Cyber security news January 2021

This posting is here to collect cyber security news in January 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

369 Comments

  1. Tomi Engdahl says:

    Scientists Believe US Embassy Staff and CIA Officers Were Hit With High-Power Microwaves – Here’s How the Weapons Work
    https://scitechdaily.com/scientists-believe-us-embassy-staff-and-cia-officers-were-hit-with-high-power-microwaves-heres-how-the-weapons-work/

    Reply
  2. Tomi Engdahl says:

    PSA: Android 11 will no longer let you insecurely connect to enterprise WiFi networks
    https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/

    Reply
  3. Tomi Engdahl says:

    ‘We All Got Played’: QAnon Followers Implode After Big Moment Never Comes
    https://www.forbes.com/sites/jackbrewster/2021/01/20/we-all-got-played-qanon-followers-implode-after-big-moment-never-comes/

    As Joe Biden was sworn in as president, QAnon followers finally saw their hope for the  “storm”—when President Donald Trump would bring down the “deep state” and expose a far-reaching child-sex trafficking ring—disappear, leaving followers of the unhinged conspiracy theory in despair and searching for answers, while one of the most prominent adherents gave up.

    Reply
  4. Tomi Engdahl says:

    Hacker leaks full database of 77 million Nitro PDF user records
    https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/

    A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.

    The 14GB leaked database contains 77,159,696 records with users’ email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.

    The database has also been added to the Have I Been Pwned service

    Reply
  5. Tomi Engdahl says:

    Linux users should patch now to block new “FreakOut” malware which exploits new vulnerabilities
    https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/

    Recently, Check Point Research (CPR) encountered several attacks that are exploiting multiple vulnerabilities, including some recently discovered flaws. These ongoing attacks involve a new malware variant, called ‘FreakOut.’ The goal behind these attacks is to create an IRC botnet (a collection of machines infected with malware that can be controlled remotely), which can then be used for malicious activities, such as launching DDoS attacks on other organizations’ networks, or for crypto-mining activity on infected machines, which can potentially shut down entire systems infected.

    Reply
  6. Tomi Engdahl says:

    This is where Parler went: to the Russian company that helps keep Hamas online. It is fitting for a supporter of domestic terrorist communications to end up on a Russian site. Free speech does not include sedition, nor enriching those supporting international terrorists.
    https://krebsonsecurity.com/tag/ddos-guard/?fbclid=IwAR21LCInbZkwlvtIc6CSjaLq2pP1wdZjvxpiFYihowdWL5odwVBWcfAwAUo

    Reply
  7. Tomi Engdahl says:

    https://www.facebook.com/groups/2600net/permalink/2941232892766483/

    We issued V3 supplemental guidance to Emergency Directive 21-01: cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3

    The supplemental guidance was issued in response to the SolarWinds Orion code compromise. We urge state & local governments, critical infrastructure entities, and private organizations to review the latest version.

    V3 provides updates on affected versions; guidance for ensuring all federal agencies operating unaffected platforms are using at least SolarWinds Orion Platform version 2020.2.1HF2; guidance for agencies using third-party service providers; and additional clarity on required actions.

    Read the guidance: cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3

    #SolarWinds #APT #Cybersecurity #Infosec #Cyber

    Reply
  8. Tomi Engdahl says:

    Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data
    https://www.zdnet.com/article/ransomware-victims-that-have-backups-are-paying-ransoms-to-stop-hackers-leaking-their-stolen-data/

    Ransomware attacks are proving even more lucrative for cyber criminals as even organisations which can restore from backups are paying ransom demands to prevent further damage.

    Reply
  9. Tomi Engdahl says:

    Eduskunta aloitti selvityksen, “miten on mahdollista”, että videokuva Sipilän päälle käymisestä päätyi julkisuuteen
    https://yle.fi/uutiset/3-11746501

    Eduskunnan pääsihteeri painottaa, että valvontakameran materiaali on salassa pidettävää tietoa.

    Eduskunnan kanslia selvittää, miten videotallenne 7. tammikuuta tapahtuneesta kansanedustaja, ex-pääministeri Juha Sipilän (kesk.) epäillystä pahoinpitelystä päätyi julkisuuteen. MTV:n uutiset julkaisi perjantaina videomateriaalia hyökkäyksestä.

