This posting is here to collect cyber security news December 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
175 Comments
Tomi Engdahl says:
The government has interpreted a high-profile provision of the Patriot Act as empowering F.B.I. national-security investigators to collect logs showing who has visited particular web pages, documents show.
But the government stops short of using that law to collect the keywords people submit to search engines because it considers such terms to be content that requires a warrant to gather, according to letters produced by the Office of the Director of National Intelligence.
U.S. Used Patriot Act to Gather Logs of Website Visitors
https://www.nytimes.com/2020/12/03/us/politics/section-215-patriot-act.html
A disclosure sheds new light on a high-profile national security law as lawmakers prepare to revive a debate over it in the Biden administration.
A longstanding debate over F.B.I. national security investigations and Americans’ privacy is set to resume under President-elect Joseph R. Biden Jr.
Tomi Engdahl says:
My Phone Was Spying on Me, so I Tracked Down the Surveillants
Kategori:English-articles
Skrevet av Martin Gundersen 3. desember 2020
https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/
There are 160 apps on my phone. What they’re actually doing, I don’t know. But I decided to find out.
It is a common refrain that commercial surveillance is not that scary: “It’s just used for ads.” But there are now many who are interested in the digital exhaust of our phones.
Recently the publication Vice Motherboard uncovered that the U.S. military buys location data and that a Muslim prayer app sent user location data to military contractors.
“It feels like a betrayal,” was the reaction from a local leader of the Council on American-Islamic Relations.
Journalists in the NRK are asked to think twice before taking their phone along when meeting confidential sources for a reason. Authorities may get access to information about our whereabouts, even without court approval.
If my location data gets into the wrong hands, it may have consequences for others than myself. That is a constant fear – that someone who has told me something in confidence could get exposed.
Tomi Engdahl says:
Metro Vancouver’s transit system hit by ransomware attack
https://globalnews.ca/news/7499986/translink-suspicious-network-activity-update/
Following a shutdown caused by an apparent ‘ransomware’ attack, some TransLink services like online route planning and Compass Card refills by credit and debit cards remain offline. Jordan Armstrong reports.
Tomi Engdahl says:
https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html?m=1
Tomi Engdahl says:
Hackers target EU Commission, COVID-19 cold chain supply orgs
https://www.bleepingcomputer.com/news/security/hackers-target-eu-commission-covid-19-cold-chain-supply-orgs/
Tomi Engdahl says:
Google Hacker Details Zero-Click ‘Wormable’ Wi-Fi Exploit to Hack iPhones
https://thehackernews.com/2020/12/google-hacker-details-zero-click.html
Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical “wormable” iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi.
Tomi Engdahl says:
U.S. Used Patriot Act to Gather Logs of Website Visitors
https://www.nytimes.com/2020/12/03/us/politics/section-215-patriot-act.html
Tomi Engdahl says:
https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
Tomi Engdahl says:
US-based hacker fighter FireEye says breached by elite attackers
https://money.yahoo.com/us-based-hacker-fighter-fireeye-012446424.html
Tomi Engdahl says:
FireEye Says ‘Sophisticated’ Hacker Stole Red Team Tools
https://www.securityweek.com/fireeye-says-sophisticated-hacker-stole-red-team-tools
Cybersecurity powerhouse FireEye late Tuesday acknowledged that a “highly sophisticated” threat actor broke into its corporate network and stole a range of automated hacking tools and scripts.
https://www.securityweek.com/cybersecurity-firm-fireeye-says-was-hacked-nation-state
U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers
https://www.wsj.com/articles/u-s-cyber-firm-fireeye-says-it-was-breached-by-nation-state-hackers-11607461408?mod=djemalertNEWS
The cybersecurity company said the attack compromised its software
tools used to test the defenses of its thousands of customers
Tomi Engdahl says:
Iran Insists That Its Nuclear Scientist Was Killed by a “Satellite-Controlled Machine Gun”
https://futurism.com/the-byte/iran-nuclear-scientist-killed-satellite-controlled-machine-gun
Mohsen Fakhrizadeh, Iran’s top nuclear scientist, was killed on November 27 by a “smart satellite-controlled machine gun” that used AI, the country’s Revolutionary Guards commander Brig-Gen Ali Fadavi told local media, as the BBC reports.
