This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
369 Comments
Tomi Engdahl says:
The threats arising from the massive SolarWinds hack
https://www.cbsnews.com/news/the-threats-arising-from-the-massive-solarwinds-hack/
Like the coronavirus, it came from overseas, arriving, initially, unnoticed. When it was finally, belatedly discovered, the outrage (for a few days at least) was epic.
“This is nothing short of a virtual invasion by the Russians into critical accounts of our federal government,” said Democratic Senator Dick Durbin.
Republican Senator Mitt Romney called it “an extraordinary invasion of our cyberspace.”
Tomi Engdahl says:
Käsikirja tukemaan terveydenhuollon kyberturvallisuutta Suomessa -Myös koronakriisin aikaisia vaikutuksia käsitelty
https://www.hyperlinkki.mediaparkki.com/2021/01/05/kasikirja-tukemaan-terveydenhuollon-kyberturvallisuutta-suomessa-myos-koronakriisin-aikaisia-vaikutuksia-kasitelty/
Maailmalla on uutisoitu lukuisista kyberhyökkäyksistä terveydenhuollon organisaatioihin koronakriisin aikana. Paineen alla työskentelevän terveydenhuolto-organisaation joutuessa kyberhyökkäyksen uhriksi, voi tilanne olla pahimmillaan katastrofaalinen.
Jyväskylän ammattikorkeakoulu (JAMK) on julkaissut käsikirjan kyberhäiriöiden hallintaan terveydenhuollon toimijoille. Julkaisu auttaa eri kokoisia terveydenhuollon organisaatioita kehittämään kyberhäiriöiden hallinnan prosesseja ja toimintaohjeita. Resurssien ollessa kriisitilanteessa tiukilla, on korostetun tärkeää, että kyberhäiriöihin on ennalta varauduttu, prosessit ovat kunnossa ja niitä on harjoiteltu.
Tomi Engdahl says:
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries.
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.
The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.
Tomi Engdahl says:
Tarkista, etteivät sovellukset tee näitä asioita puhelimessasi: ”Viattomalta kuulostavasta nimestä huolimatta…” https://www.is.fi/digitoday/tietoturva/art-2000007721655.html
Tomi Engdahl says:
US: Hack of federal agencies ‘likely Russian in origin’
https://apnews.com/article/us-blames-russia-federal-hacking-3921096dfd9693a020420acc787132bd
WASHINGTON (AP) — Top national security agencies confirmed Tuesday that Russia was likely responsible for a massive hack of U.S. government departments and corporations, rejecting President Donald Trump’s claim that China might be to blame.
The rare joint statement represented the U.S. government’s first formal attempt to assign responsibility for the breaches at multiple agencies and to assign a possible motive for the operation. It said the hacks appeared to be intended for “intelligence gathering,” suggesting the evidence so far pointed to a Russian spying effort rather than an attempt to damage or disrupt U.S. government operations.
Tomi Engdahl says:
JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI), AND THE NATIONAL SECURITY AGENCY (NSA)
https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure
This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.
Tomi Engdahl says:
https://thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&utm_content=FaceBook&m=1
Tomi Engdahl says:
Hackers start exploiting the new backdoor in Zyxel devices
https://www.bleepingcomputer.com/news/security/hackers-start-exploiting-the-new-backdoor-in-zyxel-devices/
Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor.
Last month, Niels Teusink of Dutch cybersecurity firm EYE disclosed a secret hardcoded backdoor account in Zyxel firewalls and AP controllers. This secret ‘zyfwp’ account allowed users to login via SSH and the web interface to gain administrator privileges.
Secret backdoor discovered in Zyxel firewalls and AP controllers
https://www.bleepingcomputer.com/news/security/secret-backdoor-discovered-in-zyxel-firewalls-and-ap-controllers/
In an advisory, Zyxel states that they used the secret account to deliver firmware updates via FTP automatically.
This backdoor is a significant risk as it could allow threat actors to create VPN accounts to gain access to internal networks or port forward Internal services to make them remotely accessible and exploitable.
Threat actors actively scan for Zyxel backdoor
Yesterday, cybersecurity intelligence firm GreyNoise detected three different IP addresses actively scanning for SSH devices and attempting to login to them using the Zyxel backdoor credentials.
