HomePodcastCyber Security HeadlinesCyber Security Headlines – February 03, 2021

Cyber Security Headlines – February 03, 2021

Another SolarWinds vulnerability used to hack National Finance Center

Reuter’s sources say suspected Chinese threat actors used a novel SolarWinds Orion vulnerability to break into the federal payroll agency. Security researchers had previously warned that a separate group of attackers than the ones behind the SolarWinds supply-chain attack had been exploiting the company’s software, but the alleged origin or target had not previously been known. SolarWinds said it was aware of one group that had exploited the flaw, but that they had not accessed any of SolarWinds’ internal systems, and issued a patch in December. It’s unknown what if any data the attackers were able to exfiltrate from the NFC. 

(Reuters)

SonicWall confirms actively exploited zero-day

The company issued a security advisory on a critical vulnerability for its Secure Mobile Access 100 series. This followed a report on the zero-day from security researchers at NCC Group, which found the exploit under active exploitation by “highly sophisticated threat actors.” A patch was scheduled for release on February 2nd. Neither NCC nor SonicWall provided any details about the exploit. It’s unknown if this is related to the larger hack campaign involving SolarWinds, which has targeted other prominent network security companies in recent weeks. 

(Ars Technica)

Microsoft Defender now detects macOS vulnerabilities

Microsoft announced the new feature for Defender for Endpoint, which lets admins discover OS and software vulnerabilities affecting macOS devices on their organization’s network. This will treat onboarded macOS devices similarly to Windows, providing the latest security recommendations, review recently discovered vulnerabilities in installed applications, and issue remediation tasks. Microsoft also released public previews of Windows 8.1 device support for Defender and email notifications for vulnerability events.

(Bleeping Computer)

Ransomware gangs made at least $350 million in 2020

This comes from the latest analyst report from Chainalysis, compiled by tracking transactions to blockchain addresses linked to ransomware attacks. The analyst admit this is probably a lower end estimate given not all organizations report attacks. Ransomware accounted for 7% of all cryptocurrency-based crime, and was up 311% from Chainalysis’ 2019 report. Ryuk, Maze , Doppelpaymer, Netwalker, Conti, and REvil were the estimated top earning gangs. 

(ZDNet)

Thanks to our episode sponsor HID Global

Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa

Social media oversharing is a security problem

According to a survey by the email security company Tessian, over half of British and American office workers share names and photos of their children on public accounts, with 72% sharing birthdays and 81% sharing employment details. Less than half had restricted Facebook profiles and 32% said they used private Instagram profiles. 42% of respondents said they post content daily. While oversharing might seemingly only annoy your friends, it also provides ample fodder for social engineering attacks, with birthdays being commonly used in passwords and other authentication, and employment changes opening the door to phishing attacks. 

(InfoSecurity Magazine)

Wikimedia Foundation publishes its first code of conduct

According to the Foundation’s board of trustees chair María Sefidari, the code was created to help create a more inclusive environment for Wikipedia. The code was created in consultation with 1,500 Wikipedia volunteers from five continents and 30 languages. It formally bans harassment on and off the site, including threats of violence or so-called “hounding” editors by critiquing their work across various articles. It also bans deliberately introducing false or biased information into content. The Foundation will next work on enforcement within its communities, providing training and organizing task-forces of users. 

(Reuters)

The Babyk ransomware gang has some notable exceptions for encryption

The ransomware double-extortion scheme has become commonplace, with ransomware gangs charging once to decrypt files and demanding a second payment to not leak exfiltrated data. The Babyk ransomware gang recently published a site for its data leaks, previously using hacker forums for the purpose, and outlined a number of organizations that would not be “audited” with their encryption. This includes fairly typical exceptions like hospitals, businesses with under $4 million in revenue, smaller schools, and nonprofits. However the Babyk operators specifically state that this does not include “foundations who help LGBT and BLM.” Bleeping Computer says this is the first time its seen social considerations specifically called out by a ransomware gang. 

(Bleeping Computer)

Paying a ransom is not enough

The UK’s National Cyber Security Centre published a cautionary tale of how not to handle a ransomware attack. The post details an organization who agreed to pay millions in bitcoin to decrypt their data, but failed to analyse how cyber criminals infiltrated the network in the first place. To no one’s surprise, the ransomware operators re-deployed their attack using the exact same mechanisms. The NSCS points out that “the real problem is that ransomware is often just a visible symptom of a more serious network intrusion that may have persisted for days, and possibly longer.” It’s unclear how many resume-generating events this second attack caused in the organization.  

(ZDNet)

Jeff Bezos steps down as Amazon CEO

The Amazon founder and CEO said during the company’s earnings call that he will step down as CEO sometime this summer. Chief executive of Amazon Web Services Andy Jassy will be promoted to fill the role at the start of Q3. Jassy has been at Amazon since 1997. Bezos will remain with the company as executive chairman. 

(NYTimes)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.
RELATED ARTICLES

Most Popular