The scientist was allegedly killed by a weapon mounted to a pickup truck, which shot Fakhrizadeh inside a vehicle from a distance — but spared his wife sitting right next to him.
Mohsen Fakhrizadeh: ‘Machine-gun with AI’ used to kill Iran scientist
https://www.bbc.com/news/world-middle-east-55214359
Tomi Engdahl says:
A former NSA hacker breaks down the FireEye hack
https://www.cnbc.com/video/2020/12/09/a-former-nsa-hacker-breaks-down-the-fireeye-hack.html
Cybersecurity firm FireEye is down more than 12 percent today after it announced a hack of its data and tools. David Kennedy, TrustedSec founder and CEO and former NSA and Marine Corps Hacker, joins ‘Power Lunch’ to discuss the hack and what is known so far.
Tomi Engdahl says:
Volunteer Sleuths Crack ‘Zodiac’ Serial Killer’s Coded Message
https://www.usnews.com/news/us/articles/2020-12-11/volunteer-sleuths-crack-zodiac-serial-killers-coded-message
A team of volunteer codebreakers has cracked a mysterious cipher sent more than 50 years ago to a newspaper by the San Francisco serial killer who called himself the Zodiac, the FBI said on Friday.
The Zodiac Killer – who was never caught – shot or stabbed seven people in the San Francisco Bay Area over the course of about year in 1968 and 1969, killing all but two of them. During his murderous spree, he sent a series of terrifying letters to the San Francisco Chronicle newspaper.
Some of the notes were in code, including a particularly complex missive with 340 characters that became known as the 340 cipher.
Tomi Engdahl says:
https://www.abc.net.au/news/2020-12-12/zodiac-killer-code-cracked-by-australian-mathematician/12977342
A deciphered section of the code
I HOPE YOU ARE HAVING LOTS OF FUN IN TRYING TO CATCH ME
THAT WASNT ME ON THE TV SHOW
WHICH BRINGS UP A POINT ABOUT ME
I AM NOT AFRAID OF THE GAS CHAMBER
BECAUSE IT WILL SEND ME TO PARADICE ALL THE SOONER
BECAUSE I NOW HAVE ENOUGH SLAVES TO WORK FOR ME
WHERE EVERYONE ELSE HAS NOTHING WHEN THEY REACH PARADICE
SO THEY ARE AFRAID OF DEATH
I AM NOT AFRAID BECAUSE I KNOW THAT MY NEW LIFE IS
LIFE WILL BE AN EASY ONE IN PARADICE DEATH
Tomi Engdahl says:
Why bother pickings a lock when you can just read it in to your phone and cut a new key.
https://youtu.be/DGdsIrAjp3k
OMG, A camera just looks in to the lock and you can see what the key should be….
Tomi Engdahl says:
Viesti Sipulimarketin ylläpidolta
Eilen Tulli tiedotti takavarikoineensa Sipulimarketin palvelimen. Tor-verkossa marketin verkko-osoitteessa on nyt ilmoitus piilopalvelun sulkemisesta.
https://punainenkolmio.blogspot.com/2020/12/viesti-sipulimarketin-yllapidolta.html?m=1
Tomi Engdahl says:
Exclusive: Hackers spied on U.S. Treasury emails for a foreign government – sources
https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive-idUSKBN28N0PG
WASHINGTON (Reuters) – Hackers backed by a foreign government have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.
There is concern within the U.S. intelligence community that the hackers who targeted Treasury and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, according to three people briefed on the matter. The people did not say which other agencies.