GreyNoise CEO Andrew Morris told BleepingComputer that the threat actor does not appear to be scanning specifically for Zyxel devices but is instead scanning the Internet for IP addresses running SSH.
When SSH is detected, it will attempt to brute force an account on the device, with one of the credentials tested being the new Zyxel ‘zyfwp’ backdoor account.
Zyxel released the ‘ZLD V4.60 Patch 1′ last month that removes the backdoor accounts on firewall devices. Zyxel announced yesterday that they would release the patch for AP controllers on January 8th, 2021.
Tomi Engdahl says:
Zyxel security advisory for hardcoded credential vulnerability
CVE: CVE-2020-29583
https://www.zyxel.com/support/CVE-2020-29583.shtml
Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from EYE Netherlands. Users are advised to install the applicable firmware updates for optimal protection.
What is the vulnerability?
A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
Tomi Engdahl says:
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021
https://pentestmag.com/7-cybersecurity-predictions-for…/
#pentest #magazine #pentestmag #pentestblog #PTblog #cybersecurity #predictions2021 #smartbuildings #infrastructure #IoT #IIoT #infosecurity #infosec
Tomi Engdahl says:
1,500 SolarWinds Customers Are Exposing Themselves To Hackers As ‘Russian’ Espionage Continues
https://www.forbes.com/sites/thomasbrewster/2021/01/06/1500-solarwinds-customers-are-exposing-themselves-to-hackers-as-russian-espionage-continues/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
But numbers have, strangely, increased, according to Abdine, CTO at Censys, a Google Ventures-backed startup that scans the web looking for potential weaknesses that need patching. Censys data indicates that the number of SolarWinds Orion servers exposed on the web rose from a low of 1,200 on December 28 to 1,550 on January 4, even though the numbers had been dipping after disclosure of the breach.
He believes that in the scramble to update their SolarWinds software, IT teams have misconfigured their servers so they can be identified by anyone with a web connection. “Maybe they had firewall rules that they didn’t anticipate and maybe they changed the port in the process,” Abdine added.
If those servers are vulnerable to an issue disclosed by SolarWinds on December 26, they could be in real danger of being breached, Abdine warned. The vulnerability allows remote access to the tool and user networks. Earlier this week, mass scans for vulnerable hosts from an IP address in Russia were detected by Bad Packets, a threat intelligence organization.
Tomi Engdahl says:
After refusing to pay ransom, US-based auto parts distributor has sensitive data leaked by cybercriminals
https://cybernews.com/security/after-refusing-to-pay-ransom-us-based-auto-parts-distributor-has-sensitive-data-leaked-by-cybercriminals/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=auto_parts_leak&fbclid=IwAR3v4vKF7y2Wa7fn_2p5fhmDviaVPt-JifNB9oWAuDPTWD-AXBcwsnCaZ5o
A 3GB archive that purportedly belongs to NameSouth, a US-based auto parts shop, has been publicly leaked by the NetWalker ransomware group.
NameSouth seems to be the latest victim of the ransomware gang that surfaced sometime in 2019. NetWalker’s targets range across multiple industries, with archives of stolen data from about a hundred victimized businesses publicly posted on the gang’s darknet website to date.
Tomi Engdahl says:
Are many things as secure as advertised?
Tomi Engdahl says:
Featured Article
Tech leaders speak out about platforms’ roles in US Capitol riots
‘You’ve got blood on your hands, Jack and Zuck’
https://techcrunch.com/2021/01/06/tech-leaders-speak-out-about-platforms-roles-in-us-capitol-riots/?tpcc=ECFB2021
After pro-Trump extremists violently stormed the U.S. Capitol, a number of tech executives and industry leaders are calling on Twitter CEO Jack Dorsey and Facebook CEO Mark Zuckerberg to more aggressively curb the president’s messages amplifying and endorsing violence.
After Trump released a video calling the extremists “very special” and telling them to go home, Facebook and Twitter have taken down the content. Twitter has locked Donald Trump’s Twitter account for at least 12 hours, warning that “any future violations” of Twitter rules will result in permanent suspension of the account.
