This posting is here to collect cyber security news December 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
175 Comments
Tomi Engdahl says:
The biggest hacks, data breaches of 2020
https://www.zdnet.com/article/the-biggest-hacks-data-breaches-of-2020/
A pandemic is no reason for hackers to hold off cyberattacks against everything from government bodies to healthcare providers.
cyberattackers certainly haven’t given anyone a break this year. Data breaches, network infiltrations, bulk data theft and sale, identity theft, and ransomware outbreaks have all occurred over 2020 and the underground market shows no signs of stopping.
Tomi Engdahl says:
Trump Takes Bipartisan Criticism For Silence On Massive Cyber Attack
https://www.forbes.com/sites/andrewsolender/2020/12/17/trump-takes-bipartisan-criticism-for-silence-on-massive-cyber-attack/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
President Donald Trump is taking heat from members of Congress in both parties in recent days for his continued silence on a massive cybersecurity breach linked to Russia, even as the president’s own officials say the U.S. is highly vulnerable to further attacks.
“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” the agency said in a statement on Thursday.
President-elect Joe Biden signaled that the hack, and cybersecurity more generally, will take more precedence in his administration than it does under Trump. “I have instructed my team to learn as much as we can about this breach,” he said in a statement on monday, vowing to make cybersecurity a “top priority” and “an imperative” and stating, “Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.”
Tomi Engdahl says:
https://en.wikipedia.org/wiki/SolarWinds
Tomi Engdahl says:
FireEye, Microsoft find ‘killswitch’ to hamper SolarWinds-related malware
https://www.cyberscoop.com/fireeye-microsoft-solar-winds-killswitch-hack/
As the U.S. government works to contain a sprawling hacking campaign that relies on software in technology from SolarWinds, a federal contractor, technology firms are disabling some of the hackers’ key infrastructure.
Cybersecurity giant FireEye on Wednesday said that it had worked with Microsoft and the domain registrar GoDaddy to take over one of the domains that attackers had used to send malicious code to victim machines. The move is no panacea for stopping the suspected state-sponsored hacking campaign, though it could help stem the tide of victims, which reportedly includes the departments of Treasury and Homeland Security.
The seized domain, known as a “killswitch,” will “affect new and previous” infections of the malicious code coming from that particular domain
Tomi Engdahl says:
JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), AND THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI)
https://www.dni.gov/index.php/newsroom/press-releases/item/2175-joint-statement-by-the-federal-bureau-of-investigation-fbi-the-cybersecurity-and-infrastructure-security-agency-cisa-and-the-office-of-the-director-of-national-intelligence-odni
Tomi Engdahl says:
The SolarWinds Breach Poses Five Urgent Cybersecurity Challenges For CIOs
https://www.forbes.com/sites/martingiles/2020/12/17/solarwinds-hackers-five-cybersecurity-challenges-for-cios/?sh=4cba4bd321b6&utm_source=FBPAGE&utm_medium=social&utm_content=4329468588&utm_campaign=sprinklrForbesMainFB
If you compare cyber firefighting with battling wildfires, then the recent SolarWinds security breach is like an incredibly serious blaze that demands all hands to the pumps. Former federal officials say the attack could turn out to be the worst ever cyber breach of U.S. government systems.
If you compare cyber firefighting with battling wildfires, then the recent SolarWinds security breach is like an incredibly serious blaze that demands all hands to the pumps. Former federal officials say the attack could turn out to be the worst ever cyber breach of U.S. government systems.
The intrusion let the attackers monitor internal email traffic at a number of different agencies and it’s possible they were also able to get their hands on other sensitive information too. The incident has already triggered a far-reaching review of systems across U.S. government departments, including the Pentagon, the Treasury and the National Security Agency (NSA). According to a report in Politico, the hackers were even able to breach the the government agency in charge of the U.S. nuclear weapons stockpile. President-elect Joseph Biden has said he will “not stand idly by” while the U.S.’s national security is jeopardized.
Tomi Engdahl says:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recommended that federal agencies “disconnect or power down” SolarWinds Orion products. On December 17 it issued an update saying that it had determined that the federal government, state, local, tribal and territorial organizations, as well as critical infrastructure entities and private sector organizations all face a “grave risk” from the threat.
