This posting is here to collect cyber security news in February 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
310 Comments
Tomi Engdahl says:
Hackers Leak Gigabytes Of Data Stolen From International Law Firm
Jones Day
https://www.forbes.com/sites/leemathews/2021/02/18/hackers-leak-gigabytes-of-data-stolen-from-international-law-firm-jones-day/
Last month hackers infiltrated a server used by Jones Day, one of the
largest and most successful law firms in the world. After failed
attempts to extort payment from the firm, the hackers have now
uploaded gigabytes of of highly sensitive data that were stolen in the
attack.
Tomi Engdahl says:
Nurserycam horror show: ‘Secure’ daycare video monitoring product
beamed DVR admin creds to all users
https://www.theregister.com/2021/02/18/nurserycam_security_problems_footfallcam_ltd/
Company has a habit of reacting badly to vuln disclosures
Tomi Engdahl says:
Hackers Target Myanmar Government Websites in Coup Protest
https://www.securityweek.com/hackers-target-myanmar-government-websites-coup-protest
Hackers attacked military-run government websites in Myanmar Thursday as a cyber war erupted after authorities shut down the internet for a fourth straight night.
A group called Myanmar Hackers disrupted multiple government websites including the Central Bank, Myanmar Military’s propaganda page, state-run broadcaster MRTV, the Port Authority, Food and Drug Administration.
Tomi Engdahl says:
France to Boost Cyberdefense After Hospital Malware Attacks
https://www.securityweek.com/france-boost-cyberdefense-after-hospital-malware-attacks
Tomi Engdahl says:
Microsoft: SolarWinds attack took more than 1,000 engineers to create
Microsoft reckons that the huge attack on security vendors and more took the combined power of at least 1,000 engineers to create.
https://www.zdnet.com/article/microsoft-solarwinds-attack-took-more-than-1000-engineers-to-create/
Tomi Engdahl says:
The long hack: how China exploited a US tech supplier
https://www.osnews.com/story/133017/the-long-hack-how-china-exploited-a-us-tech-supplier/
Tomi Engdahl says:
Citibank accidentally wired $500m back to lenders in user-interface super-gaffe – and judge says it can’t be undone
Press space or click mouse to continue …wait, not yet, doh!
https://www.theregister.com/2021/02/19/citibank_money_mistake/?utm_source=dlvr.it&utm_medium=facebook
A judge has ruled that Citibank can’t claw back more than $500m (£360m) it mistakenly paid out after outsourced staff and a senior manager made a nearly billion-dollar (£700m) user-interface blunder.
Tomi Engdahl says:
New malware found on 30,000 Macs has security pros stumped
With no payload, analysts are struggling to learn what this mature malware does.
https://arstechnica.com/information-technology/2021/02/new-malware-found-on-30000-macs-has-security-pros-stumped/
Tomi Engdahl says:
Screenshot of the Horrific UI Design That Led Citigroup to Accidentally Send $893 Million
There is a huge opportunity for UI designers to create better financial software
https://www.core77.com/posts/105540/Screenshot-of-the-Horrific-UI-Design-That-Led-Citigroup-to-Accidentally-Send-893-Million?fbclid=IwAR1hKL9iQBFTudMpKt2LvYki4LKHDquhu2ANlYX7VGOoNZzIeeRUIOrb15o
Tomi Engdahl says:
https://www.zdnet.com/article/ransomware-gangs-are-abusing-vmware-esxi-exploits-to-encrypt-virtual-hard-disks/
Tomi Engdahl says:
30% of “SolarWinds hack” victims didn’t actually use SolarWinds
“This campaign should not be thought of as the SolarWinds campaign,” says DHS.
https://arstechnica.com/information-technology/2021/01/30-of-solarwinds-hack-victims-didnt-actually-use-solarwinds/
Tomi Engdahl says:
COMB: largest breach of all time leaked online with 3.2 billion records
https://cybernews.com/news/largest-compilation-of-emails-and-passwords-leaked-free/
It’s being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of Many Breaches, contains more than 3.2 billion unique pairs of cleartext emails and passwords. While many data breaches and leaks have plagued the internet in the past, this one is exceptional in the sheer size of it. To wit, the entire population of the planet is at roughly 7.8 billion, and this is about 40% of that.
