This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
369 Comments
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/software/signal-down-after-getting-flooded-with-new-users/
Tomi Engdahl says:
‘They’re Trying To Cancel Me’: Retailers Drop MyPillow Amid CEO’s Baseless Voter Fraud Claims
https://www.forbes.com/sites/roberthart/2021/01/19/theyre-trying-to-cancel-me-retailers-drop-mypillow-amid-ceos-baseless-voter-fraud-claims/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&sh=156391d96863
MyPillow CEO Mike Lindell, a prominent Trump ally, says major retailers have dropped his products amid his continued spread of baseless voter fraud conspiracies and claims that the election was rigged against Trump, which have prompted backlash online and an “imminent” defamation lawsuit from Dominion Voting Systems.
Tomi Engdahl says:
The 65 days that led to chaos at the Capitol
https://www.bbc.com/news/world-us-canada-55592332
Tomi Engdahl says:
12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency
https://cybernews.com/security/12000-workers-ids-banking-details-and-other-personal-data-leaked-by-uk-staffing-agency/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=12000_ids&fbclid=IwAR0nMdlnXaFX5R5T55vqMlkqZZ5C9XYAYDrzP1VMHWlnFz634Ov2pokGh0A
We recently discovered an unsecured Microsoft Azure Blob that contains deeply sensitive documents of more than 12,000 construction workers, including scans of passports, national IDs, birth certificates, and tax returns. The cloud storage also contains self-employment contracts that include personally identifiable information such as full names, addresses, UK national insurance numbers, and signatures.
Tomi Engdahl says:
The Russian Company Protecting Parler From Cyberattack: We Don’t Endorse ‘Radical Organizations Or Extremism’
https://www.forbes.com/sites/thomasbrewster/2021/01/19/the-russian-company-protecting-parler-from-cyberattack-we-dont-endorse-radical-organizations-or-extremism/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&sh=773b2d01180d
Onlookers noticed Parler had acquired the services of a company called DDoS-Guard. Heads turned when the news emerged that DDoS-Guard was Russian. Concerns abound that the Kremlin has long attempted to inflame America’s politics using social media, and the use of Parler amongst the mob in this month’s siege of Capitol Hill has caused enough concern to be investigated by the FBI.
Not that the Russian provider should have access to much Parler data, as it essentially acts as a kind of bouncer for customers.
if you see Parler as a place where free speech is king, DDoS-Guard is simply enabling that. American company CloudFlare, which also provides anti-DDoS services, has repeatedly had to confront this issue
Tomi Engdahl says:
Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency
https://www.zdnet.com/article/ongoing-ransomware-attack-leaves-systems-badly-affected-says-scottish-environment-agency/
Almost a month on from the initial attack, the Scottish Environment Protection Agency’s (SEPA) systems remain offline – and data stolen from the organisation has been published by hackers.
Tomi Engdahl says:
Fourth malware strain discovered in SolarWinds incident
https://www.zdnet.com/article/fourth-malware-strain-discovered-in-solarwinds-incident/
Symantec said it identified Raindrop, the fourth malware strain used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop.
Tomi Engdahl says:
Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online
https://www.zdnet.com/article/hackers-manipulated-stolen-vaccine-data-before-leaking-it-online/
European Medicines Agency says investigation into cyberattack has revealed the hackers have attempted to “undermine trust” in COVID-19 vaccines.