The riot triggered the platforms, after long scrutiny, to finally react to Trump’s incendiary tweets and messaging. As the situation continues to play out, some prominent tech figures see the root of the riots as the platforms that ignored and amplified misinformation surrounding the election, allowing violent rhetoric to spin out of control in the final days of the Trump presidency.
Tomi Engdahl says:
Capitol Hill Mob Accessed Congressional Computer—‘Consider Them All Compromised’
https://www.forbes.com/sites/thomasbrewster/2021/01/07/capitol-hill-mob-accessed-congressional-computers—consider-them-all-compromised/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
Among the many shocking images from yesterday’s Capitol Hill riot were were some that indicated that rioters had access to official computers. One photo, in a subsequently deleted tweet from Elijah Schaffer, a reporter for far-right websites, indicated that a computer in Speaker Nancy Pelosi’s office was left unlocked, with email and other applications accessible. Senator Jeff Merkley of Oregon also tweeted a video of the destruction of his office, in which he noted a laptop had been stolen. Speculation abounds that hard drives were also being stolen by the trespassers, but there’s little proof that they’d been removed from the building.
The teams rebuilding Congress’ IT systems should consider everything in the breached offices compromised, according to cybersecurity experts and a former congressional employee. From there, they can make assessments on what went missing, whether anything sensitive was stolen and then how to mitigate the possible impact.
Overall security on the Hill has been historically patchy, the ex-Congressional staffer said. House and Senate systems are handled separately and staff often use their own computers, smartphones and apps to run software like Gmail without any additional government security, they added.
Tomi Engdahl says:
LILY HAY NEWMANSECURITY01.07.2021 08:14 PM
Post-Riot, the Capitol Hill IT Staff Faces a Security Mess
Wednesday’s insurrection could have exposed congressional data and devices in ways that have yet to be appreciated.
https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/?mbid=social_facebook&utm_brand=wired&utm_medium=social&utm_social-type=owned&utm_source=facebook
IN THE AFTERMATH of destructive riots that trashed the United States Capitol on Wednesday, the nation is grappling with questions about the stability and trajectory of US democracy. But inside the Capitol building itself, the congressional support staff is dealing with more immediate logistics, like cleanup and repairs. A crucial part of that: the process of securing the offices and digital systems after hundreds of people had unprecedented access to them.
Allowing physical access to a location can have serious cybersecurity ramifications. Rioters could have bugged congressional offices, exfiltrated data from unlocked computers, or installed malware on exposed devices. In the rush to evacuate the Capitol, some computers were left unlocked and remained accessible by the time rioters arrived. And at least some equipment was stolen
“This is probably going to take several days to flesh out exactly what happened, what was stolen, what wasn’t,”
“Items, electronic items, were stolen from senators’ offices. Documents, materials, were stolen, and we have to identify what was done, mitigate that, and it could have potential national security equities. If there was damage, we don’t know the extent of that yet.”
Tomi Engdahl says:
The Secret SIMs Used By Criminals to Spoof Any Number
https://www.vice.com/en/article/n7w9pw/russian-sims-encrypted
Criminals use so-called Russian, encrypted, or white SIMs to change their phone number, add voice manipulation to their calls, and try to stay ahead of law enforcement.
“There are these special SIM cards out there,” he said, referring to the small piece of hardware that slips inside a cell phone. “I’m actually ringing from one now,” he added, before later explaining he runs an underground site that sells these cards.
This SIM card, the caller said, allowed him to spoof any phone number he wanted. Want to look like you’re calling from a bank in order to scam a target? Easy. Want to change it to a random series of digits so that the recipient’s phone won’t record your real number? That just takes a few seconds to set up, according to tutorials of how to use the cards available online.
Russian SIMs. Encrypted SIMs. White SIMs. These cards go by different names in the criminal underground, and vary widely in quality and features. But all are generally designed to give the user some sort of security or privacy benefit, even if what that particular SIM does is more theatre than substance. Beyond spoofing phone numbers, some SIMs let a caller manipulate their voice in real-time, adding a baritone or shrill cloak to their phone calls that is often unintentionally funny. Other cards have the more worthwhile benefit of being worldwide, unlimited data SIMs that criminals source anonymously from suppliers without having to give up identifying information and by paying in Bitcoin.
