This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
369 Comments
Tomi Engdahl says:
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.
Tomi Engdahl says:
Facebook Will Permanently Stop Promoting Political Groups
https://www.forbes.com/sites/rachelsandler/2021/01/27/facebook-will-permanently-stop-promoting-political-groups/
Facebook will no longer recommend political groups to users, CEO Mark Zuckerberg said Wednesday, amid criticism for how the platform was used by pro-Trump extremists to plan the attack on the Capitol earlier this month.
Tomi Engdahl says:
World leaders in
Autonomous Cyber AI
The Darktrace Immune System is the world’s leading autonomous cyber defense platform. Its award-winning Cyber AI protects your workforce and data from sophisticated attackers, by detecting, investigating and responding to cyber-threats in real time — wherever they strike.
https://www.darktrace.com/en/?utm_source=techhq&utm_medium=facebook&fbclid=IwAR3mT8MkmGTLdczlAvya-4erlKlMiX6Kqsdq6h6t39JY_Lt9TBY-Hj8tGHk
Tomi Engdahl says:
Making Remote Working Safer Through Securing the Router
https://pentestmag.com/making-remote-working-safer-through-securing-the-router/
Tomi Engdahl says:
10-year-old Sudo bug lets Linux users gain root-level access
The vulnerability, named “Baron Samedit,” impacts most Linux distributions today.
https://www.zdnet.com/article/10-years-old-sudo-bug-lets-linux-users-gain-root-level-access/
Tomi Engdahl says:
https://hackaday.com/2021/01/26/whats-the-deal-with-chromium-on-linux-google-at-odds-with-package-maintainers/
Tomi Engdahl says:
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Tomi Engdahl says:
Linux distributors frustrated by Google’s new Chromium web browser restrictions
Google changed the rules on the Chromium browser’s APIs and Linux distributors are taking different approaches on what to do with the open-source browser.
https://www.zdnet.com/article/linux-distributors-frustrated-by-googles-new-chromium-web-browser-restrictions/
Tomi Engdahl says:
Decade-old bug in Linux world’s sudo can be abused by any logged-in user to gain root privileges
Sudo, make me a heap overflow! Done, this system is now yours
https://www.theregister.com/2021/01/26/qualys_sudo_bug/
Tomi Engdahl says:
https://threatpost.com/nefilim-ransomware-ghost-account/163341/
Tomi Engdahl says:
THE BATTLE INSIDE SIGNAL
https://www.theverge.com/22249391/signal-app-abuse-messaging-employees-violence-misinformation
The fast-growing encrypted messaging app is making itself increasingly vulnerable to abuse. Current and former employees are sounding the alarm.
Tomi Engdahl says:
After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face
https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face
Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March—if not before, as a report by the threat-intelligence firm ReversingLabs suggests—a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients. An estimated eighteen thousand of them downloaded the malware-ridden updates, which were embedded in a SolarWinds product called Orion. Once they did, the hackers were able to roam about customers’ networks, undetected, for at least nine months. “This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the Cybersecurity and Infrastructure Security Agency (cisa) wrote, in its assessment of the breach. “CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.” cisa, which is part of the Department of Homeland Security, is a SolarWinds client. So is the Pentagon, the Federal Bureau of Investigation, and U.S. Cyber Command.
By now, hacking has become so routine that it’s hardly remarkable. Each morning, I wake up to an e-mail from the cybersecurity firm Recorded Future, listing the hacking groups and targets that its algorithms have uncovered in the previous twenty-four hours. The hackers have cute names, such as Lizard Squad and Emissary Panda. Their targets are a mix of commercial businesses—such as Sony and Lord & Taylor—and government sites, including those of the State Department, the White House, the Air Force, and the Securities and Exchange Commission.
