Cyber security news January 2021

This posting is here to collect cyber security news in January 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

369 Comments

  1. Tomi Engdahl says:

    CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
    https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

    The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.

    Reply
  2. Tomi Engdahl says:

    Facebook Will Permanently Stop Promoting Political Groups
    https://www.forbes.com/sites/rachelsandler/2021/01/27/facebook-will-permanently-stop-promoting-political-groups/

    Facebook will no longer recommend political groups to users, CEO Mark Zuckerberg said Wednesday, amid criticism for how the platform was used by pro-Trump extremists to plan the attack on the Capitol earlier this month.

    Reply
  3. Tomi Engdahl says:

    World leaders in
    Autonomous Cyber AI
    The Darktrace Immune System is the world’s leading autonomous cyber defense platform. Its award-winning Cyber AI protects your workforce and data from sophisticated attackers, by detecting, investigating and responding to cyber-threats in real time — wherever they strike.
    https://www.darktrace.com/en/?utm_source=techhq&utm_medium=facebook&fbclid=IwAR3mT8MkmGTLdczlAvya-4erlKlMiX6Kqsdq6h6t39JY_Lt9TBY-Hj8tGHk

    Reply
  4. Tomi Engdahl says:

    10-year-old Sudo bug lets Linux users gain root-level access
    The vulnerability, named “Baron Samedit,” impacts most Linux distributions today.
    https://www.zdnet.com/article/10-years-old-sudo-bug-lets-linux-users-gain-root-level-access/

    Reply
  5. Tomi Engdahl says:

    Linux distributors frustrated by Google’s new Chromium web browser restrictions
    Google changed the rules on the Chromium browser’s APIs and Linux distributors are taking different approaches on what to do with the open-source browser.
    https://www.zdnet.com/article/linux-distributors-frustrated-by-googles-new-chromium-web-browser-restrictions/

    Reply
  6. Tomi Engdahl says:

    Decade-old bug in Linux world’s sudo can be abused by any logged-in user to gain root privileges
    Sudo, make me a heap overflow! Done, this system is now yours
    https://www.theregister.com/2021/01/26/qualys_sudo_bug/

    Reply
  7. Tomi Engdahl says:

    THE BATTLE INSIDE SIGNAL
    https://www.theverge.com/22249391/signal-app-abuse-messaging-employees-violence-misinformation

    The fast-growing encrypted messaging app is making itself increasingly vulnerable to abuse. Current and former employees are sounding the alarm.

    Reply
  8. Tomi Engdahl says:

    After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face
    https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face

    Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March—if not before, as a report by the threat-intelligence firm ReversingLabs suggests—a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients. An estimated eighteen thousand of them downloaded the malware-ridden updates, which were embedded in a SolarWinds product called Orion. Once they did, the hackers were able to roam about customers’ networks, undetected, for at least nine months. “This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the Cybersecurity and Infrastructure Security Agency (cisa) wrote, in its assessment of the breach. “CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.” cisa, which is part of the Department of Homeland Security, is a SolarWinds client. So is the Pentagon, the Federal Bureau of Investigation, and U.S. Cyber Command.

    By now, hacking has become so routine that it’s hardly remarkable. Each morning, I wake up to an e-mail from the cybersecurity firm Recorded Future, listing the hacking groups and targets that its algorithms have uncovered in the previous twenty-four hours. The hackers have cute names, such as Lizard Squad and Emissary Panda. Their targets are a mix of commercial businesses—such as Sony and Lord & Taylor—and government sites, including those of the State Department, the White House, the Air Force, and the Securities and Exchange Commission.

    Reply
  9. Tomi Engdahl says:

    “We have to be able to innovate, to reimagine our defenses against growing threats in new realms like cyberspace,” Biden said in December, after learning of the SolarWinds hack. The work of shoring up digital security begins by recognizing—with all due respect to the first American President—that sometimes a robust offense is not “the surest . . . means of defence.” Sometimes, the best defense is a robust defense.
    https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face

    Reply
  10. Tomi Engdahl says:

    Google on maailman vaarallisin yhtiö, sanoo asiantuntija – nämä seikat ovat siihen johtaneet: “Raharikkaiden valta hallita koneistoa kasvaa”
    https://www.mtvuutiset.fi/artikkeli/google-on-maailman-vaarallisin-yhtio-sanoo-asiantuntija-nama-seikat-ovat-siihen-johtaneet-raharikkaiden-valta-hallita-koneistoa-kasvaa/8046154#gs.rdxdep

    Reply
  11. Tomi Engdahl says:

    DreamBus botnet targets enterprise apps running on Linux servers
    DreamBus botnet uses exploits and brute-force to target PostgreSQL, Redis, SaltStack, Hadoop, Spark, and others.
    https://www.zdnet.com/article/dreambus-botnet-targets-enterprise-apps-running-on-linux-servers/

