Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 12-23-2020

New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software. The webshell is a trojanized variant of a legitimate .NET library (app_web_logoimagehandler.ashx.b6031896.dll) present in the Orion software from SolarWinds, modified in a way that would allow it to evade automated defense mechanisms.
https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/
 
SolarWinds victims revealed after cracking the Sunburst malware DGA
By decoding this list of subdomains generated by the malware's domain generation algorithm (DGA), TrueSec and other security firms including QiAnXin RedDrip, Kaspersky, and Prevasio, were able to find many well-known organizations that have already or may disclose targeted attacks later on. [...] "We have decoded the DGA parts of the requests to identify internal domain names of compromised organizations, correlated that with the responses received from the threat actor server, and mapped them with the hardcoded list of IP ranges in the backdoor code[.]"
https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/
 
CyberMDX Research Team Discovers Critical Vulnerabilities in Dell Wyse Thin Client Devices
Both vulnerabilities were given CVSS scores of 10/10, reflecting the most critical severities. The first vulnerability, CVE-2020-29491 enables the user to access the configuration server and read configurations belonging to other clients. The configuration may include sensitive data including potential passwords and account information that could later be used to compromise the device.
https://www.prnewswire.com/news-releases/cybermdx-research-team-discovers-critical-vulnerabilities-in-dell-wyse-thin-client-devices-301196881.html
 
HEALTHCARE.GOV BREACH RESULTS IN PRISON TIME FOR HACKER
Defiore was able to gain access by leveraging his position as a seasonal employee at Centers for Medicare & Medicaid Services (CMS), namely in the Louisiana city of Bogalusa, to illegally access and steal personal data from the healthcare.gov database. In total, Defiore was able to access personal data of over 8,000 individuals in the database.
http://techgenix.com/healthcare-gov-breach/
 
Physical addresses of 270K Ledger owners leaked on hacker forum
A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows.
https://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/
 
Reflections on the SolarWinds Breach
How will the U.S. government respond to the SolarWinds hack? Predictably, many politicians are already describing this breach as an act of war against the United States. [...] What about imposing costs in cyberspace? U.S. leaders, in response to such incidents, typically miss the fact that the U.S. is already imposing costs in cyberspace on its adversaries. Those costs, from the adversary’s perspective, are considerable. The U.S. has conducted and continues to conduct a host of activities in cyberspace against other nations that, were they done to the U.S., would prompt outrage and anger. 
https://www.lawfareblog.com/reflections-solarwinds-breach
 
Hackers believed to have stolen Treasury Department's encryption keys, says Sen. Ron Wyden
"Finally, after years of government officials advocating for encryption backdoors, and ignoring warnings from cybersecurity experts who said that encryption keys become irresistible targets for hackers, the [US government] has now suffered a breach that seems to involve skilled hackers stealing encryption keys from USG servers," Wyden said.
https://www.businessinsider.com/hackers-seem-to-have-stolen-treasury-departments-encryption-keys-2020-12
 
Marine Corps builds tactical cyber force to help with growing threats
On the offensive side, the Marine Corps Forces Cyberspace Command — the service cyber component to Cyber Command — is sharing its knowledge with Marines who work in the field, training them to use computer systems and access certain capabilities to achieve their missions. Defensively, MARFORCYBER is aligning its specialized defensive cyber teams to specific Marine Expeditionary Forces, while also working to translate cyber threats to the fleet.
https://www.c4isrnet.com/cyber/2020/12/21/marine-corps-builds-tactical-cyber-force-to-help-with-growing-threats/
 
Exclusive: Leonardo hack targeted military plane details, arrest warrant shows
In the arrest warrant for preliminary investigations against the two men, the judge cited several possible reasons behind the hacking. These included “the use of data for industrial andcommercial purposes, blackmail and military espionage activitiesor simply the intention to damage the image of the company bydemonstrating ... its organisational and IT vulnerability.”
https://www.reuters.com/article/us-leonardo-espionage-exclusive/exclusive-leonardo-hack-targeted-military-plane-details-arrest-warrant-shows-idUSKBN28W296
 
Can Biden whack Russia for its latest big hack?
Foreign policy experts cautioned that it will be difficult for the U.S. to calibrate an appropriate response to an espionage campaign that hasn’t resulted in loss of life or shut down critical infrastructure. The Russians’ motivations have yet to be determined, and a disproportionate reaction by the U.S. could be risky considering how extensively the intelligence community itself relies on cyberespionage for intelligence collection on foreign adversaries.
https://www.politico.com/news/2020/12/21/biden-russia-hack-449762
 