The SIM cards themselves aren’t inherently illegal, but criminals certainly make a noticeable chunk of the companies’ customer bases. The NCA told Motherboard it has seized so-called Russian SIMs from suspects during investigations. The existence of this bustling industry highlights how crime figures continue to try and leverage different technologies
“They are the most popular SIMs in crime,” a source close to the criminal world told Motherboard, referring to the anonymously sourced data SIMs.
Criminals often make use of so-called encrypted phones, customized devices that in some cases have the microphone, GPS, and camera functionality removed. Some of these companies also offer Russian or encrypted SIM cards, letting customers buy not just a handset, but the data and roaming capability they would need to actually use the phone quickly, as well as some extra features from the SIM if they like.
After receiving the SIM card and putting it into an unlocked phone, a user has to change the Access Point Name or “APN” on the device.
Karsten Nohl, a security researcher from SRLabs focused on telecommunications security, told Motherboard in an email that operators of the SIM cards likely run their own Mobile Virtual Network Operator (MVNO), which is essentially a telecom company piggy backing off of the infrastructure of a more established network. Many MVNOs exist, including Google’s Fi, which runs on top of T-Mobile’s infrastructure.
To enter relationships with telecos in the United States or Canada, companies will likely need to create an MVNO, but may not need to in some other countries, the source said.
The person who owned the underground website selling SIM cards said the calls are instead going through “poor countries” where people can cheaply buy access to the phone network.
“People just have been drawn to the name Russian SIM,” they said.
“one key feature is obviously we do not keep records of our SIMs usage.”
Some of the companies make extraordinary, and largely unsubstantiated claims, though. These include being “bulletproof,” or being able to thwart all surveillance from IMSI-catchers, devices used by law enforcement that pose as cell phone towers and trick nearby devices to connect to them in order to track their physical location.
“SECURE SIMS. UNDETECTABLE, EVEN BY THE POLICE. COMPLETE ANONYMITY,” the website adds.
“I feel like they are preying on the uneducated,”
Even if someone obtained a SIM card anonymously, they are still using a SIM card and by extension a phone network. The source who currently works in the phone industry said “you can’t be invisible.”
Nohl, the security researcher, told Motherboard, “A data-only SIM (that uses IMS for voice/text) prevents IMSI catchers from intercepting voice calls and text. So do all 4G and 3G networks that use encryption, which IMSI catchers cannot break open, and many 2G networks that upgraded to A5/3 encryption,” Nohl said. “In all these scenarios, the IMSI catcher can still catch IMSIs, though, mainly for tracking purposes.”
Tomi Engdahl says:
“A hacker would first have to steal a target’s account password and to also gain covert possession of the physical key for as many as 10 hours. The cloning also requires up to $12,000 worth of equipment, custom software, and an advanced background in electrical engineering and cryptography.”
Hackers can clone Google Titan 2FA keys using a side channel in NXP chips
Yubico and Feitian keys that use the same chip are likely susceptible, too.
https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/
Tomi Engdahl says:
The Making of QAnon: A Crowdsourced Conspiracy
https://www.bellingcat.com/news/americas/2021/01/07/the-making-of-qanon-a-crowdsourced-conspiracy/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1610058120
On January 6, chaos descended on Washington D.C. as supporters of President Donald Trump stormed the United States Capitol Building. Amid the melee, a longtime QAnon promoter known as “the Q Shaman” made his way onto the Senate floor and occupied the speaker’s rostrum. He was far from the only QAnon supporter on the scene that day: another led the charge into the Capitol.
Once again, this dangerous and eclectic conspiracy is in the spotlight. It has come a long way since its birth on a forum barely three years ago.
Tomi Engdahl says:
Laptop stolen from Pelosi’s office during storming of U.S. Capitol, says aide
https://www.reuters.com/article/us-usa-election-cyber/laptop-stolen-from-pelosis-office-during-storming-of-u-s-capitol-says-aide-idUSKBN29D2HA
Drew Hammill, an aide to Democrat Pelosi, said on Twitter that the laptop belonged to a conference room and was used for presentations. He declined to offer further details.
