Cyber security news January 2021

This posting is here to collect cyber security news in January 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

369 Comments

  1. Tomi Engdahl says:

    Ahead of inauguration, Airbnb pledges bans for anyone involved in Capitol riot
    https://techcrunch.com/2021/01/11/ahead-of-inauguration-airbnb-pledges-bans-for-anyone-involved-in-capitol-riot/?tpcc=ECFB2021

    Building on a policy that the company said has been in place since the Charlottesville protests back in 2017, Airbnb said it will take additional steps to beef up community protections for the DC metro area ahead of the presidential inauguration.

    Airbnb already removes people from the platform who are associated with violent hate groups ahead of specific events, the company said.

    And ahead of the inauguration, the company said it would use a seven-step plan to ensure that the DC metro-area isn’t overwhelmed with white supremacists, neo-Nazis, or “western chauvinists.”

    Reply
  2. Tomi Engdahl says:

    Facebook says it will remove references to ‘stop the steal’ across its platform
    https://techcrunch.com/2021/01/11/facebook-says-it-will-remove-references-to-stop-the-steal-across-its-platform/?tpcc=ECFB2021

    In the wake of last week’s violence at the U.S. Capitol, Facebook today announced it will be taking additional steps to remove content referencing the phrase “stop the steal” on its platform. The phrase is associated with the right-wing campaign that falsely alleges the democratic U.S. elections have been rigged and aims to keep Trump in power by any means necessary, including, now, violent insurrection. Facebook had previously removed some of the original Stop the Steal groups in November, and says it has continued to remove Pages, groups and events that violate its policies, including calls for violence.

    As TechCrunch had previously reported, Facebook had also begun to block election conspiracy hashtags back in November 2020, including #sharpiegate and #stopthesteal. Searches for those would not return groups or posts, as a result.

    However, the cleanup effort was not as widespread or as ongoing as Facebook would have you believe. As of the time of writing, we’re aware of several active Facebook Groups that are still literally called “stop the steal,” for example.

    Reply
  3. Tomi Engdahl says:

    The Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler
    https://techcrunch.com/2021/01/11/is-the-tweet-mightier-than-the-sword/?tpcc=ECFB2021

    Should Jack Dorsey be able to silence the president of the United States?

    Last week and throughout the weekend, technology companies took the historic step of deplatforming the president of the United States in the wake of a riot in which the US Capitol was stormed by a collection of white nationalists, QAnon supporters, and right wing activists

    The decision to remove Donald Trump, his fundraising and moneymaking apparatus, and a large portion of his supporters from their digital homes because of their incitements to violence in the nation’s Capitol on January 6th and beyond, has led a chorus of voices to call for the regulation of the giant tech platforms.

    They argue that private companies shouldn’t have the sole power to erase the digital footprint of a sitting president.

    But there’s a reason why the legislative hearings in Congress, and the pressure from the president, have not created any new regulations. And there’s also a reason why — despite all of the protestations from the president and his supporters — no lawsuits have effectively been brought against the platforms for their decisions.

    The law, for now, is on their side.

    The protections of speech afforded to American citizens under the First Amendment only apply to government efforts to limit speech.

    The thing is, that marketplace of ideas is always open, but publishers and platforms have the freedom to decide what they want to sell into it.

    So, the First Amendment doesn’t protect an individuals’ rights to access any platform and say whatever the hell they want. In fact, it protects businesses in many cases from having their freedom of speech violated by having the government force them to publish something they don’t want to on their platforms.

    First, the cancellation of speech by businesses isn’t actually hostile to the foundation America was built on. If a group doesn’t like the way it’s being treated in one outlet, it can try and find another. Essentially, no one can force a newspaper to print their letter to the editor.

    Second, users’ speech isn’t what is protected under Section 230; it protects platforms from liability for that speech, which indirectly makes it safe for users to speak freely.

    Right now, Section 230 protects all of these social media companies from legal liability for the stuff that people publish on their platforms (unlike publishers). The gist of the law is that since these companies don’t actively edit what people post on the platforms, but merely provide a distribution channel for that content, then they can’t be held accountable for what’s in the posts.

    The companies argue that they’re exercising their own rights to freedom of speech through the algorithms they’ve developed to highlight certain pieces of information or entertainment, or in removing certain pieces of content. And their broad terms of service agreements also provide legal shields that allow them to act with a large degree of impunity.