    – Eduskunnan kanslia on käynnistänyt selvityksen eduskunnan kameravalvontakuvien päätymisestä julkisuuteen ja tähän liittyneestä eduskunnan muusta toiminnasta. Kameravalvonnan kuvamateriaali on lähtökohtaisesti salassa pidettävää tietoa

    – Haluamme kokonaiskuvan, mitä on tapahtunut ja miten on mahdollista, että materiaalia on päätynyt julkisuuteen, Paavola kertoo Ylelle.

    Onko materiaali julkista vai ei, siitä on eduskuntalähteillä eri näkemyksiä.

    Maanantaina eduskunnan turvallisuusjohtaja Jukka Savola kommentoi STT:lle, että videotallenne on julkista tietoa. Savola viittaa eduskunnan tietosuojavastaavan asiasta tekemään linjaukseen.

    – Tietosuojavastaavan lausunnon mukaan meillä on velvollisuus ne esittää, sillä ne sinänsä siinä muodossa eivät vaaranna meidän turvallisuusjärjestelmän sisältöä tai toimivuutta tai siitä ei käy ilmi yksityiskohtia, jotka vaarantaisivat järjestelmän ylläpitoa ja toimivuutta, Savola sanoi maanantaina.

    Maija-Leena Paavolan mukaan kahdessa ristiriitaisessa julkisuuslinjauksissa on kyse kahdesta eri tilanteista: Lähtökohtaisesti eduskunnan valvontakameran materiaali on salassa pidettävää.

    Tilanne on eri, jos tietoa tai materiaalia on jo vuotanut julkisuuteen, kuten tässä tapauksessa kansanedustajan pahoinpitelystä oli.

    Reply
  10. Tomi Engdahl says:

    A Chinese hacking group is stealing airline passenger details
    https://www.zdnet.com/article/a-chinese-hacking-group-is-stealing-airline-passenger-details/

    Chinese hackers are gathering passenger details from airlines across the world to track high-value targets’ movements.

    Reply
  11. Tomi Engdahl says:

    NSA urges system administrators to replace obsolete TLS protocols
    NSA: Obsolete encryption provides a false sense of security.
    https://www.zdnet.com/article/nsa-urges-system-administrators-to-replace-obsolete-tls-protocols/

    Reply
  12. Tomi Engdahl says:

    Fast, mature, secure DoH server proxy written in Rust
    https://github.com/jedisct1/doh-server

    RPZ Zone Files to Block DNS-over-HTTPS
    https://github.com/bambenek/block-doh

    This is a list of hostnames, IP addresses, and appropriate RPZ zone files to either block usage of DNS-over-HTTPS in an environment or to redirect it to a local DNS-over-HTTPS (DoH) server.

    Reply
  13. Tomi Engdahl says:

    JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI), AND THE NATIONAL SECURITY AGENCY (NSA)
    https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure

    the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts.

    Reply
  14. Tomi Engdahl says:

    Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
    The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries.
    https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/

    Zyxel security advisory for hardcoded credential vulnerability
    CVE: CVE-2020-29583
    https://www.zyxel.com/support/CVE-2020-29583.shtml

    Reply
  15. Tomi Engdahl says:

    https://hakkeriradio.fi/
    Hakkeriradio toimii valtakunnallisesti nettistreamina sekä pääkaupunkiseudulla FM-taajuudella 105,8MHz (1.1.2021 klo 12 alkaen).

    Reply
  16. Tomi Engdahl says:

    Equipment worth a few hundred dollars is enough to intercept data relayed via satellites in orbit. With number of satellites planned to increase several-fold, governments and manufacturers need to be better prepared for modern cybersecurity threats in space.

    Satellites are not safe enough. Here’s why that should worry you
    https://cybernews.com/editorial/satellites-are-not-safe-enough-heres-why-that-should-worry-you/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=satellites_safe&fbclid=IwAR1g8p9W1S_w0ZKA-OgwhfLzz0mqSIaGVS55xf6uCR8PxmMzX6Kzcj4by44

    Reply
  17. Tomi Engdahl says:

    Microsoft details “incredible effort” to hide by SolarWinds hackers
    https://www.itnews.com.au/news/microsoft-details-incredible-effort-to-hide-by-solarwinds-hackers-560004

    Standout opsec and anti-forensic methods applied.
    The hackers behind the high-profile SolarWinds attacks went to extraordinary lengths to avoid detection, research by Microsoft security analysts shows.

    Based on their Sunburst – or as Microsoft calls it, Solorigate – backdoor staying dormant for at at least two weeks, the attackers painstakingly selected targets and built unique Cobalt Strike network penetration tools for each victim system for a month or so, Microsoft researchers said.