Tomi Engdahl says:
Web hosting provider shuts down after cyberattack
https://www.zdnet.com/article/web-hosting-provider-shuts-down-after-cyber-attack/
Two other UK web hosting providers also suffered similar hacks over the weekend, although it’s unconfirmed if the attacks are related.
A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation
Tomi Engdahl says:
3.2B email and password pairs were just leaked in the mother of all data breaches
https://bgr.com/2021/02/05/data-breach-email-and-passwords-leaked-compilation-of-many-breaches/
Tomi Engdahl says:
https://www.cyberscoop.com/barcode-scanner-google-play-store-adware-malwarebytes/
Tomi Engdahl says:
https://www.iflscience.com/technology/hacker-attempted-to-poison-city-water-supply-in-florida/
Tomi Engdahl says:
https://threatpost.com/ransomware-attacks-major-utilities/163687/
Tomi Engdahl says:
https://www.cyberscoop.com/fbi-emotet-dutch-takedown-cybercrime/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/malicious-script-steals-credit-card-info-stolen-by-other-hackers/
Tomi Engdahl says:
https://blog.malwarebytes.com/cybercrime/2021/02/credit-card-skimmer-piggybacks-on-magento-1-hacking-spree/
Tomi Engdahl says:
“ShareIt” Android app with over a billion downloads is a security nightmare
Trend Micro audited one of Android’s most popular file-sharing apps. It’s not good.
https://arstechnica.com/gadgets/2021/02/shareit-android-app-with-over-a-billion-downloads-is-a-security-nightmare/
Tomi Engdahl says:
Data breach warning after California DMV contractor hit by file-stealing ransomware
https://techcrunch.com/2021/02/18/california-motor-vehicles-afts-ransomware/
Tomi Engdahl says:
https://www.theaegisalliance.com/2021/02/17/north-korean-computer-programmers-charged/
Tomi Engdahl says:
Security firm Stormshield discloses data breach, theft of source code
Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.
https://www.zdnet.com/article/security-firm-stormshield-discloses-data-breach-theft-of-source-code/
Tomi Engdahl says:
https://arstechnica.com/information-technology/2021/02/solarwinds-patches-vulnerabilities-that-could-allow-full-system-control/
Tomi Engdahl says:
https://news.yahoo.com/more-than-a-single-incident-of-espionage-top-biden-cybersecurity-official-details-response-to-solar-winds-breach-193635782.html
Tomi Engdahl says:
https://www.zdnet.com/article/windows-and-linux-servers-targeted-by-new-watchdog-botnet-for-almost-two-years/
Tomi Engdahl says:
https://www.businessinsider.com/biden-official-solarwinds-attack-response-may-come-within-weeks-2021-2
Tomi Engdahl says:
Experian challenged over massive data leak in Brazil
https://www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil/
Consumer rights body criticizes explanations from the credit bureau in relation to the data exposure of over 220 million citizens.
After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and said it is likely that the incident was initiated in a corporate environment.
Procon notified the credit information multinational following the emergence of a leak that exposed the personal data of more than 220 million citizens and companies, which is being offered for sale in the dark web. Security firm PSafe discovered the incident, which exposed all manner of personal details, including information from Mosaic, a consumer segmentation model used by Serasa, Experian’s Brazilian subsidiary.
Tomi Engdahl says:
Jamaica’s immigration website exposed thousands of travelers’ data
Immigration documents and COVID-19 lab results were left unprotected
https://techcrunch.com/2021/02/17/jamaica-immigration-travelers-data-exposed/
Tomi Engdahl says:
This Website Made Clubhouse Conversations Public
A developer was streaming Clubhouse conversations directly to a website available to anyone, even people without a Clubhouse account.
https://www.vice.com/en/article/k7a9nx/this-website-made-clubhouse-conversations-public
Tomi Engdahl says:
Hacker Leaks Files from Jones Day Law Firm, Which Worked on Trump Election Challenges
“We hacked their server where they stored data, on attempts to ‘settle’ they responded with silence and we had to upload the data,” the hackers said.
https://www.vice.com/en/article/88a7jv/hacker-leaks-files-from-jones-day-law-firm-which-represented-trump-in-election-challenges
Tomi Engdahl says:
https://www.databreaches.net/threat-actors-claim-to-have-stolen-jones-day-files-law-firm-remains-quiet/
Tomi Engdahl says:
China Hijacked an NSA Hacking Tool in 2014—and Used It for Years
https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/
The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.