    Conservatives and liberals crowing for the removal of Section 230 protections may find that it would reinstitute a level of comity online, but the fringes will be even further marginalized. If you’re a free speech absolutist, that may or may not be the best course of action.

    Keller notes that the existing body of laws “does not currently support must-carry claims against user-facing platforms like Facebook or YouTube, because Congress emphatically declined to extend it to them in the 1996 Telecommunications Act.”

    Lawmakers in Europe, seeing the actions from U.S. companies over the last week, aren’t wasting any time in drafting their own responses and increasing their calls for more regulation.

    Reply
  4. Tomi Engdahl says:

    Twitter Has Removed More Than 70,000 Accounts Linked To QAnon Conspiracy Since Capitol Riots
    https://www.forbes.com/sites/roberthart/2021/01/12/twitter-has-removed-more-than-70000-accounts-linked-to-qanon-conspiracy-since-capitol-riots/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie

    More than 70,000 Twitter accounts linked with the far-right QAnon conspiracy movement have been banned from the platform following riots in the Capitol last week, the company announced Monday as part of a wider crackdown on conspiracies, misinformation and “ attempts to incite violence, organize attacks, and share deliberately misleading information about the election outcome” that has seen President Donald Trump and his high-profile supporters permanently blocked from the platform over fears he will use it to incite violence. 

    “We’ve been clear that we will take strong enforcement action on behavior that has the potential to lead to offline harm,” Twitter said in a blog post announcing the purge Monday, citing the “increased risk of harm” following violence in Washington, D.C., last week.

    Reply
  5. Tomi Engdahl says:

    House Democrats Move To Punish GOP Colleagues For Helping Incite Capitol Attack
    http://on.forbes.com/6181HnhSS

    House Democrats introduced resolutions Monday to censure, investigate and potentially remove House Republicans who played a role in inciting Wednesday’s violent attack at the U.S. Capitol building

    Reply
  6. Tomi Engdahl says:

    A Disgruntled Employee Changed The State Department’s Website To Say That Trump’s Term Ends Today, Sources Say
    https://www.buzzfeednews.com/article/christopherm51/state-department-website-trump-term-ending-employee

    Secretary of State Mike Pompeo is launching an investigation after biographical pages for the president and vice president were changed on Monday.

    Reply
  7. Tomi Engdahl says:

    Supreme Court Refuses To Consider GOP Post-Election Cases Before Biden Takes Office
    https://www.forbes.com/sites/alisondurkee/2021/01/11/supreme-court-refuses-to-consider-gop-trump-post-election-cases-before-biden-takes-office/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie

    The U.S. Supreme Court rejected motions to fast-track eight GOP-led lawsuits Monday that challenged President-elect Joe Biden’s victory, including lawsuits led by President Donald Trump and former Trump legal advisor Sidney Powell, effectively killing the post-election litigation by ensuring it won’t be heard before Biden takes office and likely renders the cases moot.

    Reply
  8. Tomi Engdahl says:

    Sen. Mark Warner Asks AT&T, Facebook, Twitter, Others to Preserve Insurrection Evidence
    By John Eggerton 3 days ago
    Said they should retain SMS communications, posts, videos and more
    https://www.nexttv.com/news/sen-john-warner-asks-atandt-facebook-twitter-others-to-preserve-insurrection-evidence

    Sen. Mark Warner (D-Va.), incoming Senate Intelligence Committee chairman and himself a former cell phone executive, has called on telecoms and social media to preserve evidence of the storming of the U.S Capitol that left 5 dead and legislators shaken.

    In letters to AT&T, T-Mobile and Verizon he asked them to “immediately” preserve content and metadata connected to the “insurrectionist attack on the U.S. Capitol.”

    In letters to social media companies Apple, Facebook, Gab, Google, Parler, Signal, Telegram, and Twitter, he asked them, if they haven’t already, to immediately preserve “any and all posts, communications, videos and other media, meta-data, cloud backups, and subscriber information, whether currently on your platform or in any backup or archived state, that may be associated with Wednesday’s insurrectionist attack on the United States Capitol.”

    Reply
  9. Tomi Engdahl says:

    We Can Uphold Free Speech and Hold President Trump Accountable
    https://www.aclu.org/news/civil-liberties/we-can-uphold-free-speech-and-hold-president-trump-accountable/

    We concluded that President Trump’s remarks on Jan. 6 can be considered part of a pattern of efforts to upend an election he lost. If a president’s repeated lies, illegal political pressure, and the stoking of a mob to subvert the democratic process are not an abuse of power warranting impeachment, it is difficult to know what would be.

    The ACLU believes a president can be impeached for speech that a private citizen could not be prosecuted for.

    First, proceedings to impeach and remove a president are not criminal proceedings. They specifically seek to remove the president from office. While the First Amendment would likely bar the criminal conviction of a private citizen for the president’s Jan. 6 speech, impeachment is a political remedy: to remove an executive official who has abused his office, not to convict them of a criminal offense.

    Reply
  10. Tomi Engdahl says:

    SolarWinds Says It Has Found Source of Massive Cyberattack
    https://www.thestreet.com/investing/solarwinds-swi-source-cyberattack

    SolarWinds reveals in an SEC filing that it has found the source of the coding believed to have been used in recent corporate and government cyberattacks.

    Security software provider SolarWinds (SWI) – Get Report revealed Tuesday that it has found the source of a highly sophisticated malicious code injection that it believes was used by the perpetrators of the recent cyberattack on the company and its clients, including federal government agencies.

    “Analysis suggests that by managing the intrusion through multiple servers based in the United States and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by both SolarWinds, other private companies and the federal government,” the company said in the 8K filing submitted to the Securities and Exchange Commission.
    “The SUNBURST malicious code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment. If exploited, the perpetrators then had to avoid firewalls and other security controls within the customer’s environment.”

    Hackers believed to be linked to Russia’s foreign intelligence service between March and June of last year inserted malware into software updates for SolarWinds’ Orion IT infrastructure management software. This led to security breaches at the Treasury Department, the National Telecommunications and Information Administration, the Department of Homeland Security and a number of SolarWinds’ corporate clients.

    Reply
  11. Tomi Engdahl says:

    YouTube Takes Down New Trump Video, Bans All Uploads From His Channel For 7 Days
    https://www.forbes.com/sites/siladityaray/2021/01/13/youtube-takes-down-new-trump-video-bans-all-uploads-from-his-channel-for-7-days/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie

    YouTube has taken down a new video uploaded on President Donald Trump’s channel for violating the platform’s policies on inciting violence and has banned the channel from posting any new content for the next seven days, the company announced late on Tuesday night, adding to the growing list of social platforms that have shut down or curbed the outgoing president’s online presence due to concerns of potential violence.

    In a statement shared with Forbes, YouTube said that it had taken down the video after “careful review, and in light of concerns about the ongoing potential for violence.”

    The Google-owned platform has also indefinitely disabled comments for all videos uploaded on the president’s channel due to safety concerns, YouTube’s statement added.

    Reply
  12. Tomi Engdahl says:

    Airbnb Cancels All Inauguration Week Reservations — And Bans Capitol Rioters Who Used App
    https://www.forbes.com/sites/joewalsh/2021/01/13/airbnb-cancels-all-inauguration-week-reservations—and-bans-capitol-rioters-who-used-app/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie

    Airbnb is calling off all reservations in the Washington, D.C. area during next week’s Inauguration amid official calls for would-be tourists to stay away from the nation’s capital, and the rental app admits it has banned users who allegedly participated in last week’s violence.

    Airbnb will cancel all existing reservations and block any future bookings near D.C. during Inauguration week, offering full refunds to guests and reimbursing hosts for lost income, the room rental app said in a statement on Wednesday.

    The company says it’s following guidance from local officials who are urging people not to travel to D.C. for President-elect Joe Biden’s inauguration, and it is concerned about new reports that armed far-right groups are plotting violent disruptions next week.

    Reply
  13. Tomi Engdahl says:

    Cyber experts say advice from breached IoT device company Ubiquiti falls short
    https://www.scmagazine.com/home/security-news/ubiquiti-urges-password-reset-2fa-after-breach/

    IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal.

    The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.

    Ubiquiti tells customers to change passwords after security breach
    Data for UI.com accounts was accessed in mysterious data breach.
    https://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/

    Reply
  14. Tomi Engdahl says:

    Preparing For The Worst: National Guard Troops Sleep In Capitol Building Amid Security Increases (Photos)
    https://www.forbes.com/sites/carlieporterfield/2021/01/13/preparing-for-the-worst-national-guard-troops-sleep-in-capitol-building-amid-security-increases-photos/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie

    Security measures at the U.S. Capitol building and at statehouses across the U.S. have been bolstered in the wake of last week’s riot on Capitol Hill, as more protests are expected from supporters of President Donald Trump ahead of President-elect Joe Biden’s inauguration in a week.