Although government agencies are in the eye of the storm, CISA’s warning makes clear businesses also have plenty to worry about. SolarWinds, which has said in an S.E.C. filing it believes 18,000 customers downloaded Orion-related code containing the malware, also counts plenty of large companies among its clients. The malware was present between March and June this year, but the hackers will have had access for far longer to Orion.
https://www.forbes.com/sites/martingiles/2020/12/17/solarwinds-hackers-five-cybersecurity-challenges-for-cios/?sh=4cba4bd321b6&utm_source=FBPAGE&utm_medium=social&utm_content=4329468588&utm_campaign=sprinklrForbesMainFB
Tomi Engdahl says:
https://thehackernews.com/2020/12/new-evidence-suggests-solarwinds.html?m=1
The investigation into how the attackers managed to compromise SolarWinds’ internal network and poison the company’s software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack.
A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the espionage campaign likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process.
“The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed, and delivered through the existing software patch release management system,” ReversingLabs’ Tomislav Pericin said.
Tomi Engdahl says:
https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html
In light of this hack the statement given by CISA last month is hilarious.
“The November 3rd election was the most secure in American history”
https://www.cisa.gov/news/2020/11/12/joint-statement-elections-infrastructure-government-coordinating-council-election
Tomi Engdahl says:
“Evil mobile emulator farms” used to steal millions from US and EU banks
Scale of operation is unlike anything researchers had seeno before.
https://arstechnica.com/information-technology/2020/12/evil-mobile-emulator-farms-used-to-steal-millions-from-us-and-eu-banks/
Researchers from IBM Trusteer say they’ve uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days.
The scale of the operation was unlike anything the researchers have seen before. In one case, crooks used about 20 emulators to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had been compromised. In a separate case, a single emulator was able to spoof more than 8,100 devices, as shown in the following image:
The thieves then entered usernames and passwords into banking apps running on the emulators and initiated fraudulent money orders that siphoned funds out of the compromised accounts. Emulators are used by legitimate developers and researchers to test how apps run on a variety of different mobile devices.
“This mobile fraud operation managed to automate the process of accessing accounts, initiating a transaction, receiving and stealing a second factor (SMS in this case), and in many cases using those codes to complete illicit transactions,” IBM Trusteer researchers Shachar Gritzman and Limor Kessem wrote in a post. “The data sources, scripts, and customized applications the gang created flowed in one automated process which provided speed that allowed them to rob millions of dollars from each victimized bank within a matter of days.”
Tomi Engdahl says:
SolarWinds Hack: Cisco And Equifax Amongst Corporate Giants Finding Malware… But No Sign Of Russian Spies
https://www.forbes.com/sites/thomasbrewster/2020/12/19/solarwinds-hack-cisco-and-equifax-amongst-corporate-giants-finding-malware-but-no-sign-of-russian-spies/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&sh=92f31317865e
Companies are looking to put out digital fires across the globe, after IT software supplier SolarWinds was breached in order to infect as many as 18,000 of its customers.
Whilst government departments from the Treasury to the Department of Defense have undoubtedly suffered as a result of the SolarWinds breach allegedly perpetrated by Russian hackers, private organisations are scrambling to determine if they’ve been hit and to what extent.
Networking giant Cisco joined Microsoft in confirming a breach, though like its Redmond counterpart it believes the impact is limited, though investigations continue.
Showing the breadth of verticals likely hit in the widespread attacks, which are believed to have started with tampered downloads of SolarWinds Orion software, credit score company Equifax and energy giant GE have both been going through their logs looking for signs of compromise.
The attacks show that the hackers were able to find a glaring loophole affecting both private and public sectors, and they had access to potentially exploit a huge number of companies and government departments. But they also indicate that, whoever the attackers were, they only chose to steal data from a selection of thousands of victims, even where they had the chance to steal data from some of the world’s biggest businesses.
SolarWinds said the number of customers who might be affected by the attacks could be as high as 18,000. Reuters reported on Friday that Cox Communications had been hit by the malicious version of the SolarWinds tool, but had not seen any major impact.
The government bodies that were hit include the departments of Defense, Energy, Treasury and Commerce.
Tomi Engdahl says:
Trump Still Won’t Criticize Russia: Claims Massive Cyber Hack “May Be China” But Offers No Evidence
https://www.forbes.com/sites/tommybeer/2020/12/19/trump-still-wont-criticize-russia-claims-massive-cyber-hack-may-be-china-but-offers-no-evidence/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
“The Cyber Hack is far greater in the Fake News Media than in actuality,” Trump tweeted Saturday morning, adding, “everything is well under control,” and “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)”
Tomi Engdahl says:
Why the FireEye hack set a new precedent for state sponsored cyber-espionage
https://cybernews.com/editorial/why-the-fireeye-hack-set-a-new-precedent-for-state-sponsored-cyber-espionage/
Tomi Engdahl says:
Research: nearly all of your messaging apps are secure
https://cybernews.com/security/research-nearly-all-of-your-messaging-apps-are-secure/
Tomi Engdahl says:
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
Tomi Engdahl says:
VMware Flaw a Vector in SolarWinds Breach?
https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks.
