Biden transition team forced to build its own cybersecurity protections
The Trump administration is blocking many of the transition-related resources usually provided to a president-elect, including government email accounts, despite concerns that the team is likely a top espionage target for Russia, China, and other adversaries. Frozen out of the government network, the Biden transition team is relying on a standard, paid Google Workspace network, according to people familiar with the matter and a review of publicly available internet registration records associated with the team’s email domain.
China owns the lion’s share of internet cross-border data flow
China now accounts for 23 percent of all cross-border data flows, nearly twice the share of the U.S., which ranks at 12 percent, according to a report from Japanese news outlet Nikkei Asia. This information dominance comes from Beijing’s connections with the rest of Asia through its Belt and Road infrastructure. Just one example of the implications of this shift is the rise of Gitee, a Chinese competitor to GitHub, where Chinese programmers now share their knowledge and talent due to worries over the deepening U.S./China data rift.
U.S. Supreme Court to rule on hacking laws
Opening arguments will commence today in a case that could lead to sweeping changes to America’s computer hacking laws. The Computer Fraud and Abuse Act (CFAA) was signed into federal law in 1986 and still governs hacking to this day. The center of the case focuses on a Georgia police officer who used his access to a police license plate database to search for an acquaintance in exchange for cash, but the Supreme Court’s opinion in this case could decide whether millions of ordinary Americans are committing a federal crime whenever they engage in “unauthorized” computer activities that do not comport with an online service or employer’s terms of use.
Critical flaw in industrial automation systems opens to remote hack potential
Experts have found a flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 on the CVSS scale and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. A CISA bulletin states that this vulnerability could cause a denial-of-service condition, and remote code execution in industrial automation systems.
Thanks to our episode sponsor, SecureLayer7
North Korean hackers allegedly used social engineering to attack AstraZeneca
According to Reuters, North Korea-linked hackers posed as recruiters on popular social network platforms and instant messaging applications, including LinkedIn and WhatsApp, to approach AstraZeneca employees with fake job offers. They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to the victim’s computer. The attribution to North Korea is based on the analysis of tools and techniques that were used in the attack.
Privacy advocates displeased with Microsoft’s productivity score feature
A new feature built into Microsoft 365 that analyzes workplace events is being seen by industry watchers as a “full-fledged workplace surveillance tool.” The software allegedly allows employers to dig into employee activities, checking the usage of email versus Teams and looking into email threads with @mentions. Although Microsoft representatives state that no personally identifiable information is recorded, they did concede that there could be granularity down to the individual level.
E-mail accounts of hundreds of C-level executives for sale
The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, and purportedly contains email and password combinations for Office 365 and Microsoft accounts, for various high level executives. Each account is selling for between $100 to $1,500, depending on the company size and user’s role. ZDNet has confirmed the validity of a random sampling of the accounts. It is believed the data was obtained from computers infected with the AzorUlt info-stealer trojan.
(ZDNet)
Pennsylvania county pays 500K ransom to DoppelPaymer ransomware
Delaware County, Pennsylvania, paid the ransom after their systems were hit last weekend. The County stated that the Bureau of Elections and the County’s Emergency Services Department were not affected, but that the ransomware operators gained access to networks containing police reports, payroll, purchasing, and other databases. After having been paid, the ransomware gang advised Delaware County to change all of their passwords and modify their Windows domain configuration to include safeguards from the Mimikatz program, an open-source application commonly used by ransomware gangs to harvest Windows domain credentials on compromised networks.(Bleeping Computer)