Tomi Engdahl says:
“We have to be able to innovate, to reimagine our defenses against growing threats in new realms like cyberspace,” Biden said in December, after learning of the SolarWinds hack. The work of shoring up digital security begins by recognizing—with all due respect to the first American President—that sometimes a robust offense is not “the surest . . . means of defence.” Sometimes, the best defense is a robust defense.
https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face
Tomi Engdahl says:
Google on maailman vaarallisin yhtiö, sanoo asiantuntija – nämä seikat ovat siihen johtaneet: “Raharikkaiden valta hallita koneistoa kasvaa”
https://www.mtvuutiset.fi/artikkeli/google-on-maailman-vaarallisin-yhtio-sanoo-asiantuntija-nama-seikat-ovat-siihen-johtaneet-raharikkaiden-valta-hallita-koneistoa-kasvaa/8046154#gs.rdxdep
Tomi Engdahl says:
DreamBus botnet targets enterprise apps running on Linux servers
DreamBus botnet uses exploits and brute-force to target PostgreSQL, Redis, SaltStack, Hadoop, Spark, and others.
https://www.zdnet.com/article/dreambus-botnet-targets-enterprise-apps-running-on-linux-servers/
Tomi Engdahl says:
Russian hack of US agencies exposed supply chain weaknesses
https://apnews.com/article/russia-us-agency-hacking-a1d451df34d9f50ddb20f9df0c16b2ef
Tomi Engdahl says:
If ‘Facebook is Private’ Why are They Feeding Private Messages of Its Users Directly to the FBI?
https://thefreethoughtproject.com/facebook-private-company-messages-users-fbi/
Tomi Engdahl says:
Satellites are not safe enough. Here’s why that should worry you
https://cybernews.com/editorial/satellites-are-not-safe-enough-heres-why-that-should-worry-you/
Tomi Engdahl says:
https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/whatsapp-tilien-vahvistuskoodeja-kalastellaan-suomessa
Tomi Engdahl says:
SonicWall says it was hacked using zero-days in its own products
The networking device vendor has published a series of mitigations as it’s investigating the incident and preparing patches.
https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/
Tomi Engdahl says:
Dragon targets telecom to breach security, firewall ready in 6 months
https://telecom.economictimes.indiatimes.com/news/dragon-targets-telecom-to-breach-security-firewall-ready-in-6-months/80421259
In a bid to counter cyber-attacks and data theft, primarily perpetrated from China, the government seems determined to implement the new security directives in the telecom sector, cleared by the Cabinet Committee on Security (CCS), within the next six months.
Tomi Engdahl says:
https://verietyinfo.com/taiwaneng/after-disabling-adobe-flash-trains-in-dalian-china-could-hardly-open-technews-%E7%A7%91%E6%8A%80-%E6%96%B0-%E6%8A%A5/
Tomi Engdahl says:
https://thehackernews.com/2021/01/experts-detail-recent-remotely.html
Tomi Engdahl says:
https://pentestmag.com/vulnerability-assessment-security-scanning-process/
Tomi Engdahl says:
https://pentestmag.com/thinking-outside-the-box-data-breaches/
Tomi Engdahl says:
ALARMING VIDEO REVEALS EVERYTHING GOOGLE KNOWS ABOUT WHO YOU ARE
https://www.independent.co.uk/life-style/gadgets-and-tech/google-ads-tiktok-settings-data-tracking-b1792145.html
Tomi Engdahl says:
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached
https://cybernews.com/news/head-of-europols-european-cybercrime-centre-there-are-no-systems-that-cannot-be-breached/
Tomi Engdahl says:
DNSpooq lets attackers poison DNS cache records
Network administrators urged to apply the latest Dnsmasq updates to prevent the new DNSpooq attacks.
https://www.zdnet.com/google-amp/article/dnspooq-lets-attackers-poison-dns-cache-records/
Tomi Engdahl says:
https://www.thezdi.com/blog/2021/1/20/three-bugs-in-orions-belt-chaining-multiple-bugs-for-unauthenticated-rce-in-the-solarwinds-orion-platform
Tomi Engdahl says:
Biden administration faces mounting pressure to address SolarWinds breach
https://www.cnn.com/2021/01/23/politics/solarwinds-hack-biden-pressure/index.html
Tomi Engdahl says:
The far right’s favorite registrar is building ‘censorship-resistant’ servers
https://techcrunch.com/2021/01/22/the-far-rights-favorite-registrar-is-building-censorship-resistant-servers/
Epik CEO Rob Monster wants to give away servers with off-line content and Wi-Fi to bridge the digital divide
“The digital divide is now a matter of life and death for people who are unable to access essential healthcare information,” said UN Secretary General António Guterres in June 2020. Almost half the global population currently has no internet access, and many who do cannot freely access all information sources. “
Tomi Engdahl says:
Microsoft: This is how the sneaky SolarWinds hackers hid their onward attacks for so long
https://www.zdnet.com/article/microsoft-this-is-how-the-sneaky-solarwinds-hackers-hid-their-onward-attacks-for-so-long/
The SolarWinds hackers put in “painstaking planning” to avoid being detected on the networks of hand-picked targets.