Tomi Engdahl says:
Multiple backdoors and vulnerabilities discovered in FiberHome routers
At least 28 backdoor accounts found in FiberHome FTTH ONT routers.
https://www.zdnet.com/article/multiple-backdoors-and-vulnerabilities-discovered-in-fiberhome-routers/
Tomi Engdahl says:
Finding Path Traversal Vulnerability
https://pentestmag.com/finding-path-traversal-vulnerability/
Tomi Engdahl says:
WHAT YOU SHOULD KNOW BEFORE LEAKING A ZOOM MEETING
At least one leaker has already been exposed. Here’s how to protect yourself or your sources.
https://theintercept.com/2021/01/18/leak-zoom-meeting/
Tomi Engdahl says:
Jared Mauch didn’t have good broadband—so he built his own fiber ISP
“I had to start a telephone company to get [high-speed] Internet access.”
https://arstechnica.com/information-technology/2021/01/jared-mauch-didnt-have-good-broadband-so-he-built-his-own-fiber-isp/
Tomi Engdahl says:
You’re using your Android and Mac’s fingerprint reader all wrong
Here’s how to get your fingerprint reader to work for you the first time, every time.
https://www.zdnet.com/article/youre-using-your-android-and-macs-fingerprint-reader-all-wrong/
Tomi Engdahl says:
How to secure your Google account and keep it safe from attacks
https://www.zdnet.com/article/how-to-lock-down-your-google-account-and-keep-it-safe-from-outside-attackers/
If you live in Gmail and other Google services, your Google account is one of your most valuable online assets. Follow these seven steps to establish a solid baseline of security and pr
Tomi Engdahl says:
New and Hardened Quantum Crypto System Notches “Milestone” Open-Air Test
https://spectrum.ieee.org/tech-talk/computing/hardware/quantum-crypto-mdi-qkd-satellites-security
Tomi Engdahl says:
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Tomi Engdahl says:
Malwarebytes said it was hacked by the same group who breached SolarWinds
https://www.zdnet.com/article/malwarebytes-said-it-was-hacked-by-the-same-group-who-breached-solarwinds/
Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike.
Tomi Engdahl says:
Livecoin slams its doors shut after failing to recover from hack, financial loss
The exchange suffered an alleged cyberattack last month.
https://www.zdnet.com/article/livecoin-slams-its-doors-shut-after-failing-to-recover-from-hack-financial-loss/
Livecoin has announced its closure following a cyberattack that allegedly compromised the firm’s infrastructure and exchange rate setup.
As previously reported by ZDNet, the Russian cryptocurrency exchange claimed it had been hacked roughly around Christmas, with the alleged cyberattackers seizing control of Livecoin systems in order to tamper with exchange rate values.
Tomi Engdahl says:
Making Remote Working Safer Through Securing the Router
https://pentestmag.com/making-remote-working-safer-through-securing-the-router/
We recently posted an article posing the question as to whether or not using our personal devices for work at home puts us more at risk. You can read that posthere. In this post, we’d like to expand on the theme a little more.
Here we’ll look more specifically at your employee’s home networks and what they can do to improve security on them. This will cover both work and home computers.
Tomi Engdahl says:
“Unhackable” Mnemocard Puts Secure Password Generation, Recall in Your Wallet
https://www.hackster.io/news/unhackable-mnemocard-puts-secure-password-generation-recall-in-your-wallet-5c1813a3ef48
A simple piece of plastic, Mnemocard has no moving parts or electronic components — but uses patterns to generate and store passwords.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/01/12/tuhat-automaatiolaitetta-edelleen-suojaamatta-vaarassa-myos-iot-ja-etayhteydet/
Tomi Engdahl says:
Microsoft Warns ‘Adrozek’ Malware is Infecting Thousands of PCs to Insert Ads
https://uk.pcmag.com/security/130458/microsoft-warns-adrozek-malware-is-infecting-thousands-of-pcs-to-insert-ads
‘We recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia,’ Microsoft said.
Tomi Engdahl says:
Capitol attack’s cybersecurity fallout: Stolen laptops, lost data and possible espionage
https://www.zdnet.com/article/capitol-attacks-cybersecurity-fallout-stolen-laptops-lost-data-and-possible-espionage/
The January 6 attack on Election Day certification proceedings in the US Capitol Building has deep cybersecurity ramifications.