Tomi Engdahl says:
Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources said.
https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive-idUSKBN28N0PG
Tomi Engdahl says:
Russian government hackers behind breach at US treasury and commerce departments
https://www.independent.co.uk/news/world/americas/us-politics/us-treasury-hackers-breach-trump-russia-b1772639.html
Hackers broke into Microsoft’s Office 365 and monitored staff emails for months, according to report
Tomi Engdahl says:
Security vendor SolarWinds says product updates were subverted by nation-state, Fireye says exploit is rampant
Supply chain exploit linked to attacks on major US government possibly by Russia’s Cozy Bear attack gang
https://www-theregister-com.cdn.ampproject.org/c/s/www.theregister.com/AMP/2020/12/14/solarwinds_fireeye_cozybear/
Tomi Engdahl says:
Christopher Bing / Reuters:
Sources: state sponsored hackers monitored internal emails at US Treasury and broke into National Telecommunications
and Information Administration’s Office 365 — WASHINGTON (Reuters) – A sophisticated hacking group backed by a
foreign government stole information from the U.S. Treasury Department …
Suspected Russian hackers spied on U.S. Treasury emails – sources
https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive-idUSKBN28N0PG
Ellen Nakashima / Washington Post:
Sources: state-backed Russian hacking group APT29, or Cozy Bear, is behind the hacks of US Treasury, NTIA, and FireEye
— The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that
also compromised the Treasury and Commerce departments …
https://www.washingtonpost.com/gdpr-consent/?next_url=https%3a%2f%2fwww.washingtonpost.com%2fnational-security%2frussian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm%2f2020%2f12%2f13%2fd5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
Dustin Volz / Wall Street Journal:
Source: Treasury’s hackers used a flaw in a SolarWinds product; SolarWinds, which touts 300K+ customers, says the flaw
was the result of a “supply chain attack” — Russia’s foreign intelligence service is suspected of being behind the
hacks
U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia
Russia’s foreign intelligence service is suspected of being behind effort to breach government networks
https://www.wsj.com/articles/agencies-hacked-in-foreign-cyber-espionage-campaign-11607897866?mod=djemalertNEWS
Tomi Engdahl says:
Report: Huge Data Leak ‘Exposes’ Chinese Communist Party Members ‘Embedded’ In Western Companies And Governments
https://www.dailywire.com/news/breaking-huge-data-leak-exposes-chinese-communist-party-members-embedded-in-western-companies-and-governments
An unprecedented “major leak” of official records has uncovered a register of 1.95 million members of the Chinese Communist Party, many of whom are now living and working all over the world, including Australia, the United Kingdom, and the United States. The data lists names, party positions, date of birth, national identification number, ethnicity and — in some cases — their telephone number.
Major leak ‘exposes’ members and ‘lifts the lid’ on the Chinese Communist Party
https://www.skynews.com.au/details/_6215946537001
Ms Markson said the leak is a register with the details of Communist Party members, including their names, party position, birthday, national ID number and ethnicity.
“It is believed to be the first leak of its kind in the world,” the Sky News host said.
“What’s amazing about this database is not just that it exposes people who are members of the communist party, and who are now living and working all over the world, from Australia to the US to the UK,” Ms Markson said.
“But it’s amazing because it lifts the lid on how the party operates under President and Chairman Xi Jinping”.
Tomi Engdahl says:
A foreign government backed hacking group has reportedly stolen information from both the United States Treasury Department and an agency in charge of determining policy related to internet and telecommunications, according to a Reuters exclusive report.
Report: Hackers backed by foreign gov’t hack into U.S. Treasury; been in system for months
https://americanmilitarynews.com/2020/12/report-hackers-backed-by-foreign-govt-hack-into-u-s-treasury-been-in-system-for-months/?utm_source=asmdss&utm_campaign=alt&utm_medium=facebook
A foreign government backed hacking group has reportedly stolen information from both the United States Treasury Department and an agency in charge of determining policy related to internet and telecommunications, according to a Reuters exclusive report.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the National Security Council.
According to Reuters, a National Security Council meeting was held at the White House regarding the serious and “sophisticated” hack, one person familiar with the matter said.
The hack is reportedly linked to Microsoft Office 365, the NTIA’s office software. Sources said emails from agency personnel were monitored for months.
Tomi Engdahl says:
Use SolarWinds Orion?
