection for customers deploying applications wherever it makes the most sense for them.

Platform Transitions from Asset Tracking to Contact Tracing (Manufacturing.net) Siemens re-engineered the platform to provide contact tracing within manufacturing facilities, including their own.

Microsoft Defender for Identity can now detect Zerologon attacks (teiss) Microsoft Defender for Identity solution is now able to detect Zerologon, an exploit against a vulnerability in the Netlogon Remote Protocol.

Cyware Launches CTIX Lite, a Lightweight Threat Intelligence Solution for Small to Mid-sized Security Teams (PR Newswire) Cyware, the leading provider of threat intelligence and cyber fusion solutions, announced the launch of their latest solution - CTIX Lite. CTIX...

Cofense Launches New Community Resource Center to Enhance Customer Experience (BusinessWire) Formerly known as Community, Cofense has launched a new Resource Center exclusively for customers to grow existing phishing awareness strategies.

IRONSCALES Announces Integrations with Microsoft Teams and Slack (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced integrations with Microsoft Teams and Slack, to natively notify security teams

NetMotion Announces Global Availability of SASE Platform (PRWeb) Security vendor NetMotion today announced the general availability of its new secure access service edge (SASE) platform as a cloud-hosted offering. Available si

Legislation, Policy and Regulation

Starting today, new privacy law delivers six major changes (Reseller News) The new Privacy Act 2020 comes into force today, ushering in new obligations on organisations and businesses when handling personal information.

Huawei ban timeline: UK to halt installation of company's 5G gear this fall (CNET) Here's a breakdown of the controversial Chinese telecom and phone maker's saga so far.

Britain’s unravelling China policy comes under fresh scrutiny amid decision to remove Huawei from 5G network (MSN) Britain’s unravelling China policy has come under renewed critical scrutiny by a former senior Australian politician who condemned London’s previous trade-focused approach towards Beijing, which he said put money above security and allies. It comes amid an announcement that all installation of Huawei equipment in the 5G network will be stopped in nine months. The further Huawei restriction from next September was announced by culture secretary...

There's A New Front In US-China Trade And Tech War - Analysis (Eurasia Review) By Aarshi Tirkey In little over a year, the Trump administration has taken a broad range of measures to restrict Chinese technology, investments, goods

FCC Chairman Ajit Pai will step down on January 20th (The Verge) Ajit Pai is best known for his role in undoing Obama-era net neutrality rules. More recently, he oversaw the merger of T-Mobile and Sprint. He served for the duration of the Trump administration and plans to step down when President-elect Joe Biden is inaugurated.

FCC Chairman Ajit Pai to Step Down as Democrats Return to Commission Leadership (PCMAG) Reportedly, sitting FCC Commissioner Jessica Rosenworcel, a Democrat and net neutrality supporter, is among the leading candidates to succeed Pai after he steps down next month.

FCC Chairman Ajit Pai to Exit Commission After President-Elect Biden Takes Office (Variety) Ajit Pai, the Trump-appointed Republican chairman of the FCC, announced that he will leave the agency on Jan. 20, 2021, when president-elect Joe Biden is sworn into office. Pai’s exit, which …

Litigation, Investigation, and Enforcement

Supreme Court Weighs Breadth of Computer Hacking Law (Wall Street Journal) When a Georgia police officer ran a license plate check in 2015 for an acquaintance who paid him for the favor, he received a felony conviction—and set the stage for a hotly debated Supreme Court case about the sweep of federal law on computer hacking.

The Cybersecurity 202: The Supreme Court may finally rein in an outdate anti-hacking law (Washington Post) The Supreme Court may be ready to rein in the nation’s main anti-hacking law, which Congress hasn't revised since 1986 and which has bedeviled cybersecurity researchers almost since the birth of the Internet.

Justices Unsure If 'Dangerously Vague' CFAA May Do Harm (Law360) Several U.S. Supreme Court justices appeared open Monday to claims that the scope of the Computer Fraud and Abuse Act is "dangerously vague," and could criminalize innocuous online activity, in a case with immediate consequences for employees charged with abusing access to networks and potential ramifications for millions of everyday internet users.

Fired Official Says Correcting Trump's Fraud Claims The 'Right Thing To Do' (NPR.org) Christopher Krebs, who led the federal government's efforts to secure the 2020 election, called the operation near seamless despite President Trump's claims to the contrary.

Trump slams 60 Mins for 'ridiculous, one-sided' interview (MSN) The top U.S. cybersecurity official fired by Republican President Donald Trump for saying the Nov. 3 election...