MORE THAN FOUR years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raised—whether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong hands—still haunts the security community. That wound has now been reopened, with evidence that Chinese hackers obtained and reused another NSA hacking tool years before the Shadow Brokers brought it to light.
On Monday, the security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Judgment Panda, had somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group, a security industry name for the highly sophisticated hackers widely understood to be a part of the NSA. According to Check Point, the Chinese group in 2014 built their own hacking tool from EpMe code that dated back to 2013. The Chinese hackers then used that tool, which Check Point has named “Jian” or “double-edged sword,” from 2015 until March 2017, when Microsoft patched the vulnerability it attacked.
That would mean APT31 had access to the tool, a “privilege escalation” exploit that would allow a hacker who already had a foothold in a victim network to gain deeper access, long before the late 2016 and early 2017 Shadow Brokers leaks.
Only in early 2017 did Lockheed Martin discover China’s use of the hacking technique. Because Lockheed has largely US customers, Check Point speculates that the hijacked hacking tool may have been used against Americans.
Tomi Engdahl says:
Ukraine accuses Russian networks of new massive cyber attacks
https://www.reuters.com/article/us-ukraine-cyber-idUSKBN2AM1VF
KYIV (Reuters) – Ukraine on Monday accused unnamed Russian internet networks of massive attacks on Ukrainian security and defence websites, but gave no details of any damage done or say who it believed was behind the assault.
Kyiv has previously accused Moscow of orchestrating large cyber attacks as part of a “hybrid war” against Ukraine, which Russia denies.
However, a statement from Ukraine’s National Security and Defence Council did not disclose who it believed organised the attacks or give any details about the effect the intrusions may have had on Ukrainian cyber security.
Tomi Engdahl says:
https://kjzz.org/content/1660988/whistleblowers-software-bug-keeping-hundreds-inmates-arizona-prisons-beyond-release
Tomi Engdahl says:
The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
https://research.checkpoint.com/2021/the-story-of-jian/
Tomi Engdahl says:
Kroger becomes latest victim of third-party software data breach
The December hack involved a file-transfer product called FTA, developed by California-based company Accellion
https://www.foxbusiness.com/technology/kroger-becomes-latest-victim-of-third-party-software-data-breach
Kroger Co. says it was among the multiple victims of a data breach involving a third-party vendor’s file-transfer service and is notifying potentially impacted customers, offering them free credit monitoring.
The Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1% of its customers were affected — specifically some using its Health and Money Services — as well as some current and former employees because a number of personnel records were apparently viewed.
Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, a California-based company, and that it was notified of the incident on Jan. 23, when it discontinued use of Accellion’s services. Companies use the file-transfer product to share large amounts of data and hefty email attachments.
Accellion has more than 3,000 customers worldwide. It has said that the affected product was 20 years old and nearing the end of its life. The company said on Feb. 1 that it had patched all known FTA vulnerabilities.
Other Accellion customers affected by the hack include the University of Colorado, Washington State’s auditor, Australia’s financial regulator, the Reserve Bank of New Zealand and the prominent U.S. law firm Jones Day.
Tomi Engdahl says:
Massive data trove from 120,000 Myanmar companies surface online in Wikileaks-style release
https://kr-asia.com/massive-data-trove-from-120000-myanmar-companies-surface-online-in-wikileaks-style-release
Tomi Engdahl says:
https://pentestmag.com/vulnerability-assessment-security-scanning-process/
Tomi Engdahl says:
Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET
Linux variant studied, dissected in detail in case you want to look out for it
https://www.theregister.com/2021/02/03/kobalos_malware/
Tomi Engdahl says:
https://gizmodo.com/what-we-know-about-the-hackers-behind-the-accellion-dat-1846316990
Tomi Engdahl says:
Airplane maker Bombardier data posted on ransomware leak site following FTA hack
Bombardier is the latest in a long string of hacks caused by companies using old versions of the Accellion FTA file-sharing server.
https://www.zdnet.com/article/airplane-maker-bombardier-data-posted-on-ransomware-leak-site-following-fta-hack/
Tomi Engdahl says:
https://techcrunch.com/2021/02/23/solarwinds-hackers-targeted-nasa-federal-aviation-administration-networks/
Tomi Engdahl says:
Hundreds of workers at cybersecurity agency vote to strike
https://www.cbc.ca/news/politics/cse-cybersecurity-strike-1.5926825
Hundreds of workers at Canada’s foreign signals intelligence agency have voted to strike — a move that comes as the threat of state-sponsored cyber attacks related to the pandemic appears to be rising.