The SolarWinds Compromise and the Strategic Challenge of the Information and Communications Technology Supply Chain
Securing the ICT supply chain will be a significant undertaking, requiring large-scale investment and dedicated attention over multiple administrations. Moreover, it is nearly impossible to secure every link in the supply chain. The U.S. should therefore expect that there will continue to be critical supply chain compromises. Moreover, supply chain cybersecurity is only one element of supply chain risk. Adversaries will seek to leverage U.S. dependence on materials and technologies as bargaining chips during a crisis or as part of coercive diplomacy.
https://www.cfr.org/blog/solarwinds-compromise-and-strategic-challenge-information-and-communications-technology-supply
 
Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App [Subscription]
Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted app considered safe from external snooping, it claimed in a blog post on Thursday. Meanwhile, a U.S. report revealed Friday that American school districts have also bought the firm’s technology. Cellebrite’s phone-hacking technology is intended for law enforcement agencies and is sold across the world. However, critics have long slammed the company for selling its wares to states with poor human rights records, from Indonesia and Venezuela to Belarus and Saudi Arabia.
https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581
 
Cyber Mercenaries Don’t Deserve Immunity
The expansion of sovereign immunity that NSO seeks would further encourage the burgeoning cyber-surveillance industry to develop, sell and use tools to exploit vulnerabilities in violation of U.S. law. Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve.
https://blogs.microsoft.com/on-the-issues/2020/12/21/cyber-immunity-nso/
 
Safe-Inet: VPN service for cybercriminals taken down in law enforcement bust
The Safe-Inet service was shut down and its infrastructure seized in Germany, the Netherlands, Switzerland, France, and the US. Servers maintained by Safe-Inet offered ‘bullet-proof’ hosting, allowing crooks to host phishing pages, ransomware drop sites and the like while ignoring complaints, alongside VPN services. The servers were taken down, and a splash page put together by law enforcement was published after Safe-Inet’s internet domain was seized as part of Operation Nova.
https://portswigger.net/daily-swig/safe-inet-vpn-service-for-cybercriminals-taken-down-in-law-enforcement-bust
 
Zero-click iOS zero-day found deployed against Al Jazeera employees
Citizen Lab, a cybersecurity and human rights abuse research group at the University of Toronto, said the zero-day was part of an exploit chain named Kismet that was created and sold by NSO Group, a well-known vendor of spyware and surveillance products. Researchers claim NSO sold the Kismet hacking tool to at least four entities, who used it in July and August 2020 to hack the personal iPhones of 36 Al Jazeera reports from all over the globe.
https://www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/#ftag=RSSbaffb68
 
Servers of Carding Site "Joker's Stash" Seized by Law Enforcement
What the two law enforcement agencies apparently managed to do was to seize proxy servers that were used in connection with the Joker’s Stash blockchain domains. [...] The representatives of the carding site also revealed that they were working on creating new servers to move the site to, promising the marketplace would be completely functional within days. The Tor versions of the portal were not affected by seizure.
https://www.securityweek.com/servers-carding-site-jokers-stash-seized-law-enforcement
 
Prepare to Fight Upcoming Cyber-Threat Innovations
For instance, connected smart devices using 5G at the network edge contain incredible intelligence and power. If cybercriminals used that intelligence and power for attacks, they could create a new wave of attacks that could severely drain the compute resources of legacy security systems. Unfortunately, other types of attacks are cresting the horizon that will target developments in computing performance and innovation in telecommunications, specifically for cybercriminal gain.
https://www.darkreading.com/vulnerabilities---threats/prepare-to-fight-upcoming-cyber-threat-innovations/a/d-id/1339592
 
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from hardcoded credentials, authentication issues and devices shipping with unpatched and longstanding critical bugs.
https://threatpost.com/smart-doorbell-vulnerable-to-attack/162527/
 
'Best tech employer of the year' threatened trainee with £15k penalty fee for quitting to look after his sick mum
Sparta Global's contempt for Mr Ofonagoro also stretched to the legal process. Mr Ofonagoro's solicitors asked for legal disclosure of documents for the employment tribunal. The company "did not provide a substantive response to that letter". Instead it hired notorious London attack dog Mishcon de Reya, which tried to have the case struck out.
https://www.theregister.com/2020/12/21/sparta_global_employment_tribunal/

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe