Cyber security news January 2021

This posting is here to collect cyber security news in January 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

369 Comments

  1. Tomi Engdahl says:

    ‘They’re Trying To Cancel Me’: Retailers Drop MyPillow Amid CEO’s Baseless Voter Fraud Claims
    https://www.forbes.com/sites/roberthart/2021/01/19/theyre-trying-to-cancel-me-retailers-drop-mypillow-amid-ceos-baseless-voter-fraud-claims/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&sh=156391d96863

    MyPillow CEO Mike Lindell, a prominent Trump ally, says major retailers have dropped his products amid his continued spread of baseless voter fraud conspiracies and claims that the election was rigged against Trump, which have prompted backlash online and an “imminent” defamation lawsuit from Dominion Voting Systems.

    Reply
  2. Tomi Engdahl says:

    12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency
    https://cybernews.com/security/12000-workers-ids-banking-details-and-other-personal-data-leaked-by-uk-staffing-agency/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=12000_ids&fbclid=IwAR0nMdlnXaFX5R5T55vqMlkqZZ5C9XYAYDrzP1VMHWlnFz634Ov2pokGh0A

    We recently discovered an unsecured Microsoft Azure Blob that contains deeply sensitive documents of more than 12,000 construction workers, including scans of passports, national IDs, birth certificates, and tax returns. The cloud storage also contains self-employment contracts that include personally identifiable information such as full names, addresses, UK national insurance numbers, and signatures.

    Reply
  3. Tomi Engdahl says:

    The Russian Company Protecting Parler From Cyberattack: We Don’t Endorse ‘Radical Organizations Or Extremism’
    https://www.forbes.com/sites/thomasbrewster/2021/01/19/the-russian-company-protecting-parler-from-cyberattack-we-dont-endorse-radical-organizations-or-extremism/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&sh=773b2d01180d

    Onlookers noticed Parler had acquired the services of a company called DDoS-Guard. Heads turned when the news emerged that DDoS-Guard was Russian. Concerns abound that the Kremlin has long attempted to inflame America’s politics using social media, and the use of Parler amongst the mob in this month’s siege of Capitol Hill has caused enough concern to be investigated by the FBI.

    Not that the Russian provider should have access to much Parler data, as it essentially acts as a kind of bouncer for customers.

    if you see Parler as a place where free speech is king, DDoS-Guard is simply enabling that. American company CloudFlare, which also provides anti-DDoS services, has repeatedly had to confront this issue

    Reply
  4. Tomi Engdahl says:

    Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency
    https://www.zdnet.com/article/ongoing-ransomware-attack-leaves-systems-badly-affected-says-scottish-environment-agency/

    Almost a month on from the initial attack, the Scottish Environment Protection Agency’s (SEPA) systems remain offline – and data stolen from the organisation has been published by hackers.

    Reply
  5. Tomi Engdahl says:

    Fourth malware strain discovered in SolarWinds incident
    https://www.zdnet.com/article/fourth-malware-strain-discovered-in-solarwinds-incident/

    Symantec said it identified Raindrop, the fourth malware strain used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop.

    Reply
  6. Tomi Engdahl says:

    Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online
    https://www.zdnet.com/article/hackers-manipulated-stolen-vaccine-data-before-leaking-it-online/

    European Medicines Agency says investigation into cyberattack has revealed the hackers have attempted to “undermine trust” in COVID-19 vaccines.

    Reply
  7. Tomi Engdahl says:

    Multiple backdoors and vulnerabilities discovered in FiberHome routers
    At least 28 backdoor accounts found in FiberHome FTTH ONT routers.
    https://www.zdnet.com/article/multiple-backdoors-and-vulnerabilities-discovered-in-fiberhome-routers/

    Reply
  8. Tomi Engdahl says:

    WHAT YOU SHOULD KNOW BEFORE LEAKING A ZOOM MEETING
    At least one leaker has already been exposed. Here’s how to protect yourself or your sources.
    https://theintercept.com/2021/01/18/leak-zoom-meeting/

    Reply
  9. Tomi Engdahl says:

    Jared Mauch didn’t have good broadband—so he built his own fiber ISP
    “I had to start a telephone company to get [high-speed] Internet access.”
    https://arstechnica.com/information-technology/2021/01/jared-mauch-didnt-have-good-broadband-so-he-built-his-own-fiber-isp/

    Reply
  10. Tomi Engdahl says:

    You’re using your Android and Mac’s fingerprint reader all wrong
    Here’s how to get your fingerprint reader to work for you the first time, every time.
    https://www.zdnet.com/article/youre-using-your-android-and-macs-fingerprint-reader-all-wrong/

    Reply
  11. Tomi Engdahl says:

    How to secure your Google account and keep it safe from attacks
    https://www.zdnet.com/article/how-to-lock-down-your-google-account-and-keep-it-safe-from-outside-attackers/

    If you live in Gmail and other Google services, your Google account is one of your most valuable online assets. Follow these seven steps to establish a solid baseline of security and pr

    Reply
  12. Tomi Engdahl says:

    Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
    https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/

    Reply
  13. Tomi Engdahl says:

    Malwarebytes said it was hacked by the same group who breached SolarWinds
    https://www.zdnet.com/article/malwarebytes-said-it-was-hacked-by-the-same-group-who-breached-solarwinds/

    Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike.