    During that time, the hackers also established their command and control infrastructure, with domain generation algorithms creating random names.

    Reply
  18. Tomi Engdahl says:

    As Adobe Flash stops running, so do some railroads in China
    https://hk.appledaily.com/news/20210117/FLXATT4LKVBGVEBRLAECJPTCHM/

    The railroad system in Dalian, northern China, collapsed citywide on Tuesday for up to 20 hours after the Adobe Flash programing software stopped running.

    Adobe had announced as early as 2017 that it would cease support for the multimedia software on Dec. 30 last year. The American software company eventually ended the operation of all Flash content on Tuesday.

    Tuesday’s chaos arose after China Railway Shenyang failed to deactivate Flash in time, leading to a complete shutdown of its railroads in Dalian, Liaoning province.

    Staffers were reportedly unable to view train operation diagrams, formulate train sequencing schedules and arrange shunting plans.

    Authorities fixed the issue by installing a pirated version of Flash at 4:30 a.m. the following day.

    Reply
  19. Tomi Engdahl says:

    Ransomware is now the biggest cybersecurity concern for CISOs
    https://www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/
    A survey of chief information security officers (CISOs) and chief
    security officers (CSOs) by cybersecurity Proofpoint found that
    ransomware is now viewed as the main cybersecurity threat to their
    organisation over the course of the next year.

    Reply
  20. Tomi Engdahl says:

    UK govt gives malware infected laptops to vulnerable students
    https://www.bleepingcomputer.com/news/security/uk-govt-gives-malware-infected-laptops-to-vulnerable-students/
    The devices are given out for free by the government to support
    disadvantaged students unable to access remote education during the
    COVID-19 pandemic, including children and young people who have no
    digital devices, have only a smartphone, or share a single device with
    other family members. “Upon unboxing and preparing them, it was
    discovered that a number of the laptops were infected with a
    self-propagating network worm, ” according to one of the teachers.

    Reply
  21. Tomi Engdahl says:

    Microsoft Edge gets a password generator, leaked credentials monitor
    https://www.bleepingcomputer.com/news/security/microsoft-edge-gets-a-password-generator-leaked-credentials-monitor/
    Microsoft is rolling out a built-in password generator and a leaked
    credentials monitoring feature on Windows and macOS systems running
    the latest Microsoft Edge version.

    Reply
  22. Tomi Engdahl says:

    NSA urges system administrators to replace obsolete TLS protocols
    https://www.zdnet.com/article/nsa-urges-system-administrators-to-replace-obsolete-tls-protocols/
    NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0,
    SSL 3.0, TLS 1.0, and TLS 1.1 not be used. Even if TLS 1.2 and TLS 1.3
    are deployed, the NSA warns against configuring these two protocols
    with weak cryptographic parameters and cipher suites.

    Reply
  23. Tomi Engdahl says:

    Bugs in Signal, Facebook, Google chat apps let attackers spy on users
    https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/
    Vulnerabilities found in multiple video conferencing mobile
    applications allowed attackers to listen to users’ surroundings
    without permission before the person on the other end picked up the
    calls. The logic bugs were found by Google Project Zero security
    researcher Natalie Silvanovich in the Signal, Google Duo, Facebook
    Messenger, JioChat, and Mocha messaging apps and are now all fixed.

    Reply
  24. Tomi Engdahl says:

    NCSC-UK: Technical report: Responsible use of the Border Gateway
    Protocol (BGP) for ISP interworking
    https://www.ncsc.gov.uk/report/responsible-use-of-bgp-for-isp-interworking
    The guidance encourages operators to use the BGP in a predictable and
    rigorous way, making full use of Internet Registries such as RIPE.
    PDF:
    https://www.ncsc.gov.uk/files/border-gateway-protocol-technical-paper.pdf

    Reply
  25. Tomi Engdahl says:

    DNSpooq – 7 vulnerabilities found in dnsmasq, an open-source DNS
    forwarding software in common use
    https://www.jsof-tech.com/disclosures/dnspooq/
    The Dnspooq vulnerabilities include DNS cache poisoning
    vulnerabilities as well as a potential Remote code execution and
    others. The list of devices using dnsmasq is long and varied.
    According to our internet-based research, prominent users of dnsmasq
    seem to include Cisco routers, Android phones, Aruba devices,
    Technicolor, and Red-Hat, as well as Siemens, Ubiquiti networks,
    Comcast, and others listed below. Depending on how they use dnsmasq,
    devices may be more or less affected, or not affected at all. PDF:
    https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf.
    TheHackerNews:
    https://thehackernews.com/2021/01/a-set-of-severe-flaws-affect-popular.html.
    ZDnet:
    https://www.zdnet.com/article/dnspooq-lets-attackers-poison-dns-cache-records/.
    BleepingComputer:
    https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/