Tomi Engdahl says:
Hackers’ broad attack sets cyber experts worldwide scrambling to defend networks
https://www.reuters.com/article/us-global-cyber-idUSKBN28S2V3
Tomi Engdahl says:
Koronarokotteiden ryöstöriski on niin iso, ettei kuljetuksista ja varastoinnista tiedä juuri kukaan – THL: Erityisesti pitkäaikaiset varastointipaikat salattava
Pfizer kertoo, että rokotteiden lähetyslaatikoissa on GPS-seurantaa hyödyntävä anturi.
https://yle.fi/uutiset/3-11706061
Tomi Engdahl says:
Microsoft says it found malicious software in its systems
https://www.reuters.com/article/us-usa-cyber-breach-idUSKBN28R2ZJ
SAN FRANCISCO (Reuters) -Microsoft Corp said on Thursday it found malicious software in its systems related to a massive hacking campaign disclosed by U.S. officials this week, adding a top technology target to a growing list of attacked government agencies.
Tomi Engdahl says:
Exclusive: Microsoft breached in suspected Russian hack using SolarWinds -sources
https://www.reuters.com/article/us-global-cyber-microsoft-idUSKBN28R3BY
Tomi Engdahl says:
RUSSIAN HACKERS HAVE BEEN INSIDE AUSTIN CITY NETWORK FOR MONTHS
Russia appears to have used Austin’s network as infrastructure to stage additional cyberattacks.
https://theintercept.com/2020/12/17/russia-hack-austin-texas/
Tomi Engdahl says:
Russia’s Hack Wasn’t Cyberwar. That Complicates US Strategy
To evaluate whether cybersecurity tactics are working, you need to first establish what the SolarWinds hack really was.
https://www.wired.com/story/russia-solarwinds-hack-wasnt-cyberwar-us-strategy/
Tomi Engdahl says:
Why the US government hack is literally keeping security experts awake at night
https://www.cnn.com/2020/12/16/tech/solarwinds-orion-hack-explained/index.html
Tomi Engdahl says:
Jättimäisen tietomurron takana yksi yhtiö – käytössä luokattoman huono salasana
keskiviikko 16.12.2020 klo 21:07
Hakkerit käänsivät SolarWinds-yhtiön hallitsevan aseman omaksi edukseen.
https://www.iltalehti.fi/digiuutiset/a/bce0d090-d63c-4c89-9a40-2fd2a2e1bc46
Hakkerit käyttivät iskussaan hyödyksi SolarWindsin hallitsevaa asemaa markkinoilla. Reutersin mukaan yhtiön toimitusjohtaja Kevin Thompson hehkuttikin lokakuussa, kuinka SolarWinds oli ainakin jollain tasolla osallisena joka ikisessä tietokanta- tai it-toteutusmallissa.
– Me hoidamme kaikkien nettilaitteistoja, Thompson sanoi.
Hallitsevasta asemasta on nyt tullut riippakivi.
Tomi Engdahl says:
Up to 3 million devices infected by malware-laced Chrome and Edge add-ons
https://arstechnica.com/information-technology/2020/12/up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons/
Tomi Engdahl says:
Massive hack of US government launches search for answers as Russia named top suspect
https://www.cnn.com/2020/12/16/politics/us-government-agencies-hack-uncertainty/index.html
Tomi Engdahl says:
Microsoft says internal probe finds malicious SolarWinds code, no sign of further impact yet
https://www.geekwire.com/2020/microsoft-says-internal-probe-finds-malicious-solarwinds-code-no-sign-impact-yet/
Tomi Engdahl says:
https://en.wikipedia.org/wiki/SolarWinds
https://finance.yahoo.com/quote/SWI/
Tomi Engdahl says:
Microsoft president calls SolarWinds hack an “act of recklessness“
https://arstechnica.com/information-technology/2020/12/only-an-elite-few-solarwinds-hack-victims-received-follow-on-attacks/
Tomi Engdahl says:
Red Hat’s crime against CentOS
In the beginning, no one expected to get Red Hat Enterprise Linux for free. The end of CentOS as a free drop-in replacement is no cause for outrage.