Better start looking at it very closely now
Starting in March 2020 to be exact it was exploited according to reports being spread around right now
May have been way into US Treasury and FireEye
SolarWinds’ Orion monitoring platform may have been tampered with by attackers
https://www.itnews.com.au/news/solarwinds-orion-monitoring-platform-may-have-been-tampered-with-by-attackers-558948
Possible connection to FireEye, US Treasury breaches.
SolarWinds said monitoring products it released in March and June of this year may have been surreptitiously tampered with in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”
“We are aware of a potential vulnerability which, if present, is currently believed to be related to updates which were released between March 2020 and June 2020 to our Orion monitoring products,”
Tomi Engdahl says:
Security vendor SolarWinds says product updates were subverted by nation-state, FireEye says exploit is rampant
Supply chain exploit linked to attacks on major US government agencies possibly by Russia’s Cozy Bear attack gang
https://www-theregister-com.cdn.ampproject.org/c/s/www.theregister.com/AMP/2020/12/14/solarwinds_fireeye_cozybear/
Tomi Engdahl says:
Major Google Services Including Gmail, YouTube Are Working Again After Global Outage
https://www.forbes.com/sites/siladityaray/2020/12/14/major-google-services-including-gmail-youtube-experience-global-outage/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
Google has managed to restore its services including Gmail, Google Maps, YouTube, Google Docs, Google Drive and others after a nearly hour-long disruption that prevented users from across the world from accessing these platforms.
Tomi Engdahl says:
Voting Machine Manufacturer Demands Retractions From Conservative News Networks Over Fraud Claims
https://www.forbes.com/sites/jemimamcevoy/2020/12/14/voting-machine-manufacturer-demands-retractions-from-conservative-news-networks-over-fraud-claims/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
Smartmatic—one of two voting machine manufacturers that’s been attacked by President Trump and his allies (without evidence) for supposedly rigging the 2020 election—announced Monday that it is demanding retractions and delivering legal notices to three conservative networks that promoted the conspiracy theories.
Inside, the letters outline “dozens of factually inaccurate statements” made by each organization as part of what Smartmatic describes as a “disinformation campaign” to harm the voting machine company and discredit the 2020 election.
Tomi Engdahl says:
I thought this was the best ‘plain English’ summary of what’s happening. Of course the Cozy Bear link is still speculative but it makes good headlines…
~18,000 organizations downloaded backdoor planted by Cozy Bear hackers
Russia-backed hackers use supply chain attack to infect public and private organizations.
https://arstechnica.com/information-technology/2020/12/18000-organizations-downloaded-backdoor-planted-by-cozy-bear-hackers/
About 18,000 organizations around the world downloaded network management tools that contained a backdoor that a nation state used to install malware in organizations the used the software, the tools provider, SolarWinds, said on Monday.
The disclosure from Austin, Texas-based SolarWinds, came a day after the US government revealed a major security breach hitting federal agencies and private companies. The US Departments of Treasury, Commerce, and Homeland Security departments were among the federal agencies on the receiving end of hacks that gave access to email and other sensitive resources, Reuters reported. Federal agencies using the software were instructed on Sunday to disconnect systems that run the software and perform a forensic analysis of their networks.
Security firm FireEye, which last week disclosed a serious breach of its own network, said that hackers backed by a nation-state compromised a SolarWinds software update mechanism and then used it to infect selected customers who installed a backdoored version of the company’s Orion network management tool.
The backdoor infected customers who installed an update from March to June of this year, SolarWinds said in a document filed on Monday with the Securities and Exchange Commission. The implant “was introduced as a result of a compromise of the Orion software build system and was not present in the source code repository of the Orion products,” Monday’s filing said. SolarWinds, which said it has about 300,000 Orion customers, put the number of affected customers at about 18,000.
“SolarWinds by its nature has very privileged access to other parts of your infrastructure,” Chapple, a former computer scientist at the National Security Agency, said in an interview. “You can think of SolarWinds as having the master keys to your network, and if you’re able to compromise that type of tool, you’re able to use those types of keys to gain access to other parts of the network. By compromising that, you have a key basically to unlock the network infrastructure of a large number of organizations.”
