Cyber security news February 2021

This posting is here to collect cyber security news in February 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

310 Comments

  1. Tomi Engdahl says:

    Hackers Leak Gigabytes Of Data Stolen From International Law Firm
    Jones Day
    https://www.forbes.com/sites/leemathews/2021/02/18/hackers-leak-gigabytes-of-data-stolen-from-international-law-firm-jones-day/
    Last month hackers infiltrated a server used by Jones Day, one of the
    largest and most successful law firms in the world. After failed
    attempts to extort payment from the firm, the hackers have now
    uploaded gigabytes of of highly sensitive data that were stolen in the
    attack.

    Reply
  2. Tomi Engdahl says:

    Nurserycam horror show: ‘Secure’ daycare video monitoring product
    beamed DVR admin creds to all users
    https://www.theregister.com/2021/02/18/nurserycam_security_problems_footfallcam_ltd/
    Company has a habit of reacting badly to vuln disclosures

    Reply
  3. Tomi Engdahl says:

    Hackers Target Myanmar Government Websites in Coup Protest
    https://www.securityweek.com/hackers-target-myanmar-government-websites-coup-protest

    Hackers attacked military-run government websites in Myanmar Thursday as a cyber war erupted after authorities shut down the internet for a fourth straight night.

    A group called Myanmar Hackers disrupted multiple government websites including the Central Bank, Myanmar Military’s propaganda page, state-run broadcaster MRTV, the Port Authority, Food and Drug Administration.

    Reply
  4. Tomi Engdahl says:

    Microsoft: SolarWinds attack took more than 1,000 engineers to create
    Microsoft reckons that the huge attack on security vendors and more took the combined power of at least 1,000 engineers to create.
    https://www.zdnet.com/article/microsoft-solarwinds-attack-took-more-than-1000-engineers-to-create/

    Reply
  5. Tomi Engdahl says:

    Citibank accidentally wired $500m back to lenders in user-interface super-gaffe – and judge says it can’t be undone
    Press space or click mouse to continue …wait, not yet, doh!
    https://www.theregister.com/2021/02/19/citibank_money_mistake/?utm_source=dlvr.it&utm_medium=facebook

    A judge has ruled that Citibank can’t claw back more than $500m (£360m) it mistakenly paid out after outsourced staff and a senior manager made a nearly billion-dollar (£700m) user-interface blunder.

    Reply
  6. Tomi Engdahl says:

    New malware found on 30,000 Macs has security pros stumped
    With no payload, analysts are struggling to learn what this mature malware does.
    https://arstechnica.com/information-technology/2021/02/new-malware-found-on-30000-macs-has-security-pros-stumped/

    Reply
  7. Tomi Engdahl says:

    Screenshot of the Horrific UI Design That Led Citigroup to Accidentally Send $893 Million
    There is a huge opportunity for UI designers to create better financial software
    https://www.core77.com/posts/105540/Screenshot-of-the-Horrific-UI-Design-That-Led-Citigroup-to-Accidentally-Send-893-Million?fbclid=IwAR1hKL9iQBFTudMpKt2LvYki4LKHDquhu2ANlYX7VGOoNZzIeeRUIOrb15o

    Reply
  8. Tomi Engdahl says:

    30% of “SolarWinds hack” victims didn’t actually use SolarWinds
    “This campaign should not be thought of as the SolarWinds campaign,” says DHS.
    https://arstechnica.com/information-technology/2021/01/30-of-solarwinds-hack-victims-didnt-actually-use-solarwinds/

    Reply
  9. Tomi Engdahl says:

    COMB: largest breach of all time leaked online with 3.2 billion records
    https://cybernews.com/news/largest-compilation-of-emails-and-passwords-leaked-free/

    It’s being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of Many Breaches, contains more than 3.2 billion unique pairs of cleartext emails and passwords. While many data breaches and leaks have plagued the internet in the past, this one is exceptional in the sheer size of it. To wit, the entire population of the planet is at roughly 7.8 billion, and this is about 40% of that.

    Reply
  10. Tomi Engdahl says:

    Web hosting provider shuts down after cyberattack
    https://www.zdnet.com/article/web-hosting-provider-shuts-down-after-cyber-attack/

    Two other UK web hosting providers also suffered similar hacks over the weekend, although it’s unconfirmed if the attacks are related.

    A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation

    Reply
  11. Tomi Engdahl says:

    “ShareIt” Android app with over a billion downloads is a security nightmare
    Trend Micro audited one of Android’s most popular file-sharing apps. It’s not good.
    https://arstechnica.com/gadgets/2021/02/shareit-android-app-with-over-a-billion-downloads-is-a-security-nightmare/

    Reply
  12. Tomi Engdahl says:

    Data breach warning after California DMV contractor hit by file-stealing ransomware
    https://techcrunch.com/2021/02/18/california-motor-vehicles-afts-ransomware/

    Reply
  13. Tomi Engdahl says:

    Security firm Stormshield discloses data breach, theft of source code
    Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.
    https://www.zdnet.com/article/security-firm-stormshield-discloses-data-breach-theft-of-source-code/

    Reply
  14. Tomi Engdahl says:

    Experian challenged over massive data leak in Brazil
    https://www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil/

    Consumer rights body criticizes explanations from the credit bureau in relation to the data exposure of over 220 million citizens.