    Reply
  26. Tomi Engdahl says:

    FireEye releases tool for auditing networks for techniques used by
    SolarWinds hackers
    https://www.zdnet.com/article/fireeye-releases-tool-for-auditing-networks-for-techniques-used-by-solarwinds-hackers/
    Together with the report, FireEye researchers have also released a
    free tool on GitHub named Azure AD Investigator that they say can help
    companies determine if the SolarWinds hackers (also known as UNC2452)
    used any of these techniques inside their networks. Report:
    https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html.
    GitHub: https://github.com/fireeye/Mandiant-Azure-AD-Investigator

    Reply
  27. Tomi Engdahl says:

    Linux users should patch now to block new “FreakOut” malware which
    exploits new vulnerabilities
    https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
    These ongoing attacks involve a new malware variant. The goal behind
    these attacks is to create an IRC botnet, which can then be used for
    malicious activities, such as launching DDoS attacks on other
    organizations’ networks, or for crypto-mining activity on infected
    machines, which can potentially shut down entire systems infected. The
    attack exploits TerraMaster TOS, Zend Framework and Liferay Portal.
    ThreatPost:
    https://threatpost.com/linux-attack-freakout-malware/163137/.
    BleepingComputer:
    https://www.bleepingcomputer.com/news/security/freakout-malware-exploits-critical-bugs-to-infect-linux-hosts/.
    TiVi:
    https://www.tivi.fi/uutiset/tv/372649cd-e1a1-48ab-8d4b-03f75dd6117b

    Reply
  28. Tomi Engdahl says:

    Russia-linked viruses found on school laptops handed out by Government
    https://metro.co.uk/2021/01/21/russia-linked-viruses-found-on-school-laptops-handed-out-by-government-13944542/?ito=facebook|social|metroukfacebook

    Laptops provided to schools from the Government arrived with a virus on them that connected to servers in Russia.

    The discovery raises concerns that hackers could steal data on vulnerable students learning from home amid the pandemic.

    Employees of a Bradford school sounded the alarm in an online forum after receiving laptops containing malware installed by hackers, according to The Telegraph.

    The Department for Education (DfE) confirmed the incident to the Metro.co.uk and said it was an issue with a ‘small number’ of devices;

    https://www.telegraph.co.uk/technology/2021/01/21/schools-find-russia-linked-viruses-laptops-given-government/

    Reply
  29. Tomi Engdahl says:

    Amerikkalaiset pelkäävät hakkerointia enemmän kuin murhaa
    https://etn.fi/index.php/13-news/11654-amerikkalaiset-pelkaavat-hakkerointia-enemman-kuin-murhaa

    Atlas VPN:n teettämän tutkimuksen mukaan Yhdysvaltain kansalaiset ovat paljon enemmän huolissaan hakkeroinnista kuin murhasta. Kaikkiaan 72 prosenttia amerikkalaisista pelkää, että kyberrikolliset varastavat heidän henkilö, luotto- ta pankkitietonsa.

    Reply
  30. Tomi Engdahl says:

    A Home Security Tech Hacked Into Cameras To Watch People Undressing And Having Sex, Prosecutors Say
    https://www.buzzfeednews.com/article/salvadorhernandez/home-security-camera-hacked-adt

    Telesforo Aviles admitted he took note of homes where attractive women lived and hacked into more than 200 accounts over several years.

    A home security technician admitted Thursday that he secretly accessed the cameras of more than 200 customers, particularly attractive women, to spy on while they undressed, slept, or had sex, federal prosecutors said.

    “This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” acting US Attorney Prerak Shah said in a statement. “We are glad to hold him accountable for this disgusting betrayal of trust.”

    While working for ADT, a home security company that provides alarms, cameras, and locks, Aviles took note of customer homes where attractive women lived, prosecutors said, then repeatedly gained access to their video feeds for sexual gratification.

    The technician violated the company’s policies by surreptitiously adding his personal email address to accounts on ADT Pulse, an app that allows customers to check remotely on their homes’ security cameras.

    ADT, which is based in Florida, is currently facing three federal lawsuits related to the incident. The breach affected 220 customers who lived in Texas.

    According to the lawsuits, ADT began to notify customers about the breach back in April 2020, telling them that one of their employees had accessed customer accounts for about four and a half years.