The theft of electronic devices from congressional offices has been a persistent worry following the invasion by pro-Trump followers. They were encouraged by Republican President Donald Trump at a rally beforehand to march to the Capitol while Congress was certifying Democrat Joe Biden’s Nov. 3 election win.
The theft of electronic devices from congressional offices has been a persistent worry following the invasion by pro-Trump followers. They were encouraged by Republican President Donald Trump at a rally beforehand to march to the Capitol while Congress was certifying Democrat Joe Biden’s Nov. 3 election win.
“We just don’t know the extent of that damage at this point,” he said.
What else might have been taken during the chaos is not yet known. Some information technology experts worry that intruders may have planted malicious software on computers, although it’s not clear that devices were the focus of any particular attention.
Tomi Engdahl says:
Putin’s Disinformation Campaign Claims Stunning Victory With Capitol Hill ‘Coup’
https://www.haaretz.com/us-news/.premium.HIGHLIGHT-putin-s-disinformation-campaign-claims-stunning-victory-with-capitol-hill-coup-1.9432690
Russian information warfare ops have had one goal ever since the Cold War began: to sow chaos and undermine Americans’ sense of a shared reality. Trump was just a means to that end
As a shirtless, horned man stood at the dais of the U.S. Senate on Wednesday, the words Harvard Law School Prof. Yochai Benkler told Haaretz ahead of the 2020 election sprang to mind. Since the Cold War began, Soviet – and then Russian – information warfare campaigns have never been about pushing out a single message. Prof. Benkler, one of the leading authorities on disinformation online, explained that the primary role of Russian propaganda “is to create a world where nothing is true and everything is possible.”
We tend to think of disinformation as a social media problem. We also tend to think of it as a new issue. However, research such as Benkler and Rand’s shines a light on the infrastructure of the #StopTheSteal campaign, which morphed into Wednesday’s violent attack on democracy.
The fraud that led to a coalition of far-right conspiracy theorists besieging the Capitol was one founded on a baseless, thoroughly debunked and intentionally distorted perception of the election.
Tomi Engdahl says:
The deplatforming of President Trump
A review of an unprecedented and historical week for the tech industry
https://techcrunch.com/2021/01/09/the-deplatforming-of-a-president/?tpcc=ECFB2021
After years of placid admonishments, the tech world came out in force against President Trump this past week following the violent assault of the U.S. Capitol building in Washington D.C. on Wednesday. From Twitter to PayPal, more than a dozen companies have placed unprecedented restrictions or outright banned the current occupant of the White House from using their services, and in some cases, some of his associates and supporters as well.
Twitter: a permanent ban and a real-time attempt to shut down all possible account alternatives
Twitter permanently removed the president of the United States from its platform Friday, citing concerns over the “risk of further incitement of violence” and Trump’s previous transgressions.
Tomi Engdahl says:
The Week in Ransomware – January 8th 2021 – $150 million
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-8th-2021-150-million/
This week’s biggest news was China APT hackers starting to use ransomware and Ryuk bitcoin wallets indicating they have earned $150 million in ransom payments.
Tomi Engdahl says:
President Trump responds to Twitter account ban in tweet storm from @POTUS account
https://techcrunch.com/2021/01/08/president-trump-responds-to-twitter-account-ban-in-tweet-storm-from-potus-account/?tpcc=ECFB2021
After Twitter took the major step Friday of permanently banning President Trump’s @realdonaldtrump Twitter account, the President aimed to get the last word in through his government account @POTUS which has a fraction of the Twitter followers but still offered the President a megaphone on the service to send out a few last tweets.
The tweets were deleted within minutes by Twitter which does not allow banned individuals to circumvent a full ban by tweeting under alternate accounts.
Tomi Engdahl says:
Twitter has permanently suspended President Donald Trump’s account, the company announced Friday, a striking move that comes as the social media network faced growing pressure to remove him following the deadly Capitol riots earlier this week.
https://www.forbes.com/sites/rachelsandler/2021/01/08/twitter-permanently-bans-trump/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie
Twitter said it decided to ban the president “due to the risk of further incitement of violence” after a review of his recent tweets.