    Reply
  14. Tomi Engdahl says:

    Livecoin slams its doors shut after failing to recover from hack, financial loss
    The exchange suffered an alleged cyberattack last month.
    https://www.zdnet.com/article/livecoin-slams-its-doors-shut-after-failing-to-recover-from-hack-financial-loss/

    Livecoin has announced its closure following a cyberattack that allegedly compromised the firm’s infrastructure and exchange rate setup.

    As previously reported by ZDNet, the Russian cryptocurrency exchange claimed it had been hacked roughly around Christmas, with the alleged cyberattackers seizing control of Livecoin systems in order to tamper with exchange rate values.

    Reply
  15. Tomi Engdahl says:

    Making Remote Working Safer Through Securing the Router
    https://pentestmag.com/making-remote-working-safer-through-securing-the-router/

    We recently posted an article posing the question as to whether or not using our personal devices for work at home puts us more at risk. You can read that posthere. In this post, we’d like to expand on the theme a little more.

    Here we’ll look more specifically at your employee’s home networks and what they can do to improve security on them. This will cover both work and home computers.

    Reply
  16. Tomi Engdahl says:

    “Unhackable” Mnemocard Puts Secure Password Generation, Recall in Your Wallet
    https://www.hackster.io/news/unhackable-mnemocard-puts-secure-password-generation-recall-in-your-wallet-5c1813a3ef48

    A simple piece of plastic, Mnemocard has no moving parts or electronic components — but uses patterns to generate and store passwords.

    Reply
  17. Tomi Engdahl says:

    Microsoft Warns ‘Adrozek’ Malware is Infecting Thousands of PCs to Insert Ads
    https://uk.pcmag.com/security/130458/microsoft-warns-adrozek-malware-is-infecting-thousands-of-pcs-to-insert-ads

    ‘We recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia,’ Microsoft said.

    Reply
  18. Tomi Engdahl says:

    Capitol attack’s cybersecurity fallout: Stolen laptops, lost data and possible espionage
    https://www.zdnet.com/article/capitol-attacks-cybersecurity-fallout-stolen-laptops-lost-data-and-possible-espionage/

    The January 6 attack on Election Day certification proceedings in the US Capitol Building has deep cybersecurity ramifications.

    Reply
  19. Tomi Engdahl says:

    Ubiquiti, maker of prosumer routers and access points, has had a data breach
    The email encourages users to change their passwords
    https://www.theverge.com/2021/1/11/22226061/ubiquiti-data-breach-email-third-party-unathorized-access

    Reply
  20. Tomi Engdahl says:

    Myös suomalaisten käyttäjien on hyväksyttävä Whatsapp-viestipalvelun uudet käyttöehdot – jos ehtoja ei hyväksy, sovelluksen käyttö loppuu
    Euroopan alueella käyttöehtojen muutokset koskevat pelkästään Whatsapp Business -palvelua.
    https://yle.fi/uutiset/3-11732227

    Reply
  21. Tomi Engdahl says:

    Osta nyt, älä maksa koskaan
    Selvitimme, miten helppoa verkkokaupoista on tilata tavaraa vääriin käsiin joutuneilla henkilötiedoilla.
    https://yle.fi/uutiset/3-11690670

    Reply
  22. Tomi Engdahl says:

    How to Get Rich Sabotaging Nuclear Weapons Facilities
    Private equity monopolist Orlando Bravo made billions by putting our whole society at risk.
    https://mattstoller.substack.com/p/how-to-get-rich-sabotaging-nuclear

    My Password Is “Password”
    Roughly a month ago, the premier cybersecurity firm FireEye warned authorities that it had been penetrated by Russian hackers, who made off with critical tools it used to secure the facilities of corporations and governments around the world.

    The victims are the most important institutional power centers in America, from the FBI to the Department of Treasury to the Department of Commerce, as well as private sector giants Cisco Systems, Intel, Nvidia, accounting giant Deloitte, California hospitals, and thousands of others. As more information comes out about what happened, the situation looks worse and worse. Russians got access to Microsoft’s source code and into the Federal agency overseeing America’s nuclear stockpile. They may have inserted code into the American electrical grid, or acquired sensitive tax information or important technical and political secrets.