    In the lawsuit, the woman said ADT had “failed to implement adequate procedures that would prevent non-household members from adding non-household email addresses” to the mobile app.

    Another lawsuit alleges the company had “failed to monitor consumers’ accounts and promptly alert them anytime a new email was added to their accounts.”

    The lawsuit also claims the flagrant security breach was discovered not by the company, but “by luck and happenstance.”

    “A customer, reporting a technical issue, inadvertently revealed the unwanted third-party access,” the lawsuit claims. “But for that event, ADT would be unaware of this invasive conduct.”

    In a statement to BuzzFeed News, an ADT spokesperson said the company self-reported the incident in April 2020 on its website.

    In the three lawsuits, the customers also alleged ADT tried to obtain confidentiality agreements when notifying them of the security breach. In one instance, a customer said she was offered $2,500, as well as credit for monitoring services and upgraded equipment.

    When she refused, she alleged the company increased their offer to $50,000.
    The spokesperson for ADT said the company apologized to the people who were affected and addressed the matter differently with each customer.
    “In speaking to our customers and apologizing for what happened, it’s clear that the employee’s abuse of access impacted each customer differently,” the spokesperson said. “Therefore, we took steps to address their concerns individually.”

    Meanwhile, Aviles could face up to five years in prison for pleading guilty to computer fraud, prosecutors said.

    Reply
  31. Tomi Engdahl says:

    Former home security tech admits to hacking into customer’s surveillance cameras
    https://abc13.com/9903489/?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

    A former security technician faces up to five years in prison after admitting to authorities that he repeatedly hacked into home video camera feeds.

    Aviles worked for ADT security and accessed around 200 customer accounts more than 9,600 times, the FBI said.

    “Mr. Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes,”

    Authorities said the case is a reminder for people to practice ‘cyber hygiene by reviewing authorized users and routinely changing passwords.

    Reply
  32. Tomi Engdahl says:

    Capitol riot suspect plotted to sell stolen Pelosi laptop to Russian intelligence, authorities say
    https://www.nbcnews.com/news/us-news/capitol-rioter-plotted-sell-stolen-pelosi-laptop-russian-intelligence-n1254583

    Reply
  33. Tomi Engdahl says:

    #DYSTOPIAN_WEEKEND — They’re watching you, wherever you walk. They know exactly where you pause, when you slow down and speed up, and they count you in and out of the city. What’s more, they’re tracking your phone, so they can tell exactly how many people from your country or region are in which area, at which time. And they’re doing it in a bid to change tourism for the better.

    Venice is watching tourists’ every move
    https://edition.cnn.com/travel/article/venice-control-room-tourism/index.html

    They’re watching you, wherever you walk. They know exactly where you pause, when you slow down and speed up, and they count you in and out of the city.
    What’s more, they’re tracking your phone, so they can tell exactly how many people from your country or region are in which area, at which time.

    Reply
  34. Tomi Engdahl says:

    Resurssipula vaivaa poliisia – rikosoikeuden professori: Erittäin suuri osa rikoksista jää tutkimatta
    Entisen poliisin mukaan verkossa tapahtuvat rikokset saattavat ylittää määrässään jo perinteiset rikokset.
    https://yle.fi/uutiset/3-11751534

    Reply
  35. Tomi Engdahl says:

    Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.

    Windows RDP servers are being abused to amplify DDoS attacks
    https://www.zdnet.com/article/windows-rdp-servers-are-being-abused-to-amplify-ddos-attacks/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

    Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.

    Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Netscout said in an alert on Tuesday.

    Not all RDP servers can be abused, but only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.

    Netscout said that attackers can send malformed UDP packets to the UDP ports of RDP servers that will be reflected to the target of a DDoS attack, amplified in size, resulting in junk traffic hitting the target’s system.

    Reply
  36. Tomi Engdahl says:

    Microsoft SolarWinds analysis: Attackers hid inside Windows systems by wearing the skins of legit processes
    Thorough counter-detection methods laid bare by Redmond
    https://www.theregister.com/2021/01/21/microsoft_solarwinds_deep_dive/?utm_source=dlvr.it&utm_medium=facebook

    The SolarWinds hackers triggered one of their Cobalt Strike implants in the firm’s network through a cunning VBScript that was activated by a routine system process, Microsoft has said.

    Microsoft’s deep dive, published yesterday following SolarWinds’ own take on the malware, repeated earlier findings that the hackers went to unusual lengths to disguise their intrusion and avoid detection.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*