    After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and said it is likely that the incident was initiated in a corporate environment.

    Procon notified the credit information multinational following the emergence of a leak that exposed the personal data of more than 220 million citizens and companies, which is being offered for sale in the dark web. Security firm PSafe discovered the incident, which exposed all manner of personal details, including information from Mosaic, a consumer segmentation model used by Serasa, Experian’s Brazilian subsidiary.

    Reply
  15. Tomi Engdahl says:

    Jamaica’s immigration website exposed thousands of travelers’ data
    Immigration documents and COVID-19 lab results were left unprotected
    https://techcrunch.com/2021/02/17/jamaica-immigration-travelers-data-exposed/

    Reply
  16. Tomi Engdahl says:

    This Website Made Clubhouse Conversations Public
    A developer was streaming Clubhouse conversations directly to a website available to anyone, even people without a Clubhouse account.
    https://www.vice.com/en/article/k7a9nx/this-website-made-clubhouse-conversations-public

    Reply
  17. Tomi Engdahl says:

    Hacker Leaks Files from Jones Day Law Firm, Which Worked on Trump Election Challenges
    “We hacked their server where they stored data, on attempts to ‘settle’ they responded with silence and we had to upload the data,” the hackers said.
    https://www.vice.com/en/article/88a7jv/hacker-leaks-files-from-jones-day-law-firm-which-represented-trump-in-election-challenges

    Reply
  18. Tomi Engdahl says:

    China Hijacked an NSA Hacking Tool in 2014—and Used It for Years
    https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/

    The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.

    MORE THAN FOUR years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raised—whether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong hands—still haunts the security community. That wound has now been reopened, with evidence that Chinese hackers obtained and reused another NSA hacking tool years before the Shadow Brokers brought it to light.

    On Monday, the security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Judgment Panda, had somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group, a security industry name for the highly sophisticated hackers widely understood to be a part of the NSA. According to Check Point, the Chinese group in 2014 built their own hacking tool from EpMe code that dated back to 2013. The Chinese hackers then used that tool, which Check Point has named “Jian” or “double-edged sword,” from 2015 until March 2017, when Microsoft patched the vulnerability it attacked.

    That would mean APT31 had access to the tool, a “privilege escalation” exploit that would allow a hacker who already had a foothold in a victim network to gain deeper access, long before the late 2016 and early 2017 Shadow Brokers leaks.

    Only in early 2017 did Lockheed Martin discover China’s use of the hacking technique. Because Lockheed has largely US customers, Check Point speculates that the hijacked hacking tool may have been used against Americans.

    Reply
  19. Tomi Engdahl says:

    Ukraine accuses Russian networks of new massive cyber attacks
    https://www.reuters.com/article/us-ukraine-cyber-idUSKBN2AM1VF

    KYIV (Reuters) – Ukraine on Monday accused unnamed Russian internet networks of massive attacks on Ukrainian security and defence websites, but gave no details of any damage done or say who it believed was behind the assault.

    Kyiv has previously accused Moscow of orchestrating large cyber attacks as part of a “hybrid war” against Ukraine, which Russia denies.

    However, a statement from Ukraine’s National Security and Defence Council did not disclose who it believed organised the attacks or give any details about the effect the intrusions may have had on Ukrainian cyber security.

    Reply
  20. Tomi Engdahl says:

    The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
    https://research.checkpoint.com/2021/the-story-of-jian/

    Reply
  21. Tomi Engdahl says:

    Kroger becomes latest victim of third-party software data breach
    The December hack involved a file-transfer product called FTA, developed by California-based company Accellion
    https://www.foxbusiness.com/technology/kroger-becomes-latest-victim-of-third-party-software-data-breach

    Kroger Co. says it was among the multiple victims of a data breach involving a third-party vendor’s file-transfer service and is notifying potentially impacted customers, offering them free credit monitoring.

    The Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1% of its customers were affected — specifically some using its Health and Money Services — as well as some current and former employees because a number of personnel records were apparently viewed.

    Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, a California-based company, and that it was notified of the incident on Jan. 23, when it discontinued use of Accellion’s services. Companies use the file-transfer product to share large amounts of data and hefty email attachments.

    Accellion has more than 3,000 customers worldwide. It has said that the affected product was 20 years old and nearing the end of its life. The company said on Feb. 1 that it had patched all known FTA vulnerabilities.

    Other Accellion customers affected by the hack include the University of Colorado, Washington State’s auditor, Australia’s financial regulator, the Reserve Bank of New Zealand and the prominent U.S. law firm Jones Day.