https://www.infoworld.com/article/3601202/red-hats-crime-against-centos.html
Tomi Engdahl says:
FireEye, Microsoft find ‘killswitch’ to hamper SolarWinds-related malware
https://www.cyberscoop.com/fireeye-microsoft-solar-winds-killswitch-hack/
Tomi Engdahl says:
Where CentOS Linux users can go from here
Upset about what’s happened with CentOS Linux? Here are your best alternative operating systems.
https://www.zdnet.com/article/where-centos-linux-users-can-go-from-here/
Tomi Engdahl says:
Microsoft, FireEye confirm SolarWinds supply chain attack
Known victims so far include the US Treasury, the US NTIA, and FireEye itself.
https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/
Tomi Engdahl says:
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability
Russian hackers are using a VMWare bug to plant web shells inside hacked networks and pivot to Microsoft ADFS servers from where they steal sensitive data.
https://www.zdnet.com/article/nsa-warns-of-russian-state-sponsored-hackers-exploiting-vmware-vulnerability/
Tomi Engdahl says:
Russian government hackers behind breach at US treasury and commerce departments
Hackers broke into Microsoft’s Office 365 and monitored staff emails for months, according to report
https://www.independent.co.uk/news/world/americas/us-politics/us-treasury-hackers-breach-trump-russia-b1772639.html
Tomi Engdahl says:
Week in review: FireEye breach, vulnerable TCP/IP stacks, Kali Linux and the future of pentesting
https://www.helpnetsecurity.com/2020/12/13/week-in-review-fireeye-breach-vulnerable-tcp-ip-stacks-kali-linux-and-the-future-of-pentesting/
Tomi Engdahl says:
Cyberattack on Intel: Hackers claim they breached the network of chipmaker Habana Labs
Pay2key account posts images of breached materials on Twitter; attack seen as criminally motivated
https://www.calcalistech.com/ctech/articles/0,7340,L-3881412,00.html
Tomi Engdahl says:
Hackers hide web skimmer inside a website’s CSS files
https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Previously, security researchers found web skimmers (Magecart scripts) inside favicons, site logos, live chat windows, and, most recently, in social media sharing buttons.
Tomi Engdahl says:
Pfizer vaccine data breached in cyber attack on European medicine regulator
The European Medicines Regulator is still waiting to approve two vaccines
https://www.telegraph.co.uk/technology/2020/12/09/pfizer-vaccine-data-breached-attack-european-medicine-regulator/
Tomi Engdahl says:
Hackers are selling more than 85,000 MySQL databases on a dark web portal
Hackers break into databases, steal their content, hold it for ransom for 9 days, and then sell to the highest bidder if the DB owner doesn’t want to pay the ransom demand.
https://www.zdnet.com/article/hackers-are-selling-more-than-85000-sql-databases-on-a-dark-web-portal/
Tomi Engdahl says:
Hacked networks will need to be burned ‘down to the ground’
https://www.foxnews.com/tech/hacked-networks-burned-down-to-the-ground
“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left.”
It’s going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.
Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.
It’s not clear exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry, COVID-19 vaccine-related research and information for dossiers on key government and industry leaders.
Many federal workers — and others in the private sector — must presume that unclassified networks are teeming with spies. Agencies will be more inclined to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.
What makes this hacking campaign so extraordinary is its scale — 18,000 organizations were infected from March to June by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.
Only a sliver of those infections were activated to allow hackers inside. FireEye says it has identified dozens of examples, all “high-value targets.” Microsoft, which has helped respond, says it has identified more than 40 government agencies, think tanks, government contractors, non-governmental organizations and technology companies infiltrated by the hackers, 75% in the United States.
SolarWinds’ customers include most Fortune 500 companies, and it’s U.S. government clients are rich with generals and spymasters.
The difficulty of extracting the suspected Russian hackers’ tool kits is exacerbated by the complexity of SolarWinds’ platform, which has dozen of different components.
“This is like doing heart surgery, to pull this out of a lot of environments,” said Edward Amoroso, CEO of TAG Cyber.
Tomi Engdahl says:
‘It Happened On My Watch’: Chris Krebs Says Russia Exploited Outdated Systems For Cyberattack
https://www.forbes.com/sites/jemimamcevoy/2020/12/20/it-happened-on-my-watch-chris-krebs-says-russia-exploited-outdated-systems-for-cyberattack/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
The former director of the federal cybersecurity agency, Chris Krebs, who the president fired last month for defending the integrity of the 2020 election, said the wide-scale cyberattack on the federal government that was made public last week was almost certainly conducted by Russia and was possible because of a “seam” in defenses.