    Reply
  15. Tomi Engdahl says:

    Voting Machine Company Threatens Researchers for Exposing Valid Security Flaws
    https://www.vice.com/en/article/3an7kj/election-hardware-vendor-threatens-researchers-for-exposing-valid-security-flaws?utm_content=1610559007&utm_medium=social&utm_source=MOTHERBOARD_facebook

    Election Systems and Software (ES&S) is sending cease and desist letters to organizations simply for highlighting proven security vulnerabilities.

    A major manufacturer of voting machine hardware has threatened researchers for highlighting proven privacy and security vulnerabilities in their products.

    Last week, Election Systems and Software (ES&S) fired off a cease and desist letter to SMART Elections, a New York State based non-partisan project designed to bring greater public awareness to the lack of security in electronic election equipment.

    “Security experts and good government groups say that the ExpressVote XL has a flawed design that makes it dangerously insecure, and that it is also glitchy and over-priced,” the group warned. “Many of them strongly oppose its use. Voters with disabilities have often struggled to use it.”

    ES&S didn’t take the criticism particularly well, and in its cease and desist letter claims the organization was engaged in “defamation and trade disparagement.”

    ES&S lawyers appear particularly annoyed by claims that the “ExpressVote XL can add, delete, or change the votes on individual ballots,” will “deteriorate our security and our ability to have confidence in our elections,” and is a “bad voting machine” in general.

    But many experts, including Princeton University professor Andrew Appel, say the accusations and criticism levied against ES&S are absolutely correct.

    https://freedom-to-tinker.com/2021/01/11/ess-voting-machine-company-sends-threats/

    Reply
  16. Tomi Engdahl says:

    Signal’s downloads skyrocketed 4,200% after WhatsApp announced it would force users to share personal data with Facebook
    https://trib.al/2YczBuL

    Reply
  17. Tomi Engdahl says:

    This is wrong in so many ways, making ISPs gatekeepers is the foundation for censorship

    Federal Court Upholds $1 Billion Copyright Infringement Ruling Against Cox Communications
    https://www.digitalmusicnews.com/2021/01/12/cox-communications-penalty-upheld/

    A federal court has ordered mega-ISP Cox Communications to pay the entire $1 billion copyright infringement penalty that a jury levied against it in December of 2019, as part of its years-long courtroom confrontation with the RIAA and the Big Three labels.
    The underlying lawsuit between Atlanta, Georgia-headquartered Cox Communications and the RIAA initiated in late July of 2018, when the major labels formally alleged that Cox had reaped substantial profits from “massive copyright infringement committed by thousands of its subscribers.”

    A jury in late December of 2019 agreed with the plaintiffs, finding Cox Communications guilty of both vicarious and contributory infringement on some 10,017 works – and attaching a $99,830.29 fee to each of the alleged violations, bringing the grand damages total to just over $1 billion. (The amount was rounded down to $1 billion even on the “total damages” line.)

    in early June of 2019, U.S. District Judge Liam O’Grady dismissed the majority of Cox’s challenges against the stunning verdict, but indicated that the disclosed total of 10,017 allegedly infringed works may have been “premature.”

    Consequently, Judge O’Grady granted Cox Communications time to provide an updated list, accounting specifically for claims that “certain works at issue were derivative of others.”

    Now, two new legal documents, shared with Digital Music News this afternoon, reveal that Judge O’Grady has upheld the $99,830.29 in damages for each of the allegedly infringed works – or a rounded-down total of $1 billion.
    In a six-page-long order (dated today, January 12th), Judge O’Grady explained that whether the plaintiffs, including Sony Music, Universal Music, and Warner Music, “are entitled to statutory damages for derivative works is a question of law, and one that has been answered in the negative by case law persuasive to the Court.”

    In other words, statutory damages (in this case, almost $100,000 for each of the aforementioned 10,017 works) shouldn’t be calculated for derivative works.

    Nevertheless, Cox must still pay the full $1 billion, for all 10,017 works, because it “did not present evidence of the supposed relationship between the sound recordings and musical compositions at trial.” Rather, the entity did so in an August of 2019 motion for summary judgement.