Tomi Engdahl says:
Amazon is kicking Parler off its web hosting service
Parler’s CEO said the site could be offline for up to a week
https://www.theverge.com/2021/1/9/22222637/amazon-workers-aws-stop-hosting-services-parler-capitol-violence
In the latest blow to social app Parler, Amazon said Saturday it was suspending the company from its web hosting platform effective at 11:59PM PST Sunday. First reported by BuzzFeed News unless Parler finds another web hosting service, the site will go offline Sunday night.
Parler CEO John Matze said in a post on the site Saturday evening that the site could be offline for up to a week “as we rebuild from scratch.” Matze said the company had prepared for such an event, “by never relying on amazons [sic] proprietary infrastructure and building bare metal products.”
He added that “many” were competing for Parler’s business, and accused Amazon, Google, and Apple of a coordinated attack to kill competition.
https://parler.com/post/009ba435b68c46d4955e1cd7737fa27c
Tomi Engdahl says:
Apple suspends Parler from App Store
https://techcrunch.com/2021/01/09/apple-suspend-parler-from-app-store/
Apple confirmed that it has suspended the conservative social media app Parler from the App Store, shortly after Google banned it from Google Play. The app, which became a home to Trump supporters and several high-profile conservatives in the days leading up to the Capitol riots, had been operating in violation of Apple’s rules.
The company tells TechCrunch:
We have always supported diverse points of view being represented on the App Store, but there is no place on our platform for threats of violence and illegal activity. Parler has not taken adequate measures to address the proliferation of these threats to people’s safety. We have suspended Parler from the App Store until they resolve these issues.
Tomi Engdahl says:
https://victoriamedia.fi/2021/01/10/kyberhyokkays-eilakaisla-oy-on-joutunut-kyberhyokkayksen-kohteeksi/
Tomi Engdahl says:
Free Speech
https://xkcd.com/1357/
Tomi Engdahl says:
Beijing updates internet regulation to include a wide swathe of services, fake news and fraud
https://www.scmp.com/tech/policy/article/3117015/beijing-updates-internet-regulation-include-wide-swath-services-fake
A comprehensive update to China’s internet services regulation details the services covered and banned activities
Usage of search engines, instant messaging, online payments and more could violate the law even if conducted from overseas servers
Tomi Engdahl says:
Hacker used ransomware to lock victims in their IoT chastity belt
https://www.bleepingcomputer.com/news/security/hacker-used-ransomware-to-lock-victims-in-their-iot-chastity-belt/amp/
The source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes.
Users of the Bluetooth-controlled Qiui Cellmate chastity device were targets of an attack with this malware last year after security researchers found a vulnerability in the toy that allowed locking it remotely.
Tomi Engdahl says:
https://www.eilakaisla.fi/blogi/eilakaisla-oy-on-joutunut-kyberhyokkayksen-kohteeksi
Tomi Engdahl says:
Dominion Voting Sues Sidney Powell For Defamation Over Election Conspiracy—And Others May Be Next
https://www.forbes.com/sites/alisondurkee/2021/01/08/dominion-voting-sues-sidney-powell-for-defamation-over-election-conspiracy-theory/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
Dominion Voting Systems filed a lawsuit against former Trump campaign legal advisor Sidney Powell Friday for defamation and deceptive trade practices, after the attorney promoted a “false preconceived narrative” tying the company’s voting machines to widespread election fraud, which the company confirmed will be the first in a “series” of lawsuits targeting Trump allies who have spread the baseless claims—and potentially the president himself.
Tomi Engdahl says:
FBI Issues Alert Over Growing Egregor Ransomware Threat
Bureau And Security Experts Warn About Gang’s Effective Extortion Model
https://www.govinfosecurity.com/fbi-issues-alert-over-growing-egregor-ransomware-threat-a-15733
The FBI alert notes that Egregor operates in a service model, which includes the operators of the actual ransomware as well as affiliated cybercriminals that carry out their own attacks and receive a percentage of the ransom if the money is paid by the victim. This makes defending and mitigating against these types of attacks difficult.
“Because of the large number of actors involved in deploying Egregor, the tactics, techniques, and procedures used in its deployment can vary widely, creating significant challenges for defense and mitigation,” the FBI alert notes. “Egregor ransomware utilizes multiple mechanisms to compromise business networks, including targeting business network and employee personal accounts that share access with business networks or devices.”