    Reply
  22. Tomi Engdahl says:

    Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET
    Linux variant studied, dissected in detail in case you want to look out for it
    https://www.theregister.com/2021/02/03/kobalos_malware/

    Reply
  23. Tomi Engdahl says:

    Airplane maker Bombardier data posted on ransomware leak site following FTA hack
    Bombardier is the latest in a long string of hacks caused by companies using old versions of the Accellion FTA file-sharing server.
    https://www.zdnet.com/article/airplane-maker-bombardier-data-posted-on-ransomware-leak-site-following-fta-hack/

    Reply
  24. Tomi Engdahl says:

    Hundreds of workers at cybersecurity agency vote to strike
    https://www.cbc.ca/news/politics/cse-cybersecurity-strike-1.5926825

    Hundreds of workers at Canada’s foreign signals intelligence agency have voted to strike — a move that comes as the threat of state-sponsored cyber attacks related to the pandemic appears to be rising.

    CSE, one of Canada’s key intelligence agencies, employs about 2,900 people and is responsible for foreign intelligence and cybersecurity.

    “CSE management is refusing to apply a wage increase to the portion of workers’ salaries that is made up of market allowances,” said Silas.

    Reply
  25. Tomi Engdahl says:

    SIM Swappers Stole $100 Million from ‘Well-Known Influencers’ Before Getting Arrested, Authorities Say
    https://therecord.media/sim-swappers-stole-100-million-from-well-known-influencers-before-getting-arrested-authorities-say/

    An international law enforcement operation arrested ten suspected hackers who are accused of targeting U.S. celebrities with SIM swapping attacks that netted them $100 million in cryptocurrency.

    “Well-known sports stars, musicians, and influencers” were targeted in the scheme, which involved exploiting phone service providers to deactivate a victim’s SIM and transfer the number to one owned by a member of the criminal network. This let the attackers intercept messages directed to the victims, allowing them to hijack accounts, steal money, and masquerade as the victims on social media, authorities said.

    The operation was announced by Europol and consisted of law enforcement agencies from the U.S., United Kingdom, Belgium, Malta, and Canada.

    Reply
  26. Tomi Engdahl says:

    The Fed’s system that allows banks to send money back and forth went down for several hours
    https://www.cnbc.com/2021/02/24/the-feds-system-that-allows-banks-to-send-money-back-and-forth-is-down.html

    The Federal Reserve’s system that allows financial institutions to send money back and forth electronically went down for several hours Wednesday, but appeared to be coming back online later in the afternoon.

    The “operational error,” as the Fed described it, impacted multiple services, including its pivotal automated clearinghouse system, which connects depository and related institutions sending electronic credit and debt transfers.

    The list of services impacted: Account Services, Central Bank, Check 21, Check Adjustments, FedACH, FedCash, FedLine Advantage, FedLine Command, FedLine Direct, FedLine Web, Fedwire Funds, Fedwire Securities and National Settlement.

    The outage occurred the same week Fed Chairman Jerome Powell spoke to Capitol Hill legislators about the progress the central bank has made on its consumer-focused payments system and efforts to develop a “digital dollar.”

    Reply
  27. Tomi Engdahl says:

    Federal Reserve falls over in massive hours-long tech outage, knocks down US inter-bank transfer system
    Few details beyond ‘operational error’
    https://www.theregister.com/AMP/2021/02/24/federal_reserve_outage/?__twitter_impression=true

    The US Federal Reserve’s money-transfer systems failed on Wednesday for a number of hours, likely halting the electronic movement of billions of dollars.

    Just before 1300 EST, the Fed noted it was “currently investigating a possible issue or disruption to multiple services,” and promised quick updates.

    The IT outage at the United States’ central banking system effectively prevented the nation’s financial institutions from electronically sending money to each other, knackering wire transfers and deposits. The breakdown also affected a wide variety of services,

    Reply
  28. Tomi Engdahl says:

    Entire Federal Reserve payment system CRASHES due to ‘operational error’ freezing $3trillion in daily transactions including paychecks, tax refunds and bill payments
    https://trib.al/KYQKbsE

    All Federal Reserve settlement services suffered disruptions on Wednesday

    The key banking systems were offline for more than three hours

    Fed says that the massive outage was caused by an ‘operational error’

    Systems affected form the backbone of US banking and financial sector

    Fedwire is used by banks to transfer an average of $3.3 trillion every day

    FedACH handles smaller transactions such as paychecks and tax refunds

    Reply
  29. Tomi Engdahl says:

    Federal Reserve Financial-Services Systems Disrupted for Hour
    https://www.wsj.com/articles/federal-reserve-reports-several-business-lines-disrupted-by-operational-error-11614194912

    Treasury sees no sign of cyberattack behind interruptions of electronic-payments services to business and government clients

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*