    Reply
  12. Tomi Engdahl says:

    If ‘Facebook is Private’ Why are They Feeding Private Messages of Its Users Directly to the FBI?
    https://thefreethoughtproject.com/facebook-private-company-messages-users-fbi/

    Reply
  13. Tomi Engdahl says:

    SonicWall says it was hacked using zero-days in its own products
    The networking device vendor has published a series of mitigations as it’s investigating the incident and preparing patches.
    https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/

    Reply
  14. Tomi Engdahl says:

    Dragon targets telecom to breach security, firewall ready in 6 months
    https://telecom.economictimes.indiatimes.com/news/dragon-targets-telecom-to-breach-security-firewall-ready-in-6-months/80421259

    In a bid to counter cyber-attacks and data theft, primarily perpetrated from China, the government seems determined to implement the new security directives in the telecom sector, cleared by the Cabinet Committee on Security (CCS), within the next six months.

    Reply
  15. Tomi Engdahl says:

    DNSpooq lets attackers poison DNS cache records
    Network administrators urged to apply the latest Dnsmasq updates to prevent the new DNSpooq attacks.
    https://www.zdnet.com/google-amp/article/dnspooq-lets-attackers-poison-dns-cache-records/

    Reply
  16. Tomi Engdahl says:

    Biden administration faces mounting pressure to address SolarWinds breach
    https://www.cnn.com/2021/01/23/politics/solarwinds-hack-biden-pressure/index.html

    Reply
  17. Tomi Engdahl says:

    The far right’s favorite registrar is building ‘censorship-resistant’ servers
    https://techcrunch.com/2021/01/22/the-far-rights-favorite-registrar-is-building-censorship-resistant-servers/

    Epik CEO Rob Monster wants to give away servers with off-line content and Wi-Fi to bridge the digital divide

    “The digital divide is now a matter of life and death for people who are unable to access essential healthcare information,” said UN Secretary General António Guterres in June 2020. Almost half the global population currently has no internet access, and many who do cannot freely access all information sources. “

    Reply
  18. Tomi Engdahl says:

    Microsoft: This is how the sneaky SolarWinds hackers hid their onward attacks for so long
    https://www.zdnet.com/article/microsoft-this-is-how-the-sneaky-solarwinds-hackers-hid-their-onward-attacks-for-so-long/

    The SolarWinds hackers put in “painstaking planning” to avoid being detected on the networks of hand-picked targets.

    Reply
  19. Tomi Engdahl says:

    Robinhood, Trading 212 and other trading platforms go down amid Gamestop and AMC stock market frenzy
    https://www.independent.co.uk/life-style/gadgets-and-tech/robinhood-gaming-212-gamestop-amc-e-trade-app-not-working-b1793558.html?utm_content=Echobox&utm_medium=Social&utm_source=Facebook#Echobox=1611760734

    Robinhood, Trading 212 and other trading platforms are breaking amid a stock market trading frenzy.

    The websites had technical issues and glitches as US markets opened on perhaps one of the most-watched trading days in years.

    Even despite the issues, the stocks continued to climb. GameStop, the company that accidentally started the unusual series of events, was priced as high as $380 on Wednesday, after selling at a price below $18 just a few weeks ago.

    As people rushed to buy those shares and others, encouraged by retail investors posting on Reddit and other online forums, the trading websites seemingly struggled to cope with the demand.

    UK-based Trading 212, for instance, said that its service was being disrupted “due to an unprecedented increase in demand”. It was looking to resolve the problems “in the shortest period possible”, it said.

    Reply
  20. Tomi Engdahl says:

    Vulnerability found in top messaging apps let hackers eavesdrop
    https://www.pandasecurity.com/en/mediacenter/mobile-news/vulnerability-messaging-apps/

    Google’s Project Zero discovered that a security flaw might have allowed hackers to eavesdrop on Android users. After an investigation conducted by cybersecurity researcher Natalie Silvanovich, the expert discovered vulnerabilities in many apps with 10M+ installs on Google Play that accept incoming calls. The affected applications include hugely popular apps such as Facebook Messenger, Signal, Google Duo, JioChat, and Mocha. She described her findings in a Project Zero blog post.

    Reply
  21. Tomi Engdahl says:

    Google on maailman vaarallisin yhtiö, sanoo asiantuntija – nämä seikat ovat siihen johtaneet: “Raharikkaiden valta hallita koneistoa kasvaa”
    https://www.mtvuutiset.fi/artikkeli/google-on-maailman-vaarallisin-yhtio-sanoo-asiantuntija-nama-seikat-ovat-siihen-johtaneet-raharikkaiden-valta-hallita-koneistoa-kasvaa/8046154#gs.rf2bcd

    Reply
  22. Tomi Engdahl says:

    A severe bug was reported yesterday evening against Libgcrypt 1.9.0
    which we released last week. A new version to fix this as weel as a
    couple of build problems will be released today.