Tomi Engdahl says:
https://spectrum.ieee.org/aerospace/aviation/faa-files-reveal-a-surprising-threat-to-airline-safety-the-us-militarys-gps-tests
Tomi Engdahl says:
https://threatpost.com/critical-cisco-sd-wan-bugs-rce-attacks/163204/
Tomi Engdahl says:
Robinhood, Trading 212 and other trading platforms go down amid Gamestop and AMC stock market frenzy
https://www.independent.co.uk/life-style/gadgets-and-tech/robinhood-gaming-212-gamestop-amc-e-trade-app-not-working-b1793558.html?utm_content=Echobox&utm_medium=Social&utm_source=Facebook#Echobox=1611760734
Robinhood, Trading 212 and other trading platforms are breaking amid a stock market trading frenzy.
The websites had technical issues and glitches as US markets opened on perhaps one of the most-watched trading days in years.
Even despite the issues, the stocks continued to climb. GameStop, the company that accidentally started the unusual series of events, was priced as high as $380 on Wednesday, after selling at a price below $18 just a few weeks ago.
As people rushed to buy those shares and others, encouraged by retail investors posting on Reddit and other online forums, the trading websites seemingly struggled to cope with the demand.
UK-based Trading 212, for instance, said that its service was being disrupted “due to an unprecedented increase in demand”. It was looking to resolve the problems “in the shortest period possible”, it said.
Tomi Engdahl says:
Vulnerability found in top messaging apps let hackers eavesdrop
https://www.pandasecurity.com/en/mediacenter/mobile-news/vulnerability-messaging-apps/
Google’s Project Zero discovered that a security flaw might have allowed hackers to eavesdrop on Android users. After an investigation conducted by cybersecurity researcher Natalie Silvanovich, the expert discovered vulnerabilities in many apps with 10M+ installs on Google Play that accept incoming calls. The affected applications include hugely popular apps such as Facebook Messenger, Signal, Google Duo, JioChat, and Mocha. She described her findings in a Project Zero blog post.
Tomi Engdahl says:
Google on maailman vaarallisin yhtiö, sanoo asiantuntija – nämä seikat ovat siihen johtaneet: “Raharikkaiden valta hallita koneistoa kasvaa”
https://www.mtvuutiset.fi/artikkeli/google-on-maailman-vaarallisin-yhtio-sanoo-asiantuntija-nama-seikat-ovat-siihen-johtaneet-raharikkaiden-valta-hallita-koneistoa-kasvaa/8046154#gs.rf2bcd
Tomi Engdahl says:
Bodyguard is a mobile app that hides toxic content on social platforms
https://techcrunch.com/2021/01/21/bodyguard-is-a-mobile-app-that-hides-toxic-content-on-social-platforms/
Tomi Engdahl says:
Image “Cloaking” for Personal Privacy
https://sandlab.cs.uchicago.edu/fawkes/
Tomi Engdahl says:
A severe bug was reported yesterday evening against Libgcrypt 1.9.0
which we released last week. A new version to fix this as weel as a
couple of build problems will be released today.
In the meantime please stop using 1.9.0.
It seems that Fedora 34 and Gentoo are already using 1.9.0 .
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
Tomi Engdahl says:
WALSH: Trump Supporter Faces Ten Years In Prison For Posting Memes. We Are Officially Living In A Dystopia.
https://www.dailywire.com/news/trump-supporter-faces-ten-years-in-prison-for-posting-memes
The FBI, apparently having finished its investigation into Bubba Wallace’s garage door pull and looking for new dragons to slay, showed up yesterday at the home of a Trump-supporting former Twitter troll and took him into custody on charges of, as a press release from the DOJ puts it, “depriving individuals of their constitutional right to vote.”