Tomi Engdahl says:
Europe seizes on social media’s purging of Trump to bang the drum for regulation
https://techcrunch.com/2021/01/11/europe-seizes-on-social-medias-purging-of-trump-to-bang-the-drum-for-regulation/?tpcc=ECFB2021
Big tech’s decision to pull the plug on president Donald Trump’s presence on their platforms, following his supporters’ attack on the US capital last week, has been seized on in Europe as proof — if proof were needed — that laws have not kept pace with tech market power and platform giants must face consequences over the content they amplify and monetize.
Writing in Politico, the European Commission’s internal market commissioner, Thierry Breton, dubs the 6/1 strike at the heart of the US political establishment as social media’s ‘9/11’ moment — aka, the day the whole world woke up to the real-world impact of unchecked online hate and lies.
OPINION
Thierry Breton: Capitol Hill — the 9/11 moment of social media
https://www.politico.eu/article/thierry-breton-social-media-capitol-hill-riot/
The Capitol Hill riot exposes the fragility of our democracies — and the threat underregulated tech companies can pose to their survival.
We are all still shocked by the images of protesters storming the U.S. Congress to halt the certification of the next U.S. president. The attack on the U.S. Capitol — a symbol of democracy — feels like a direct assault on all of us.
Just as 9/11 marked a paradigm shift for global security, 20 years later we are witnessing a before-and-after in the role of digital platforms in our democracy.
Tomi Engdahl says:
The unprecedented reactions of online platforms in response to the riots have left us wondering: Why did they fail to prevent the fake news and hate speech leading to the attack on Wednesday in the first place? Regardless of whether silencing a standing president was the right thing to do, should that decision be in the hands of a tech company with no democratic legitimacy or oversight? Can these platforms still argue that they have no say over what their users are posting?
https://www.politico.eu/article/thierry-breton-social-media-capitol-hill-riot/
Tomi Engdahl says:
How Facial Recognition Technology Is Helping Identify the U.S. Capitol Attackers
https://spectrum.ieee.org/tech-talk/artificial-intelligence/machine-learning/facial-recognition-and-the-us-capitol-insurrection
The FBI is still trying to identify some of the hundreds of people who launched a deadly attack on the U.S. Congress last week. “We have deployed our full investigative resources and are working closely with our federal, state, and local partners to aggressively pursue those involved in criminal activity during the events of January 6,” reads a page that contains images of dozens of unknown individuals, including one suspected of planting several bombs around Washington, D.C.
Tomi Engdahl says:
70TB of Parler users’ messages, videos, and posts leaked by security researchers
https://cybernews.com/news/70tb-of-parler-users-messages-videos-and-posts-leaked-by-security-researchers/
Parler, a social network used to plan the storming of the U.S. Capitol last week, has been hit by a massive data scrape. Security researchers collected swaths of user data before the network went dark Monday morning after Amazon, Google, and Apple booted the platform.
The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.
The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.
Parler, which claims to have over 10 million users, has lax rules over content, making the platform very attractive to far-right groups. Google and Apple removed Parler’s smartphone app from their app stores, claiming that the platform allowed posting that seeks to “incite ongoing violence in the U.S..” Amazon took similar measures, removing Parler from its hosting service.
Reddit users claim that the scrape was made possible due Twilio, an American cloud communications platform that provided the platform with phone number verification services, cutting ties with Parler.
Tomi Engdahl says:
Russian Hacker Sentenced to 12-Years in Prison for Massive JP Morgan Chase Hack
https://www.theaegisalliance.com/2021/01/11/russian-hacker-12-years-prison-jp-morgan-chase-hack/
Tomi Engdahl says:
SolarWinds hackers linked to known Russian spying tools, investigators say
https://www.reuters.com/article/global-cyber-solarwinds/solarwinds-hackers-linked-to-known-russian-spying-tools-investigators-say-idINKBN29G16Z
LONDON (Reuters) – The group behind a global cyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said on Monday.