“We missed it … a bunch of other folks missed it,” said Krebs, explaining that the hack was possible because of outdated systems across government agencies that have not been “optimized” to proactively defend against unknown attacks.
Tomi Engdahl says:
Fox News, Newsmax Walk Back Election Fraud Claims After Voting Machine Manufacturer Threatens Legal Action
http://on.forbes.com/6188HRYTy
Without explicitly addressing their prior coverage, Fox News and Newsmax both aired segments over the past few days walking back a subset of election fraud claims centering around voting machines manufacturer Smartmatic, which earlier this month delivered legal notices to a trio of conservative networks for promoting baseless conspiracy theories about the company.
Tomi Engdahl says:
Lists of Companies Affected by the SolarWinds Hack has Published
https://threatit.com/articles/lists-of-companies-affected-by-the-solarwinds-hack-published/
Several information security companies have published lists of SolarWinds customers who have been affected by the hacking of the company and the infection of the Orion platform with malware. The victims of hackers include tech companies, local governments, universities, hospitals, banks, telecom operators and many others.
Notable names include Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense. MediaTek, one of the world’s largest semiconductor manufacturers, is also believed to have been affected, although researchers are not yet 100% sure.
Let me remind you that the malware that spread using malicious versions of Orion (released between March and June 2020) was codenamed SUNBURST (aka Solorigate). According to reports from Microsoft , FireEye , McAfee , Symantec , Kaspersky Lab and the US Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency ( DHS CISA ), the malware collected information about the victim’s network in infected systems, waited 12-14 days and then sent this data to the attackers’ remote server. If after that the malware operators recognized the company’s network as interesting, they developed the attack further and continued to collect information.
According to official figures, of the 300,000 SolarWinds customers, only 33,000 were using Orion, and the infected version of the platform was installed on 18,000 customers.
It turned out that SUNBURST was sending data collected on the infected network to the URL of its C&C server, unique for each victim. The unique URLs were subdomains of avsvmcloud [.] Com
Let me remind you that, according to FireEye, despite the compromise of 18,000 SolarWinds customers, the hackers continued to attack only the networks of 50 companies . Microsoft experts, in turn, wrote that they were able to identify about 40 victims from among their customers.
The attack usually progressed when the avsvmcloud [.] Cxom control server responded to malware with a specific DNS response with a specific CNAME field. This special field contained the address of the second command and control server, from which SUNBURST could receive additional commands and sometimes download more malware.
At present, only one company is known for certain, which the hackers continued to hack – this is the information security company FireEye, whose reaction to the attack shed light on the compromise of SolarWinds in general.
Partial lists of organizations infected with Sunburst malware released online
https://www.zdnet.com/article/partial-lists-of-organizations-infected-with-sunburst-malware-released-online/
As security researchers dig through forensic evidence in the aftermath of the SolarWinds supply chain attack, victim names are slowly starting to surface.
Tomi Engdahl says:
SolarWinds victims revealed after cracking the Sunburst malware DGA
https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/
Tomi Engdahl says:
VMware latest to confirm breach in SolarWinds hacking campaign
https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts.
The company said that the hackers did not make any efforts to further exploiting their access after deploying the backdoor now tracked as Sunburst or Solarigate.
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts.
The company said that the hackers did not make any efforts to further exploiting their access after deploying the backdoor now tracked as Sunburst or Solarigate.
https://www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html
Tomi Engdahl says:
Congratulations, the US got you cryptocurrency regulation for Christmas
A proposed rule change targets private wallets
https://www.theverge.com/2020/12/22/22195834/cryptocurrency-fincen-regulations-private-wallets
Tomi Engdahl says:
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
https://threatpost.com/smart-doorbell-vulnerable-to-attack/162527/
Investigation reveals device sector is problem plagued when it comes to security bugs.
Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from hardcoded credentials, authentication issues and devices shipping with unpatched and longstanding critical bugs.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/
Tomi Engdahl says:
Microsoft Azure breach left thousands of customer records exposed
https://www.techradar.com/news/microsoft-azure-breach-left-thousands-of-customer-records-exposed
Thanks to questionable security practises by an app developer, more than half a million sensitive documents of its customers were exposed on the Internet. The documents were housed in an unprotected Microsoft Azure blob storage and could be viewed by anyone with the direct address of the files, without any kind of authentication.