SolarWinds attack launched from within the US
This finding comes from a briefing given by Deputy National Security Advisor Anne Neuberger. Although not identifying specific victims, Neuberger also said that nine federal agencies and about 100 private-sector companies were compromised. She also cautioned that the investigation is still in the early stages, with the US origin of the attack making it harder to detect due to laws limiting domestic surveillance. Bloomberg’s sources in the White House say that officials still believe Russia to be responsible for the hack.
Facebook restricts Australian news sharing
The social network is now blocking users from viewing or sharing Australian news due to a proposed law that would require Facebook to pay publishers for links to content. Facebook says the impact of news content on its platform is minimal, making up less than 4% of News Feed content. Australian publishers can’t post content to their pages, Australian users are blocked from sharing news content, and international publishers will be able to post news content but links and posts can’t be shared by an Australian audience.
Security researcher finds native Apple Silicon malware
Security researcher Patrick Wardle detailed the malware in a new blog post, an adware Safari extension that looks to be an updated version of an app calling itself GoSearch22, a new fork of the infamous Pirrit adware. This is designed to collect browser information and displays pop-ups, coupons, and banners for ads. This adware is being found in the wild and has been uploaded to VirusTotal. Wardle noted that many antivirus engines are not ready for this new malware, with only 15% detecting it in his tests.
Hacker claims to have stolen documents from Jones Day law firm
In response, Jones Day said that it’s internal systems have not been breached, pointing instead to a file-sharing company it uses that was recently compromised with information stolen. The firm is in contact with authorities and any impacted clients. The hacker published a few documents on the dark web, and claims to have over 100GB from Jones Day. Documents from the hack seen by the Wall Street Journal seem to indicate this was related to a breach at the file-sharing company Accellion, rather than a direct breach.
Thanks to our episode sponsor, Kenna Security
YouTube removes thousands of channels tied to coordinated influence operations
The video hosting site said it removed 2946 channels tied to separate state-back operations originating from China and Russia. According to Google’s Threat Analysis Group, the vast majority of these were tied to Chinese operations, with most uploading “spammy content in Chinese about music, entertainment and lifestyle,” but did include some videos on the “US response to COVID-19 and growing US political divisions.”
Edge to roll out adaptive notification requests
Microsoft plans to roll out the new feature to Edge 88, which uses crowdsourced data on what website notifications users typically allow to limit the number of pop-ups shown in the browser. This will automatically “quiet” notifications the vast majority of Edge users have declined, and users can also choose to “quiet” all website notifications by default. Notification on a site will also be automatically quieted if a user simply ignores the notification window and keeps interacting with the site. Adaptive notification requests can also be disabled entirely if you really like declining website notifications manually.
DOJ charges three North Korean hackers
The newly unsealed charges from the Justice Department accuse the three of conspiring to steal and extort more than $1.3 billion in cash and cryptocurrency from businesses globally. This builds on 2018 charges brought against one of the hackers in connection with the 2014 cyberattack on Sony Pictures Entertainment. The accused work for North Korea’s Reconnaissance General Bureau which is also believed to house the Lazarus Group and APT38. Charges include attempting to steal $1.2 billion from Maltese banks in 2019, hacking cryptocurrency exchanges, and creating the WannaCry ransomware.
Kia Motors America hit with ransomware
The attack comes from the DoppelPaymer ransomware gang, who are demanding 404 Bitcoins, currently worth about $20 million, to decrypt data and not leak exfiltrated files. This resulted in a nationwide outage for Kia Motors in the US, impacting the mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships. The attackers claim that a “huge amount” of data was stolen from Kia, threatening to release it in 2-3 weeks if payment is not received.