The formal criminal complaint alleges more specifically that the accused, Douglass Mackey (AKA “Ricky Vaughn”), conspired to “injure, oppress, threaten and intimidate persons in the free exercise of a right and privilege secured to them by the Constitution.” The rest of the complaint makes it clear that all of this supposed injuring, oppressing, threatening and intimidating was conducted in the form of memes. Mackey faces 10 years in federal prison for memes.
Tomi Engdahl says:
Brokers MANIPULATING MARKET to save hedge fund billionaires & punish retail traders @ wallstreetbets
https://m.youtube.com/watch?v=enLiJfijWBI
Tomi Engdahl says:
Social Media Influencer Charged with Election Interference Stemming from Voter Disinformation Campaign
Defendant Unlawfully Used Social Media to Deprive Individuals of Their Right to Vote
https://www.justice.gov/opa/pr/social-media-influencer-charged-election-interference-stemming-voter-disinformation-campaign
Tomi Engdahl says:
Billionaire Mark Cuban says his 11-year-old son made money with Wall Street Bets traders and he ‘loves’ what’s going on with the Reddit forum
https://www.businessinsider.com/mark-cuban-11-year-old-son-money-joining-wallstreetbets-reddit-2021-1
Mark Cuban says his 11-year-old son made money trading with the Wall Street Bets forum.
The subreddit went private for an hour Wednesday after a deluge of new participants joined.
The SEC says it is monitoring market volatility amid surges in GameStop and other stocks.
Tomi Engdahl says:
DDoS attacks: Big rise in threats to overload business networks
https://www.zdnet.com/article/ddos-attacks-big-rise-in-threats-to-overload-business-networks/
Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
Tomi Engdahl says:
Confused about GameStop? Five films to watch to help you pretend to understand the stock market
You don’t have to be a redditer or a big investor to enjoy these Hollywood blockbusters that double as the perfect educational resource
https://www.theguardian.com/business/2021/jan/29/confused-about-gamestop-five-things-to-watch-to-help-you-pretend-to-understand-the-stock-market
Tomi Engdahl says:
Italy CERT Warns of a New Credential Stealing Android Malware
https://thehackernews.com/2021/01/italy-cert-warns-of-new-credential.html
Tomi Engdahl says:
https://www.tivi.fi/uutiset/10-vuotta-vanha-bugi-vaarantaa-linuxin-paivita-tama-ohjelma-heti/ccc42fb5-864a-42cf-8b76-1f9c3591c5fd
Tomi Engdahl says:
Sudon haavoittuvuus mahdollistaa Unix-järjestelmissä käyttöoikeuksien korottamisen
HAAVOITTUVUUS5/2021
Julkaistu 28.01.2021
Päivitetty 28.01.2021
https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_5/21
Unix-käyttöjärjestelmien Sudo-ohjelmasta on löydetty vakava haavoittuvuus. Puskurin ylivuotohaavoittuvuus mahdollistaa paikallisille käyttäjille oikeuksien korottamisen pääkäyttäjän (root) tasolle ja tunnistautumisen ohittamisen. Ohjelmaan on julkaistu päivitys, joka tulee asentaa välittömästi.
Tomi Engdahl says:
Europol distributes anti-malware code via the Emotet botnet
https://cybernews.com/security/europol-distributes-anti-malware-code-via-the-emotet-botnet/
The feds seem to have been inside Emotet for longer than first thought – and distributed a benevolent payload.
It’s arguably the 21st century’s most stunning law enforcement victory for cybersecurity. But the raid on those behind the Emotet botnet, which has been delivering TrickBot and Qbot banking trojans through spam messages for years, bringing misery to potentially millions of victims, has an unusual twist in the tale. Not only was the botnet brought down, but Europol has seemingly used the fact it now has control over the botnet to neuter it, once and for all.
Cybersecurity researchers have spotted that all three Emotet epochs now deliver a payload that acts essentially as a self-destruct button for the poisonous botnet, nullifying its impact as of 25th April 2021.