    Cybersecurity is a very weird area, mostly out of sight yet potentially very deadly. Anonymous groups can turn off power plants, telecom grids, or disrupt weapons labs, as Israel did when it used a cyber-weapon to cripple Iranian nuclear facilities in 2010. Bank regulators have to now consult with top military leaders about whether deposit insurance covers incidents where hackers destroy all bank records, and what that would mean operationally. It’s not obvious whether this stuff is war or run-of-the-mill espionage, but everyone knows that the next war will be chock full of new tactics based on hacking the systems of one’s adversary, perhaps using code placed in those systems during peacetime.

    Reply
  23. Tomi Engdahl says:

    Do some firms “deserve” to get hacked?
    https://cybernews.com/editorial/do-some-firms-deserve-to-get-hacked/

    COVID-19 has had a significant impact on a great many of that which we hold dear. The fractious nature of events during 2020 has also significantly raised the prospect of organizations doing wrong by us in some way shape or form. We may be an employee who has been unfairly laid off or a customer who has not received the service (or refund) that we feel we deserve. Maybe we’re simply a general observer who feels an organization has behaved incorrectly towards society in some way.

    Reply
  24. Tomi Engdahl says:

    Google’s plan to replace tracking cookies goes under UK antitrust probe
    https://techcrunch.com/2021/01/08/googles-plan-to-replace-tracking-cookies-goes-under-uk-antitrust-probe/

    Google’s plan to end support for third-party cookies in the Chrome browser and its Chromium engine is under investigation by the U.K.’s Competition and Markets Authority (CMA).

    Reply
  25. Tomi Engdahl says:

    Hackers can clone Google Titan 2FA keys using a side channel in NXP chips
    Yubico and Feitian keys that use the same chip are likely susceptible, too.
    https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/

    Reply
  26. Tomi Engdahl says:

    This new phishing attack uses an odd lure to deliver Windows trojan malware
    https://www.zdnet.com/article/this-new-phishing-attack-uses-an-odd-lure-to-deliver-windows-trojan-malware/

    QRat trojan malware provides hackers with complete control of infected machines and the ability to steal passwords and other sensitive data – but the phishing emails are unconventional.

    Reply
  27. Tomi Engdahl says:

    JetBrains’ build automation software eyed as possible enabler of SolarWinds hack
    Maker of developer tools says it played no role in the attack, hasn’t heard from investigators
    https://www.theregister.com/2021/01/07/jetbrains_solarwinds_accusation/

    Reply
  28. Tomi Engdahl says:

    Nissan source code leaked online after Git repo misconfiguration
    https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/

    Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin.

    Reply
  29. Tomi Engdahl says:

    Hackers can eavesdrop on mobile calls with $7,000 worth of equipment
    VoLTE calls were supposed to be more secure. A fatal flaw can unravel that promise.
    https://arstechnica.com/information-technology/2020/08/your-mobile-calls-may-be-vulnerable-to-a-new-revolting-eavesdrop-attack/

    Reply
  30. Tomi Engdahl says:

    Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020
    https://www.zdnet.com/article/cobalt-strike-and-metasploit-accounted-for-a-quarter-of-all-malware-c-c-servers-in-2020/

    Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families.

    Reply
  31. Tomi Engdahl says:

    Months after this ‘serious’ cyberattack, stolen data has been leaked online by hackers
    The information that was stolen has been published to the dark web.
    https://www.zdnet.com/article/months-after-this-serious-cyber-attack-stolen-data-has-been-leaked-online-by-hackers/

    Reply
  32. Tomi Engdahl says:

    DNSpooq bugs let attackers hijack DNS on millions of devices
    https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/

    Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices.

    Dnsmasq is a popular and open-source Domain Name System (DNS) forwarding software regularly used that adds DNS caching and Dynamic Host Configuration Protocol (DHCP) server capabilities to Internet-of-Things (IoT) and various other embedded devices.

    Reply
  33. Tomi Engdahl says:

    Ticketmaster Pays Up for Hacking a Rival Company
    Employees admitted to using stolen passwords and URL guessing to access confidential data.
    https://arstechnica.com/information-technology/2021/01/ticketmaster-pays-10-million-criminal-fine-for-hacking-a-rival-company/

    Reply
  34. Tomi Engdahl says:

    Analyysi: Trump-fanaatikot ylittivät rajan, jota ei voitu kuvitella – kongressihyökkäys on järkyttävä isku Yhdysvaltain murenevan demokratian sydämeen
    Demokratian pyhättö koki oman johtajansa yllyttämän iskun, kirjoittaa Ylen ulkomaantoimittaja Sara Rigatelli
    https://yle.fi/uutiset/3-11726104

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*