Tomi Engdahl says:
Ubiquiti, maker of prosumer routers and access points, has had a data breach
The email encourages users to change their passwords
https://www.theverge.com/2021/1/11/22226061/ubiquiti-data-breach-email-third-party-unathorized-access
Tomi Engdahl says:
SolarWinds malware has “curious” ties to Russian-speaking hackers
https://arstechnica.com/information-technology/2021/01/solarwinds-malware-has-curious-ties-to-russian-speaking-hackers/
Tomi Engdahl says:
Myös suomalaisten käyttäjien on hyväksyttävä Whatsapp-viestipalvelun uudet käyttöehdot – jos ehtoja ei hyväksy, sovelluksen käyttö loppuu
Euroopan alueella käyttöehtojen muutokset koskevat pelkästään Whatsapp Business -palvelua.
https://yle.fi/uutiset/3-11732227
Tomi Engdahl says:
Researchers Find Links Between Sunburst and Russian Kazuar Malware
https://thehackernews.com/2021/01/researchers-find-links-between-sunburst.html
Tomi Engdahl says:
Coronavirus & Cybersecurity: 3 Areas of Exploitation
https://pentestmag.com/coronavirus-cybersecurity-3-areas-of-exploitation/
Tomi Engdahl says:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan
Tomi Engdahl says:
DOJ Touts ‘Mind-Blowing’ Scale Of Criminal Investigation Into Capitol Attack
https://www.forbes.com/sites/andrewsolender/2021/01/12/doj-touts-mind-blowing-scale-of-criminal-investigation-into-capitol-attack/
Tomi Engdahl says:
Osta nyt, älä maksa koskaan
Selvitimme, miten helppoa verkkokaupoista on tilata tavaraa vääriin käsiin joutuneilla henkilötiedoilla.
https://yle.fi/uutiset/3-11690670
Tomi Engdahl says:
How to Get Rich Sabotaging Nuclear Weapons Facilities
Private equity monopolist Orlando Bravo made billions by putting our whole society at risk.
https://mattstoller.substack.com/p/how-to-get-rich-sabotaging-nuclear
My Password Is “Password”
Roughly a month ago, the premier cybersecurity firm FireEye warned authorities that it had been penetrated by Russian hackers, who made off with critical tools it used to secure the facilities of corporations and governments around the world.
The victims are the most important institutional power centers in America, from the FBI to the Department of Treasury to the Department of Commerce, as well as private sector giants Cisco Systems, Intel, Nvidia, accounting giant Deloitte, California hospitals, and thousands of others. As more information comes out about what happened, the situation looks worse and worse. Russians got access to Microsoft’s source code and into the Federal agency overseeing America’s nuclear stockpile. They may have inserted code into the American electrical grid, or acquired sensitive tax information or important technical and political secrets.
Cybersecurity is a very weird area, mostly out of sight yet potentially very deadly. Anonymous groups can turn off power plants, telecom grids, or disrupt weapons labs, as Israel did when it used a cyber-weapon to cripple Iranian nuclear facilities in 2010. Bank regulators have to now consult with top military leaders about whether deposit insurance covers incidents where hackers destroy all bank records, and what that would mean operationally. It’s not obvious whether this stuff is war or run-of-the-mill espionage, but everyone knows that the next war will be chock full of new tactics based on hacking the systems of one’s adversary, perhaps using code placed in those systems during peacetime.
Tomi Engdahl says:
How to find all accounts linked to your email to protect your privacy
https://cybernews.com/secure-email-providers/find-all-accounts-linked-to-email-address/
Tomi Engdahl says:
Do some firms “deserve” to get hacked?
https://cybernews.com/editorial/do-some-firms-deserve-to-get-hacked/
COVID-19 has had a significant impact on a great many of that which we hold dear. The fractious nature of events during 2020 has also significantly raised the prospect of organizations doing wrong by us in some way shape or form. We may be an employee who has been unfairly laid off or a customer who has not received the service (or refund) that we feel we deserve. Maybe we’re simply a general observer who feels an organization has behaved incorrectly towards society in some way.