    Towards the order’s conclusion, Judge O’Grady wrote: “Cox’s failure to present evidence to the jury that it had infringed on only 7,579 works resulted in the jury’s determination that Cox had infringed on 10,017 works. … Clearly, the number of derivative works in play in this case was a question for the jury. The jury answered that question with the information available, and Cox did not provide the information to the jury that it has provided to the Court in its post-brief trial.”

    Reply
  18. Tomi Engdahl says:

    Revealed: How the FBI Tracked Down Ghislaine Maxwell
    https://www.thedailybeast.com/how-the-fbi-tracked-down-ghislaine-maxwell-alleged-madam-of-jeffrey-epstein

    Before the feds busted Ghislaine Maxwell, they tracked her to a New Hampshire hideaway using her cellphone data, according to a newly unsealed court filing.

    Reply
  19. Tomi Engdahl says:

    Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets
    https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/

    The campaign includes: Domain registrations, websites, trojanized applications, fake social media accounts and a new undetected RAT that we have named ElectroRAT. ElectroRAT is written in Golang and compiled to target multiple operating systems: Windows, Linux and MacOS.

    It is rather common to see various information stealers trying to collect private keys to access victims’ wallets. However, it is rare to see tools written from scratch and used to target multiple operating systems for these purposes.

    Reply
  20. Tomi Engdahl says:

    Some in the tech community say that there are other routes for Parler, non-American based mobile phones & app stores, Content Distribution Networks, Virtual Private Servers – though I am doubtful. The proof will be in whether Parler survives its GAFAM banishment…

    How Silicon Valley, in a Show of Monopolistic Force, Destroyed Parler
    https://greenwald.substack.com/p/how-silicon-valley-in-a-show-of-monopolistic

    In the last three months, tech giants have censored political speech and journalism to manipulate U.S. politics, while liberals, with virtual unanimity, have cheered.

    Reply
  21. Tomi Engdahl says:

    The Hack Roundup: SolarWinds Shares Details on How Attackers Inserted Backdoor
    https://www.nextgov.com/cybersecurity/2021/01/hack-roundup-solarwinds-shares-details-how-attackers-inserted-backdoor/171359/

    SolarWinds released details and a new timeline for how attackers compromised its Orion product, which government agencies and private-sector companies are still attempting to remediate.

    The company, with help from KPMG and Crowdstrike, discovered “highly sophisticated and novel code” that injected the Sunburst malware into Orion products, according to a Jan. 11 blog post from SolarWinds President and Chief Executive Officer Sudhakar Ramakrishna, who joined the company this month.

    Reply
  22. Tomi Engdahl says:

    Telegram feature exposes your precise address to hackers
    Messenger maker has expressed no plans to fix location disclosure flaw.
    https://arstechnica.com/information-technology/2021/01/telegram-feature-exposes-your-precise-address-to-hackers/

    Reply
  23. Tomi Engdahl says:

    Intel adds hardware-based ransomware detection to 11th gen CPUs
    https://www.bleepingcomputer.com/news/security/intel-adds-hardware-based-ransomware-detection-to-11th-gen-cpus/

    Intel announced today at CES 2021 that they have added hardware-based ransomware detection to their newly announced 11th generation Core vPro business-class processors.

    These hardware-based detections are accomplished using Intel Threat Detection Technology (Intel TDT) and Hardware Shield that run directly on the CPU underneath the operating system and firmware layers.

    Reply
  24. Tomi Engdahl says:

    Kaspersky Lab autopsies evidence on SolarWinds hack
    In a brave move, Russian firm fingers its own govt as one possible source of cyber badness
    https://www.theregister.com/2021/01/12/solarwinds_russia_kaspersky/

    Reply
  25. Tomi Engdahl says:

    The Hacker Who Archived Parler Explains How She Did It (and What Comes Next)
    https://www.vice.com/en/article/n7vqew/the-hacker-who-archived-parler-explains-how-she-did-it-and-what-comes-next

    The hacker, donk_enby, explained that she only scraped what was publicly available: “I hope that it can be used to hold people accountable and to prevent more death.”

    Pirate Bay Founder Thinks Parler’s Inability to Stay Online Is ‘Embarrassing’
    https://www.vice.com/en/article/3an7pn/pirate-bay-founder-thinks-parlers-inability-to-stay-online-is-embarrassing

    Peter Sunde Kolmisoppi calls Parler’s face plant in the wake of its deplatforming ‘embarrassing,’ driven by ‘egotism.’