CSE, one of Canada’s key intelligence agencies, employs about 2,900 people and is responsible for foreign intelligence and cybersecurity.
“CSE management is refusing to apply a wage increase to the portion of workers’ salaries that is made up of market allowances,” said Silas.
Tomi Engdahl says:
SIM Swappers Stole $100 Million from ‘Well-Known Influencers’ Before Getting Arrested, Authorities Say
https://therecord.media/sim-swappers-stole-100-million-from-well-known-influencers-before-getting-arrested-authorities-say/
An international law enforcement operation arrested ten suspected hackers who are accused of targeting U.S. celebrities with SIM swapping attacks that netted them $100 million in cryptocurrency.
“Well-known sports stars, musicians, and influencers” were targeted in the scheme, which involved exploiting phone service providers to deactivate a victim’s SIM and transfer the number to one owned by a member of the criminal network. This let the attackers intercept messages directed to the victims, allowing them to hijack accounts, steal money, and masquerade as the victims on social media, authorities said.
The operation was announced by Europol and consisted of law enforcement agencies from the U.S., United Kingdom, Belgium, Malta, and Canada.
Tomi Engdahl says:
The Fed’s system that allows banks to send money back and forth went down for several hours
https://www.cnbc.com/2021/02/24/the-feds-system-that-allows-banks-to-send-money-back-and-forth-is-down.html
The Federal Reserve’s system that allows financial institutions to send money back and forth electronically went down for several hours Wednesday, but appeared to be coming back online later in the afternoon.
The “operational error,” as the Fed described it, impacted multiple services, including its pivotal automated clearinghouse system, which connects depository and related institutions sending electronic credit and debt transfers.
The list of services impacted: Account Services, Central Bank, Check 21, Check Adjustments, FedACH, FedCash, FedLine Advantage, FedLine Command, FedLine Direct, FedLine Web, Fedwire Funds, Fedwire Securities and National Settlement.
The outage occurred the same week Fed Chairman Jerome Powell spoke to Capitol Hill legislators about the progress the central bank has made on its consumer-focused payments system and efforts to develop a “digital dollar.”
Tomi Engdahl says:
Federal Reserve falls over in massive hours-long tech outage, knocks down US inter-bank transfer system
Few details beyond ‘operational error’
https://www.theregister.com/AMP/2021/02/24/federal_reserve_outage/?__twitter_impression=true
The US Federal Reserve’s money-transfer systems failed on Wednesday for a number of hours, likely halting the electronic movement of billions of dollars.
Just before 1300 EST, the Fed noted it was “currently investigating a possible issue or disruption to multiple services,” and promised quick updates.
The IT outage at the United States’ central banking system effectively prevented the nation’s financial institutions from electronically sending money to each other, knackering wire transfers and deposits. The breakdown also affected a wide variety of services,
Tomi Engdahl says:
Entire Federal Reserve payment system CRASHES due to ‘operational error’ freezing $3trillion in daily transactions including paychecks, tax refunds and bill payments
https://trib.al/KYQKbsE
All Federal Reserve settlement services suffered disruptions on Wednesday
The key banking systems were offline for more than three hours
Fed says that the massive outage was caused by an ‘operational error’
Systems affected form the backbone of US banking and financial sector
Fedwire is used by banks to transfer an average of $3.3 trillion every day
FedACH handles smaller transactions such as paychecks and tax refunds
Tomi Engdahl says:
Federal Reserve Financial-Services Systems Disrupted for Hour
https://www.wsj.com/articles/federal-reserve-reports-several-business-lines-disrupted-by-operational-error-11614194912
Treasury sees no sign of cyberattack behind interruptions of electronic-payments services to business and government clients