Cyber Security Headlines – November 30, 2020

Biden transition team forced to build its own cybersecurity protections

The Trump administration is blocking many of the transition-related resources usually provided to a president-elect, including government email accounts, despite concerns that the team is likely a top espionage target for Russia, China, and other adversaries. Frozen out of the government network, the Biden transition team is relying on a standard, paid Google Workspace network, according to people familiar with the matter and a review of publicly available internet registration records associated with the team’s email domain.

(Wall Street Journal)

China owns the lion’s share of internet cross-border data flow

China now accounts for 23 percent of all cross-border data flows, nearly twice the share of the U.S., which ranks at 12 percent, according to a report from Japanese news outlet Nikkei Asia. This information dominance comes from Beijing’s connections with the rest of Asia through its Belt and Road infrastructure. Just one example of the implications of this shift is the rise of Gitee, a Chinese competitor to GitHub, where Chinese programmers now share their knowledge and talent due to worries over the deepening U.S./China data rift.

(Nikkei Asia)

U.S. Supreme Court to rule on hacking laws

Opening arguments will commence today in a case that could lead to sweeping changes to America’s computer hacking laws. The Computer Fraud and Abuse Act (CFAA) was signed into federal law in 1986 and still governs hacking to this day. The center of the case focuses on a Georgia police officer who used his access to a police license plate database to search for an acquaintance in exchange for cash, but the Supreme Court’s opinion in this case could decide whether millions of ordinary Americans are committing a federal crime whenever they engage in “unauthorized” computer activities that do not comport with an online service or employer’s terms of use.

(TechCrunch)

Critical flaw in industrial automation systems opens to remote hack potential

Experts have found a flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 on the CVSS scale and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. A CISA bulletin states that this vulnerability could cause a denial-of-service condition, and remote code execution in industrial automation systems.

(Security Affairs)

Thanks to our episode sponsor, SecureLayer7

Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots.
SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net

North Korean hackers allegedly used social engineering to attack AstraZeneca

According to Reuters, North Korea-linked hackers posed as recruiters on popular social network platforms and instant messaging applications, including LinkedIn and WhatsApp, to approach AstraZeneca employees with fake job offers. They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to the victim’s computer. The attribution to North Korea is based on the analysis of tools and techniques that were used in the attack.

(Security Affairs)

Privacy advocates displeased with Microsoft’s productivity score feature

A new feature built into Microsoft 365 that analyzes workplace events is being seen by industry watchers as a “full-fledged workplace surveillance tool.” The software allegedly allows employers to dig into employee activities, checking the usage of email versus Teams and looking into email threads with @mentions. Although Microsoft representatives state that no personally identifiable information is recorded, they did concede that there could be granularity down to the individual level.

(The Register)

E-mail accounts of hundreds of C-level executives for sale

The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, and purportedly contains email and password combinations for Office 365 and Microsoft accounts, for various high level executives. Each account is selling for between $100 to $1,500, depending on the company size and user’s role. ZDNet has confirmed the validity of a random sampling of the accounts. It is believed the data was obtained from computers infected with the AzorUlt info-stealer trojan.

(ZDNet)

Pennsylvania county pays 500K ransom to DoppelPaymer ransomware

Delaware County, Pennsylvania, paid the ransom after their systems were hit last weekend. The County stated that the Bureau of Elections and the County’s Emergency Services Department were not affected, but that the ransomware operators gained access to networks containing police reports, payroll, purchasing, and other databases. After having been paid, the ransomware gang advised Delaware County to change all of their passwords and modify their Windows domain configuration to include safeguards from the Mimikatz program, an open-source application commonly used by ransomware gangs to harvest Windows domain credentials on compromised networks.(Bleeping Computer)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.