Microsoft resellers seen as Russian cyberattack mules

Evidence from the security firm CrowdStrike suggests that companies that sell software on behalf of Microsoft were used to break into Microsoft’s Office 365 customers and deploy the malware that formed part of the infamous and ongoing hack and breach that has affected the highest levels of the US Government as well as many high profile organizations. “Because of the existing trust relationship, they became weakest point in the supply chain,” said Glenn Chisholm, a founder of cybersecurity firm Obsidian. Cybersecurity experts quoted by the New York Times summed up the problem by saying, “Companies can track phishing attacks and malware all they want, but as long as they are blindly trusting vendors and cloud services and giving them broad access to employee email and corporate networks, they will never be secure.”

(New York Times)

GoDaddy employees fail holiday bonus phishing test

A December 14 email to GoDaddy employees promised a $650 stressful year holiday bonus. The five hundred employees who clicked on the button as required, received a follow-up email two days later that stated they had failed a phishing test and will need to retake the Security Awareness Social Engineering training. GoDaddy is the world’s largest domain registrar and web-hosting company. Earlier this year, Forbes reported that 28,000 GoDaddy customers were impacted after a data breach compromised their account usernames and passwords.

(The Copper Courier)

SolarWinds releases updated advisory for new SUPERNOVA malware

The advisory covers the additional Supernova malware discovered to have been distributed through the company’s network management platform. Both Microsoft and Palo Alto believe that this additional malware is not associated with the group that deployed the SUNBURST trojan as part of the SolarWinds initial supply chain attack. The update shares details about the malicious .dll file and the vulnerability within the Orion platform and is available at the Solarwinds.com website.

(Bleeping Computer)

Pandemic lockdown created a surge in laptop and phone sales

Remote learning and work from home have pushed sales to levels not seen since the iPhone debuted in 2007, straining the supply chain to a point that Acer Computers is now using planes in place of trains and ships to deliver its products in order to shave a month off delivery times. Some analysts expect 2020 will close at about 300 million shipments of desktop and laptop PCs, up roughly 15% from a year ago. Tablets are experiencing even faster growth. The surge in demand caused by the coronavirus is being met by the challenge to components manufacturers that are closed or locked down due to the same virus. Additional demand is being fueled by the need for better cameras and the switch to 5G.

(Reuters)

Thanks to our episode sponsor, ReversingLabs

Less than thirty percent of organizations have a formal threat hunting program, yet threat hunting has shown to improve overall security postures by over ten percent. What actions are you taking to upskill your security staff and bring threat hunting practices into your daily security practices? Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo.

Windows zero-day patch from last June didn’t stick 

In May 2020 Microsoft identified a Windows operating system vulnerability that enabled attackers to increase their permissions to kernel level on a compromised machine. A patch was released in June, but Google Project Zero researcher Maddie Stone, using publicly available proof-of-concept code has shown that it was not effective since it deflected rather than defeated the vulnerability. Microsoft has stated a new patch would not be available before January 6.

(Bleeping Computer)

Apple suffers Christmas Day surge outage

A rush of activations of new Apple products, including iPhones, iPads and watches caused an overload in iCloud and Apple ID sign-in, resulting in customers being temporarily unable to register their new devices. The issues were marked as resolved by 2 p.m. Pacific time on December 26. No specifics were given by Apple about how widespread the problems might have been, only that “some users were affected.”

(CNET)

Twitter to wipe Trump’s followers before Biden handover

The official presidential Twitter account, @POTUS, will be refreshed when it is handed over to President-Elect Joe Biden in January. This means all followers of the current account will be archived and notified of their optionto re-follow. Mr. Biden’s team apparently fought this plan, but Twitter stated its decision was “unequivocal.” This marks a reversal from the last transition when Twitter agreed to Donald Trump’s 2016 request to inherit Barack Obama’s millions of followers.

(BBC)

DHS warns US businesses of China’s data-collection practices

A 15-page “business advisory” released last Tuesday by DHS cautions that Chinese intelligence services could collect and exploit data held by U.S. firms doing business in China, highlighting longstanding concerns from U.S. officials. Chinese law requires Chinese businesses and citizens to take actions related to the collection, transmission and storage of data, and these run counter to principles of U.S. and international law and policy,” DHS said in a press release. The department urged U.S. firms to “minimize the amount of at-risk data being stored and used” in China, or in places accessible to Chinese authorities.

(Cyberscoop)