    In the meantime please stop using 1.9.0.

    It seems that Fedora 34 and Gentoo are already using 1.9.0 .
    https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html

    Reply
  23. Tomi Engdahl says:

    WALSH: Trump Supporter Faces Ten Years In Prison For Posting Memes. We Are Officially Living In A Dystopia.
    https://www.dailywire.com/news/trump-supporter-faces-ten-years-in-prison-for-posting-memes

    The FBI, apparently having finished its investigation into Bubba Wallace’s garage door pull and looking for new dragons to slay, showed up yesterday at the home of a Trump-supporting former Twitter troll and took him into custody on charges of, as a press release from the DOJ puts it, “depriving individuals of their constitutional right to vote.”

    The formal criminal complaint alleges more specifically that the accused, Douglass Mackey (AKA “Ricky Vaughn”), conspired to “injure, oppress, threaten and intimidate persons in the free exercise of a right and privilege secured to them by the Constitution.” The rest of the complaint makes it clear that all of this supposed injuring, oppressing, threatening and intimidating was conducted in the form of memes. Mackey faces 10 years in federal prison for memes.

    Reply
  24. Tomi Engdahl says:

    Brokers MANIPULATING MARKET to save hedge fund billionaires & punish retail traders @ wallstreetbets
    https://m.youtube.com/watch?v=enLiJfijWBI

    Reply
  25. Tomi Engdahl says:

    Social Media Influencer Charged with Election Interference Stemming from Voter Disinformation Campaign
    Defendant Unlawfully Used Social Media to Deprive Individuals of Their Right to Vote
    https://www.justice.gov/opa/pr/social-media-influencer-charged-election-interference-stemming-voter-disinformation-campaign

    Reply
  26. Tomi Engdahl says:

    Billionaire Mark Cuban says his 11-year-old son made money with Wall Street Bets traders and he ‘loves’ what’s going on with the Reddit forum
    https://www.businessinsider.com/mark-cuban-11-year-old-son-money-joining-wallstreetbets-reddit-2021-1

    Mark Cuban says his 11-year-old son made money trading with the Wall Street Bets forum.
    The subreddit went private for an hour Wednesday after a deluge of new participants joined.
    The SEC says it is monitoring market volatility amid surges in GameStop and other stocks.

    Reply
  27. Tomi Engdahl says:

    DDoS attacks: Big rise in threats to overload business networks
    https://www.zdnet.com/article/ddos-attacks-big-rise-in-threats-to-overload-business-networks/

    Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.

    Reply
  28. Tomi Engdahl says:

    Confused about GameStop? Five films to watch to help you pretend to understand the stock market
    You don’t have to be a redditer or a big investor to enjoy these Hollywood blockbusters that double as the perfect educational resource
    https://www.theguardian.com/business/2021/jan/29/confused-about-gamestop-five-things-to-watch-to-help-you-pretend-to-understand-the-stock-market

    Reply
  29. Tomi Engdahl says:

    Sudon haavoittuvuus mahdollistaa Unix-järjestelmissä käyttöoikeuksien korottamisen
    HAAVOITTUVUUS5/2021
    Julkaistu 28.01.2021
    Päivitetty 28.01.2021
    https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_5/21

    Unix-käyttöjärjestelmien Sudo-ohjelmasta on löydetty vakava haavoittuvuus. Puskurin ylivuotohaavoittuvuus mahdollistaa paikallisille käyttäjille oikeuksien korottamisen pääkäyttäjän (root) tasolle ja tunnistautumisen ohittamisen. Ohjelmaan on julkaistu päivitys, joka tulee asentaa välittömästi.

    Reply
  30. Tomi Engdahl says:

    Europol distributes anti-malware code via the Emotet botnet
    https://cybernews.com/security/europol-distributes-anti-malware-code-via-the-emotet-botnet/

    The feds seem to have been inside Emotet for longer than first thought – and distributed a benevolent payload.
    It’s arguably the 21st century’s most stunning law enforcement victory for cybersecurity. But the raid on those behind the Emotet botnet, which has been delivering TrickBot and Qbot banking trojans through spam messages for years, bringing misery to potentially millions of victims, has an unusual twist in the tale. Not only was the botnet brought down, but Europol has seemingly used the fact it now has control over the botnet to neuter it, once and for all.

    Cybersecurity researchers have spotted that all three Emotet epochs now deliver a payload that acts essentially as a self-destruct button for the poisonous botnet, nullifying its impact as of 25th April 2021.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*