Microsoft seizes SolarWinds domain – quarantine starts today
The move was made to seize and sinkhole the avsvmcloud[.]com domain that played a central role in the SolarWinds hack. The domain served as command and control server for malware that was delivered to around 18,000 SolarWinds customers via a trojanized update for the company’s Orion app. These actions are described as “protective work” done to prevent the threat actor behind the SolarWinds hack from delivering new orders to other infected computers. It will also help in building a list of all infected victims, and notifying affected companies and government agencies including those where the SUNBURST malware is lying dormant.
Due to the threat posed by this trojanized software, Microsoft has announced that starting today, December 16th, at 8:00 AM PST, Microsoft Defender will begin to quarantine compromised SolarWinds binaries.
Twitter will use Amazon Web Services to power user feeds
Twitter has long relied on its own data centers to store and show text, photos and videos, but under a multiyear deal announced Tuesday, Twitter will use the Amazon unit to provide global cloud infrastructure to deliver Twitter timelines, supplementing the social media company’s own computing capacity. The companies didn’t disclose financial terms of the deal.
Data breach at Canadian financial services firm highlights perils of insider threats
On Monday, the Canadian Privacy Commissioner released a Government report that stated the incident at Quebec-based Desjardins was caused by a series of gaps in administrative and technological safeguards that allowed employees to copy and exfiltrate sensitive personal information. It also stated that “While these practices violated the financial institution’s policies, the technological measures in place to prevent these situations were lacking at the time of the breach.” The breach lasted for two years and affected 9.7 million customers.
Adobe confirms death of Flash, recommends deletion
Adobe will no longer support the software after December 31 of this year, and will actively block Flash content from running inside Flash Player from January 12. The application, which was eclipsed in recent years by HTML5, WebGL and WebAssembly was also popular with hackers who exploited its many security holes, while fake Flash updates messages were a favorite tool for malware downloads. Adobe recommends users uninstall Flash completely as the code, being no longer managed or updated could become a convenient launch point for cybercriminals.
Thanks to our episode sponsor, ReversingLabs
Millions of medical scans exposed online, with some servers laced with malware
Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone, with no security protections at all. Digital risk protection company CybelAngel states it was able to make this discovery without using any hacking tools, and points out that they were not the first to have a look at these servers. Some of the servers included malicious scripts, which they state is common and usually done through automation scripts, especially to install Bitcoin (or similar) miners.
AWS launches CloudShell, a web-based shell for command-line access
This new, fully featured web-based shell environment, based on Amazon Linux 2, for developers who want to use command-line tools and scripts inside the AWS Console. When users start a new CloudShell session, it will automatically be pre-configured to have the same API permissions as your user in the AWS Console. AWS competitors Google Cloud Platform and Microsoft Azure already offer similar services and Google also calls it Cloud Shell, but with a space between the two words.
Facebook to move UK users to US terms, avoiding EU privacy laws
The change takes effect next year and follows a similar move announced in February by Google. Those companies and others have European head offices in Dublin, and the UK’s exit from the EU will change its legal relationship with Ireland, which remains in the Union. Facebook states there will be no change to the privacy controls or the services Facebook offers to people in the UK, said, however industry observers note that US tech regulations will likely remain more industry-friendly than those in the UK.
Walmart will use fully driverless trucks to make deliveries in 2021
Walmart has been working with a startup called Gatik on a delivery pilot for 18 months. Since last year, those trucks have been operating on a two-mile route between a “dark store” (a store that stocks items for fulfillment but isn’t open to the public) and a nearby Neighborhood Market in Bentonville, Arkansas. Since then, the vehicles have racked up 70,000 miles in autonomous mode with a safety driver. Next year, the two companies plan on taking their partnership to the next level by removing the safety driver from their autonomous box trucks.