Tomi Engdahl says:
Will one tweet from Elon Musk be enough to help Signal dethrone WhatsApp as the messenger app of choice?
https://www.thenationalnews.com/arts-culture/will-one-tweet-from-elon-musk-be-enough-to-help-signal-dethrone-whatsapp-as-the-messenger-app-of-choice-1.1143481
After WhatsApp announced a change to its privacy policy, people are flocking to Signal, thanks to a nudge from the Tesla founder
Tomi Engdahl says:
Ransomware attack forces three-week shutdown of NT Government IT system
https://www.abc.net.au/news/2021-01-10/ransomware-attack-nt-government-phishing-attempts/13036472
Tomi Engdahl says:
CISA: SolarWinds hackers also used password guessing to breach targets
CISA says the threat actor behind the SolarWinds hack also used password guessing and password spraying to breach targets, not just trojanized updates.
https://www.zdnet.com/article/cisa-solarwinds-hackers-also-used-password-guessing-to-breach-targets/
Tomi Engdahl says:
Emotet on ”maailman vaarallisin haittaohjelma” ja nyt se palasi pahempana kuin koskaan – 100 000 käyttäjän kimppuun päivässä
8.1.202121:29|päivitetty11.1.202116:07
Check Point Software Technologies -tietoturvayhtiön tiedotteessa kerrotaan, että pahamaineinen Emotet-haittaohjelma on jälleen noussut yleisimpien haittaohjelmien listan kärkeen.
https://www.mikrobitti.fi/uutiset/emotet-on-maailman-vaarallisin-haittaohjelma-ja-nyt-se-palasi-pahempana-kuin-koskaan-100-000-kayttajan-kimppuun-paivassa/0bd9c8d2-f48b-4027-81f9-0ff99f9c8261
Tomi Engdahl says:
Nissan source code leaked online after Git repo misconfiguration
Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin.
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
Tomi Engdahl says:
Hacker used ransomware to lock victims in their IoT chastity belt
https://www.bleepingcomputer.com/news/security/hacker-used-ransomware-to-lock-victims-in-their-iot-chastity-belt/
Tomi Engdahl says:
Modern cybercrime is becoming increasingly open-sourced
https://cybernews.com/security/modern-cybercrime-is-becoming-increasingly-open-sourced/
Open-source technology has a largely positive image that often goes beyond the base elements of technology and embodies a mindset and a way of doing things that have ethics and morals at its heart. It’s viewed as a communal approach that strives for the common good rather than zero-sum gains for some at the expense of others. That it might be an approach that is used to conduct cyberattacks seems somewhat incongruent, therefore, but that’s precisely what Accenture’s latest Cyber Threatscape Report suggests.
Tomi Engdahl says:
Hacked U.S. networks will need to be burned ‘down to the ground’
https://www.japantimes.co.jp/news/2020/12/19/world/us-networks-hacking-russia-china/
It’s going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.
Tomi Engdahl says:
https://thehackernews.com/2021/01/unveiled-sunspot-malware-was-used-to.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&utm_content=FaceBook&m=1
As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company’s Orion network monitoring platform.
Called “Sunspot,” the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
“This highly sophisticated and novel code was designed to inject the Sunburst malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams,” SolarWinds’ new CEO Sudhakar Ramakrishna explained.
https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/
Tomi Engdahl says:
Tech companies are cracking down on conspiracy theories that fueled the Capitol riots.
Facebook Will Remove Content With Phrase ‘Stop The Steal’ Ahead Of Inauguration Day
https://www.forbes.com/sites/rachelsandler/2021/01/11/facebook-will-remove-content-with-phrase-stop-the-steal-ahead-of-inauguration-day/?sh=788f7d1f2ae7&utm_source=fb_breakingnews&utm_medium=social&utm_campaign=forbes&utm_content=4118624078
Facebook will start taking down content containing the phrase “Stop the Steal,” the company announced Monday, as tech companies continue an unprecedented crackdown on conspiracy theories that fueled the Capitol riots last week.
Facebook said it will remove Stop the Steal content given “continued attempts to organize events against the outcome of the US presidential election that can lead to violence, and use of the term by those involved in Wednesday’s violence in DC.”
Facebook’s move comes as the FBI warned Monday that armed protests are being planned across the country leading up to President-elect Joe Biden’s inauguration.