    Reply
  26. Tomi Engdahl says:

    Google reveals sophisticated Windows and Android hacking operation
    https://www.zdnet.com/article/google-reveals-sophisticated-windows-android-hacking-operation/

    The attackers used a combination of Android, Chrome, and Windows vulnerabilities, including both zero-days and n-days exploits.

    Reply
  27. Tomi Engdahl says:

    How the antifa conspiracy theory traveled from the fringe to the floor of Congress
    https://eu.usatoday.com/in-depth/news/2021/01/12/how-antifa-conspiracy-theory-traveled-fringe-floor-congress/6620908002/

    Rampant on fringe platforms, the claim that “anti-fascists” were inciting violence at the Capitol spread fast through right-wing media to Congress

    After weeks of planting the idea, dozens of extremists used social media to promote an idea with no basis in reality – that the people besieging the Capitol were actually far-left agitators disguised as Trump supporters.

    Reply
  28. Tomi Engdahl says:

    Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses
    https://techcrunch.com/2021/01/14/ring-neighbors-exposed-locations-addresses/?tpcc=ECFB2021

    A security flaw in Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app.

    Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues.

    While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app

    Reply
  29. Tomi Engdahl says:

    Ethical Hackers Breach U.N., Access 100,000 Private Records
    https://threatpost.com/hackers-breach-un-access-records/162944/

    Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.

    Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information (PII)–including more than 100,000 private employee and project records—before informing the U.N. about the problem through the organization’s vulnerability disclosure program.

    Ethical hackers from the research group Sakura Samurai used a vulnerability in a GitHub directory that exposed WordPress DB and GitHub credentials, allowing access to numerous private records from the U.N.’s Environment Program (UNEP).

    “The credentials gave us the ability to download the Git repositories, identifying a ton of user credentials and PII,” they wrote.

    Researchers were able to access a significant amount of sensitive U.N. information in their breach, including 102,000 travel records; more than 7,000 records of human resources nationality demographics; more than 1,000 generalized employee records; more than 4,000 project and funding-source records; and evaluation reports of 283 projects.

    Data revealed in the records included the names, ID numbers, nationalities, genders, pay grades and a raft of other personal information pertaining to U.N. employees, as well as identification numbers, locations and financing amounts for various UNEP projects, as well as funding sources and other specific details.

    Reply
  30. Tomi Engdahl says:

    DOES YOUR THREAT MODEL CONSIDER COUNTRY AND CULTURE? A CASE STUDY OF BRAZILIAN INTERNET BANKING SECURITY TO SHOW THAT IT SHOULD!
    https://www.usenix.org/conference/enigma2021/presentation/botacin

    Reply
  31. Tomi Engdahl says:

    Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
    https://threatpost.com/hacks-android-windows-zero-day/163007/

    Watering-hole attacks executed by ‘experts’ exploited Chrome, Windows and Android flaws and were carried out on two servers.

    Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms.

    Working together, researchers from Google Project Zero and the Google Threat Analysis Group (TAG) uncovered the attacks, which were “performed by a highly sophisticated actor,” Ryan from Project Zero wrote in the first of a six-part blog series on their research.

    Reply
  32. Tomi Engdahl says:

    https://www.vice.com/en/article/n7vqew/the-hacker-who-archived-parler-explains-how-she-did-it-and-what-comes-next?utm_content=1610483405&utm_medium=social&utm_source=MOTHERBOARD_facebook

    “Everything we grabbed was publicly available on the web, we just made a permanent public snapshot of it,” donk_enby told me.

    Nevertheless, with the FBI, state and local law enforcement, and open-source investigators looking for media from Wednesday’s attack, the archive could be highly useful to a whole host of people.

    “I hope that it can be used to hold people accountable and to prevent more death,”

    When word of donk_enby’s project broke online, competing theories circled about what information had actually been pulled. What donk_enby actually did was an old school scrape of already publicly available information. Using a jailbroken iPad and Ghidra, a piece of reverse-engineering software designed and publicly released by the National Security Agency, donk_enby managed to exploit weaknesses in the website’s design to pull the URL’s of every single public post on Parler in sequential order, from the very first to the very last, allowing her to then capture and archive the contents.