Tomi Engdahl says:
Google’s plan to replace tracking cookies goes under UK antitrust probe
https://techcrunch.com/2021/01/08/googles-plan-to-replace-tracking-cookies-goes-under-uk-antitrust-probe/
Google’s plan to end support for third-party cookies in the Chrome browser and its Chromium engine is under investigation by the U.K.’s Competition and Markets Authority (CMA).
Tomi Engdahl says:
Hackers can clone Google Titan 2FA keys using a side channel in NXP chips
Yubico and Feitian keys that use the same chip are likely susceptible, too.
https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/
Tomi Engdahl says:
https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/
Tomi Engdahl says:
This new phishing attack uses an odd lure to deliver Windows trojan malware
https://www.zdnet.com/article/this-new-phishing-attack-uses-an-odd-lure-to-deliver-windows-trojan-malware/
QRat trojan malware provides hackers with complete control of infected machines and the ability to steal passwords and other sensitive data – but the phishing emails are unconventional.
Tomi Engdahl says:
NSA, FBI expose Russian intelligence hacking tool: report
https://www.reuters.com/article/us-usa-cyber-russia-idUSKCN2592HY
Tomi Engdahl says:
JetBrains’ build automation software eyed as possible enabler of SolarWinds hack
Maker of developer tools says it played no role in the attack, hasn’t heard from investigators
https://www.theregister.com/2021/01/07/jetbrains_solarwinds_accusation/
Tomi Engdahl says:
Nissan source code leaked online after Git repo misconfiguration
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin.
Tomi Engdahl says:
Hackers can eavesdrop on mobile calls with $7,000 worth of equipment
VoLTE calls were supposed to be more secure. A fatal flaw can unravel that promise.
https://arstechnica.com/information-technology/2020/08/your-mobile-calls-may-be-vulnerable-to-a-new-revolting-eavesdrop-attack/
Tomi Engdahl says:
NSA Urges SysAdmins to Replace Obsolete TLS Protocols
https://threatpost.com/nsa-urges-sysadmins-to-replace-obsolete-tls-protocols/162814/
Tomi Engdahl says:
Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020
https://www.zdnet.com/article/cobalt-strike-and-metasploit-accounted-for-a-quarter-of-all-malware-c-c-servers-in-2020/
Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families.
Tomi Engdahl says:
Months after this ‘serious’ cyberattack, stolen data has been leaked online by hackers
The information that was stolen has been published to the dark web.
https://www.zdnet.com/article/months-after-this-serious-cyber-attack-stolen-data-has-been-leaked-online-by-hackers/
Tomi Engdahl says:
DNSpooq bugs let attackers hijack DNS on millions of devices
https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/
Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices.
Dnsmasq is a popular and open-source Domain Name System (DNS) forwarding software regularly used that adds DNS caching and Dynamic Host Configuration Protocol (DHCP) server capabilities to Internet-of-Things (IoT) and various other embedded devices.
Tomi Engdahl says:
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
Tomi Engdahl says:
Ticketmaster Pays Up for Hacking a Rival Company
Employees admitted to using stolen passwords and URL guessing to access confidential data.
https://arstechnica.com/information-technology/2021/01/ticketmaster-pays-10-million-criminal-fine-for-hacking-a-rival-company/
Tomi Engdahl says:
NSA releases “Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations” Cybersecurity Information
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2462345/nsa-releases-eliminating-obsolete-transport-layer-security-tls-protocol-configu/
Tomi Engdahl says:
Analyysi: Trump-fanaatikot ylittivät rajan, jota ei voitu kuvitella – kongressihyökkäys on järkyttävä isku Yhdysvaltain murenevan demokratian sydämeen
Demokratian pyhättö koki oman johtajansa yllyttämän iskun, kirjoittaa Ylen ulkomaantoimittaja Sara Rigatelli
https://yle.fi/uutiset/3-11726104