The hacks are part of what the federal government and officials from FireEye, Microsoft, and other private companies said was a widespread espionage campaign that a sophisticated threat actor was carrying out through a supply chain attack.
In blog post FireEye published Sunday night, the company said it uncovered a global intrusion campaign that used the backdoored SolarWinds’ update mechanism as an initial entryway “into the networks of public and private organizations through the software supply chain.” Publications—including The Washington Post and The New York Times—cited unnamed government officials saying Cozy Bear, a hacking group believed to be part of the Russian Federal Security Service (FSB) was behind the compromises.
Tomi Engdahl says:
Hackers used SolarWinds’ dominance against it in sprawling spy campaign
https://www.reuters.com/article/global-cyber-solarwinds-idUSKBN28Q07P
“We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network gear.”
Now that dominance has become a liability – an example of how the workhorse software that helps glue organizations together can turn toxic when it is subverted by sophisticated hackers.
On Monday, SolarWinds confirmed that Orion – its flagship network management software – had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.
And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce.
Tomi Engdahl says:
Dutch Hacker Who Claimed To Access Trump’s Twitter Account Will Walk Free After Police Investigation
http://on.forbes.com/6180HuyqO
A hacker who claimed to have logged into President Donald Trump’s Twitter account in October will not be punished because he tried to contact American authorities and report the security breach, a Dutch prosecutor announced Wednesday following a police investigation into the incident by the country’s High Tech Crime Team.
While hacking is a criminal offense in the Netherlands, there are circumstances where perpetrators will not be punished for their actions, the prosecutor said in a statement Wednesday.
The prosecutor said that while it assumed Gevers was actually able to access Trump’s Twitter account, something the White House and Twitter deny, he would nevertheless go free as an ethical hacker.
It is unclear whether the prosecutors have evidence that Gevers’ hack was successful or whether U.S. authorities will launch their own investigation into the incident.
Tomi Engdahl says:
Jättimäisen tietomurron takana yksi yhtiö – käytössä luokattoman huono salasana
https://www.iltalehti.fi/digiuutiset/a/bce0d090-d63c-4c89-9a40-2fd2a2e1bc46
Sijoittajia vakuuttelut eivät vakuuta. Kun uutinen SolarWindsin osallisuudesta hakkerointikampanjaan tuli julki, yhtiön arvo romahti yli 23 prosenttia viikonlopun aikana.
Reutersin mukaan useat kyberrikolliset ovat myyneet pääsyä SolarWindsin järjestelmiin. Yksi näistä rikollisista väittää olevansa FBI:n etsintäkuuluttama.
Tomi Engdahl says:
https://www.reuters.com/article/global-cyber-solarwinds-idUSKBN28Q07P
Tomi Engdahl says:
https://www.tivi.fi/uutiset/google-paljasti-miksi-sen-pilvi-kyykkasi-koira-puraisi-myos-omistajan-kankkuun/6e5560e3-cd30-4e27-93a7-1d2c40187f27
Tomi Engdahl says:
“Other experts are increasingly questioning the reliance of many businesses on just a handful of third-party vendors, and saying that perhaps society makes it a little too easy for data to be accessed or shared, particularly during a pandemic when working remotely is normal for countless individuals.
“It begs the question: ‘In cybersecurity, do we have a ‘too big to fail’ situation? And did it happen right under our noses, while we were telling everybody to spend more, to tool up, to get products?” said Payton.”
Why the US government hack is literally keeping security experts awake at night
https://edition.cnn.com/2020/12/16/tech/solarwinds-orion-hack-explained/index.html
Tomi Engdahl says:
With more than 73 million coronavirus cases worldwide, the COVID-19 vaccines offer potential relief. Yet, as many organizations are getting involved in their distribution worldwide, the attack surface for cybercriminals expands, and it worries cybersecurity experts.