    Reply
  33. Tomi Engdahl says:

    Reports: National Mall To Close On Inauguration Day Amid Security Fears
    https://www.forbes.com/sites/alisondurkee/2021/01/14/reports-national-mall-to-close-on-inauguration-day-amid-security-fears/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie

    The National Mall, which typically houses throngs of crowds on Inauguration Day, will instead be completely shuttered Wednesday as President-elect Joe Biden is sworn into office, multiple outlets report, further blocking protesters from getting within the vicinity of the U.S. Capitol building amid fears of a potential attack during the inauguration.

    Citing anonymous sources familiar with the closing, the Washington Post reports the entire National Mall—which runs from the U.S. Capitol building to the Lincoln Memorial, with the Washington Monument in between—will only be open to media and security personnel on Inauguration Day.

    Reply
  34. Tomi Engdahl says:

    Developer Makes Interactive Map of Parler Videos From Capitol Hill Riots
    https://www.vice.com/en/article/pkdmm8/developer-makes-interactive-map-of-parler-videos-from-capitol-hill-riots

    The map is the first to allow people to easily see the videos taken at the Capitol Hill insurrection and saved from the Parler archive

    Reply
  35. Tomi Engdahl says:

    Many prophesied that deepfakes – media doctored with the help of artificial intelligence – will wreak havoc around the world. It did not. However, the idea that anyone can fake a video allows for a different type of problem: a threat to real video evidence of wrongdoing.

    An unintended consequence: can deepfakes kill video evidence?
    https://cybernews.com/privacy/an-unintended-consequence-can-deepfakes-kill-video-evidence/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=unintended_c&fbclid=IwAR0lGRwUIzb5vA7TFsUJry7MDz0CEQmN8OywHHMo8SvcQr–VLC4sTH_GyE

    A day after rioters stormed the U.S. Capitol building, President Trump addressed the nation, claiming that “demonstrators do not represent the country” and that he will “focus on the seamless transition of power.”

    A somewhat unexpected change in the President’s rhetoric prompted various conspiracy theories, claiming that Mr. Trump did not say any of this. Thousands on social media believe the address was an AI-generated deepfake, even though fact-checkers quickly debunked such claims.

    One of the most significant risks we heard globally was that people start saying that every bit of proof has been faked and demand to prove it’s real,

    Sam Gregory

    Reply
  36. Tomi Engdahl says:

    Gab CEO Denies Responsibility For Capitol Attack Amid Increased Scrutiny
    https://www.forbes.com/sites/jemimamcevoy/2021/01/14/gab-ceo-denies-responsibility-for-capitol-attack-amid-increased-scrutiny/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie

    Facing a call for a criminal investigation into his platform’s role in last week’s attack on the U.S. Capitol, the CEO of Gab, a self-branded “free speech” social media site that heavily pitches itself as an alternative for conservatives disillusioned with Facebook and Twitter, told Forbes he won’t accept blame for the deadly violence.

    The Anti-Defamation League (ADL) called for the federal government to investigate Gab and CEO Andrew Torba to determine whether the platform “intentionally aided” individuals who carried out the Jan. 6 attack in a Wednesday letter, citing posts in which Torba told users “heading to DC” to record “video footage in landscape mode” in anticipation of “communist violence” and wrote (he claims in earnest) that it “would be a real shame if the people outside stormed the Senate.” 

    Reply
  37. Tomi Engdahl says:

    Facebook Has Been Showing Military Gear Ads Next To Insurrection Posts
    https://www.buzzfeednews.com/article/ryanmac/facebook-profits-military-gear-ads-capitol-riot

    Earlier this week, Facebook employees warned that military product ads were being advertised against news about DC riots. The company did not act.

    Reply
  38. Tomi Engdahl says:

    Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
    https://threatpost.com/hacks-android-windows-zero-day/163007/

    Reply
  39. Tomi Engdahl says:

    Priti Patel under fire as 150,000 police records accidentally lost
    https://www.theguardian.com/politics/2021/jan/15/priti-patel-under-fire-as-150000-police-records-accidentally-lost

    Fingerprint, DNA and arrest history records deleted and visa system thrown into disarray

    The UK home secretary, Priti Patel, is coming under pressure to account for the mass deletion of 150,000 arrest records from crucial police databases.

    Fingerprint, DNA and arrest history records were deleted, which could allow offenders to go free because evidence from crime scenes will not be flagged on the Police National Computer (PNC).

    Reply
  40. Tomi Engdahl says:

    Technical issue resolved after ’150,000 police records lost’
    https://www.bbc.co.uk/news/uk-55672194

    The government is assessing the impact of a “technical issue” that led to 150,000 records being deleted from police databases.

    The Home Office said the lost entries related to people who were arrested and then released without further action.

    The data was lost from the Police National Computer – a system that stores and shares criminal records information across the UK.

    A coding error resulted in records that had been flagged for deletion being lost from the database before checks had been carried out to determine whether they could be lawfully held or not.

    The data loss could hinder future police investigations because the fingerprint or DNA evidence would not be able to be cross-checked against evidence from other crime scenes.

    Shadow home secretary Nick Thomas-Symonds called on Home Secretary Priti Patel to take responsibility for the error and be clear about the impact it had had.

    Reply
  41. Tomi Engdahl says:

    Security researcher Fredrik Almroth assumed someone in the Congolese government would pay to reclaim the domain. But nobody ever did.

    A security researcher commandeered a country’s expired top-level domain to save it from hackers
    https://techcrunch.com/2021/01/15/congo-comandeered/?tpcc=ECFB2021

    Fredrik Almroth thought the authorities would try to save the critical domain name. Nobody ever did.

    The domain — scpt-network.com — was one of two nameservers for the .cd country code top-level domain, assigned to the Democratic Republic of Congo. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing.

    Clearly, a domain of such importance wasn’t supposed to expire; someone in the Congolese government probably forgot to pay for its renewal. Luckily, expired domains don’t disappear immediately. Instead, the clock started on a grace period for its government owners to buy back the domain before it was sold to someone else.

    By chance, Fredrik Almroth, a security researcher and co-founder of cybersecurity startup Detectify, was already looking at nameservers of country code top-level domains (or ccTLDs)

    By the end of December, the clock was almost up and the domain was about to fall off the internet. Within minutes of the domain becoming available, Almroth quickly snapped it up to prevent anyone else from taking it over — because, as he told TechCrunch, “the implications are kind of huge.”

    It’s rare but not unheard of for a top-level domain to expire.

    In 2017, security researcher Matthew Bryant took over the nameservers of the .io top-level domain, assigned to the British Indian Ocean Territory. But malicious hackers have also shown interest in targeting top-level domain hacks into companies and governments that use the same country-based domain suffix.

    Taking over a nameserver is not supposed to be an easy task because they are a vital part of how the internet works.

    With control of an authoritative nameserver, malicious hackers could run man-in-the-middle attacks to silently intercept and redirect to malicious webpages internet users going to legitimate sites.

    Worse, Almroth said with control of the nameserver it was possible to obtain valid SSL (HTTPS) certificates, allowing for an attacker to intercept encrypted web traffic or any email mailbox for any .cd domain, he said.

    In the end, the Congolese government didn’t bother asking for the domain back. It spun up an entirely new but similarly named domain — scpt-network.net — to replace the one now in Almroth’s possession.

    ICANN encouraged countries to follow best practices and to use DNSSEC, a cryptographically more secure technology that makes it nearly impossible to serve up spoofed websites.

    Reply
  42. Tomi Engdahl says:

    SolarWinds defense: How to stop similar attacks
    https://www.zdnet.com/article/solarwinds-defense-how-to-stop-similar-attacks/

    The Linux Foundation, which knows a thing or two about building secure software, has suggestions on how we can avoid SolarWinds type attacks in the future. It won’t be easy. But it must be done.

    One of the most irritating things about the SolarWinds attack was that the Russian crack went unnoticed from March to December 2020. During that time, the Russian government’s SolarWinds hack was opening the door to the secrets of numerous top American government agencies and tech companies. Even now, we’re still trying to get our minds around just how widespread and bad the SolarWinds cracks were.

    The root causes of this crack were a dangerous set of software supply-chain failures. It’s too late for anything but damage control for SolarWinds, but The Linux Foundation has found several lessons to make sure your programs, whether open source or proprietary, avoid SolarWinds-style disasters.

    By entering the program before it’s even properly a program, this hack makes most conventional security advice useless. For example,

    “Only install signed versions” doesn’t help because this software was signed.

    “Update your software to the latest version” doesn’t help because the updated software was the subverted one.

    “Monitor software behavior” eventually detected the problem, but the attack was quite stealthy and was only detected after tremendous damage was done.

    “Review source code” is not a certain defense either. In Orion’s case, it’s not even certain that developers could have spotted the source code changes.

    Finally, since Orion isn’t open-source software, no one could independently audit the code. Only the company’s developers could review it or its build system and configurations.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*