The crucial role of cybersecurity in the COVID-19 vaccine distribution
https://cybernews.com/security/the-crucial-role-of-cybersecurity-in-the-covid-19-vaccine-distribution/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=cybersec_vaccine&fbclid=IwAR0yFt1QxIQmMLFb34B0uyhr7aBYT1dCDhVNPfftpb3M-kfCM329M527hfc
With more than 73 million coronavirus cases worldwide, the COVID-19 vaccines offer potential relief. Yet, as many organizations are getting involved in their distribution worldwide, the attack surface for cybercriminals expands, and it worries cybersecurity experts.
COVID-19 has already accelerated cybersecurity risks to unprecedented levels. Now, as countries begin to vaccinate their populations, malicious actors are preparing to hack supply chain distributions, experts claim.
Criminals have been breathing down the vaccine researchers’ necks since they’ve started vaccine development.
Tomi Engdahl says:
SolarWinds’ Update Server Could Be Accessed in 2019 Using Password ‘solarwinds123′: Report
https://www.newsweek.com/solarwinds-update-server-could-accessed-2019-using-password-solarwinds123-report-1554986
SolarWinds’ update server was accessible by using the simple password “solarwinds123″ in late 2019, according to a security researcher.
News broke on Sunday that SolarWinds’ OrionIT product was hacked as far back as March, with malware added to a software update that was downloaded by thousands of clients. The cyberattack went undetected for months, compromising the computers at top federal government agencies and potentially impacting hundreds of prominent American corporations.
As the damage continues to be investigated, experts have begun pointing to concerns about potentially substandard security protocols. Security researcher Vinoth Kumar told Reuters he alerted SolarWinds last year that its update server could easily be accessed by anyone using the simple password: “solarwinds123.”
“This could have been done by any attacker, easily,” Kumar told the news agency.
Kumar initially told Newsweek that the issue had been present for more than three weeks before it was fixed. After this article published, the researcher followed-up to say that he’d discovered the problem appeared to be present all the way back in June 2018.
Alleged Russian SolarWinds Hack ‘Probably an 11′ On Scale of 1 to 10, Cybersecurity Expert Warns
https://www.newsweek.com/alleged-russian-solarwinds-hack-probably-11-scale-1-10-cybersecurity-expert-warns-1554606
Acybersecurity expert warned that the alleged Russian hack of SolarWinds software, which affected top government agencies, is “probably an 11″ in terms of seriousness on a scale of one to 10.
Tomi Engdahl says:
SolarWinds hack has shaved 23% from software company’s stock this week
https://www.cnbc.com/2020/12/16/solarwinds-hack-triggers-23percent-stock-haircut-this-week-so-far.html
The meltdown began on Dec. 13 when Reuters reported that hackers potentially linked to Russia had gained access to email systems at the U.S. Commerce and Treasury departments, and that the attackers got in by way of SolarWinds software updates.
The Homeland Security agency on Sunday instructed federal agencies that were affected to disconnect or power down certain versions of SolarWinds software in their networks, and Microsoft warned customers its antivirus tool would begin blocking malicious SolarWinds software.
Last week SolarWinds announced a new CEO, and two private-equity firms sold shares ahead of the drop.
Tomi Engdahl says:
“
Dutch prosecutors have found a hacker did successfully log in to Donald Trump’s Twitter account by guessing his password – “MAGA2020!”
“
Trump Twitter ‘hack’: Police accept attacker’s claim
https://www.bbc.co.uk/news/technology-55337192
Dutch prosecutors have found a hacker did successfully log in to Donald Trump’s Twitter account by guessing his password – “MAGA2020!”
But they will not be punishing Victor Gevers, who was acting “ethically”.
Tomi Engdahl says:
Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App
https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581
Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources
Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted app considered safe from external snooping, it claimed in a blog post on Thursday. Meanwhile, a U.S. report revealed Friday that American school districts have also bought the firm’s technology.
Tomi Engdahl says:
The origin was simple, but the execution: You can’t do anything but admire its elegance – some good reads on Sunburst:
https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth
https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/
Tomi Engdahl says:
Exclusive: Microsoft breached in suspected Russian hack using SolarWinds -sources
https://www.reuters.com/article/global-cyber-microsoft-idUSL1N2IX33C
WASHINGTON (Reuters) – Microsoft was hacked as part of the suspected Russian campaign that has hit multiple U.S. government agencies by taking advantage of the widespread use of software from SolarWinds Corp, according to people familiar with the matter.
As with networking management software by SolarWinds, Microsoft’s own products were then used to further the attacks on others, the people said.
Tomi Engdahl says:
RUSSIAN HACKERS HAVE BEEN INSIDE AUSTIN CITY NETWORK FOR MONTHS
Russia appears to have used Austin’s network as infrastructure to stage additional cyberattacks.
https://theintercept.com/2020/12/17/russia-hack-austin-texas/?utm_medium=social&utm_campaign=theintercept&utm_source=facebook
The list of reported victims includes the departments of Commerce, Homeland Security, State, and the Treasury; the Pentagon; cybersecurity firm FireEye; IT software company SolarWinds; and assorted airports and local government networks across the United States, among others. The breach in Austin is another apparent victory for Russia’s hackers. By compromising the network of America’s 11th-most populous city, they could theoretically access sensitive information on policing, city governance, and elections, and, with additional effort, burrow inside water, energy, and airport networks. The hacking outfit believed to be behind the Austin breach, Berserk Bear, also appears to have used Austin’s network as infrastructure to stage additional attacks.
Tomi Engdahl says:
Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach
https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/
This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.
While details are continuing to emerge, the SolarWinds supply chain attack is already the most significant attack in recent memory. According to SolarWinds, Microsoft, FireEye, and the Cybersecurity and Infrastructure Security Agency (CISA) the attackers compromised a server used to build updates for the SolarWinds Orion Platform, a product used for IT infrastructure management. The attackers used this compromised build server to insert backdoor malware into the product (called Solorigate by Microsoft or SUNBURST by FireEye).
Tomi Engdahl says:
Latest futile effort to make encryption a malleable oxymoron!
The Council of the European Union is calling for what they dub “security through encryption and security despite encryption”.
https://techcrunch.com/2020/12/14/eu-council-wants-secure-encryption-and-lawful-data-access/
“Competent authorities must be able to access data in a lawful and targeted manner, in full respect of fundamental rights and the relevant data protection laws, while upholding cybersecurity,” the Council writes.
Tomi Engdahl says:
Exclusive: Microsoft breached in suspected Russian hack using SolarWinds -sources
https://www.reuters.com/article/global-cyber-microsoft-idUSL1N2IX33C
WASHINGTON (Reuters) – Microsoft was hacked as part of the suspected Russian campaign that has hit multiple U.S. government agencies by taking advantage of the widespread use of software from SolarWinds Corp, according to people familiar with the matter.
Tomi Engdahl says:
Nuclear weapons agency breached amid massive cyber onslaught
Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile.
https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855
The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said.
On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by Rocky Campione, the chief information officer at DOE.
Tomi Engdahl says:
Microsoft says it found malicious software in its systems
https://www.reuters.com/article/us-usa-cyber-breach-idUSKBN28R2ZJ
Microsoft Corp said on Thursday it found malicious software in its systems related to a massive hacking campaign disclosed by U.S. officials this week, adding a top technology target to a growing list of attacked government agencies.
The Redmond, Washington company is a user of Orion, the widely deployed networking management software from SolarWinds Corp which was used in the suspected Russian attacks on vital U.S. agencies and others.
Microsoft also had its own products leveraged to attack victims, said people familiar with the matter. The U.S. National Security Agency issued a rare “cybersecurity advisory” Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.
Tomi Engdahl says:
https://www.washingtonpost.com/technology/2020/12/15/solarwinds-russia-breach-stock-trades/
Tomi Engdahl says:
Exclusive: Microsoft breached in suspected Russian hack using SolarWinds -sources
https://reut.rs/3nvpFjK
Tomi Engdahl says:
Microsoft to quarantine SolarWinds apps linked to recent hack
https://www.zdnet.com/article/microsoft-to-quarantine-solarwinds-apps-linked-to-recent-hack-starting-tomorrow/
After only showing detection alerts, Microsoft moves to block trojanized SolarWinds apps from running, opening the door for some IT issues for some of its customers.