For this episode of the Transatlantic Cable podcast, Dave and I welcome back Maria Namestnikova and Marco Preuss from the company’s Global Research and Analysis Team. During our 30-plus minute conversation, we discuss how the fallout from COVID-19 will affect the world in 2021 — and it goes way beyond show more ...
wondering when we can hop back onto airplanes. We also examine the concept of global citizens and transparent travelers.
A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, show more ...
KrebsOnSecurity has learned. Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code being pushed to nearly 18,000 customers of its Orion platform. Many U.S. federal agencies and Fortune 500 firms use(d) Orion to monitor the health of their IT networks. On Dec. 13, cyber incident response firm FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. FireEye said hacked networks were seen communicating with a malicious domain name — avsvmcloud[.]com — one of several domains the attackers had set up to control affected systems. As first reported here on Tuesday, there were signs over the past few days that control over the domain had been transferred to Microsoft. Asked about the changeover, Microsoft referred questions to FireEye and to GoDaddy, the current domain name registrar for the malicious site. Today, FireEye responded that the domain seizure was part of a collaborative effort to prevent networks that may have been affected by the compromised SolarWinds software update from communicating with the attackers. What’s more, the company said the domain was reconfigured to act as a “killswitch” that would prevent the malware from continuing to operate in some circumstances. “SUNBURST is the malware that was distributed through SolarWinds software,” FireEye said in a statement shared with KrebsOnSecurity. “As part of FireEye’s analysis of SUNBURST, we identified a killswitch that would prevent SUNBURST from continuing to operate.” The statement continues: “Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware would terminate itself and prevent further execution. FireEye collaborated with GoDaddy and Microsoft to deactivate SUNBURST infections.” “This killswitch will affect new and previous SUNBURST infections by disabling SUNBURST deployments that are still beaconing to avsvmcloud[.]com. However, in the intrusions FireEye has seen, this actor moved quickly to establish additional persistent mechanisms to access to victim networks beyond the SUNBURST backdoor. This killswitch will not remove the actor from victim networks where they have established other backdoors. However, it will make it more difficult to for the actor to leverage the previously distributed versions of SUNBURST.” It is likely that given their visibility into and control over the malicious domain, Microsoft, FireEye, GoDaddy and others now have a decent idea which companies may still be struggling with SUNBURST infections. The killswitch revelations came as security researchers said they’d made progress in decoding SUNBURST’s obfuscated communications methods. Chinese cybersecurity firm RedDrip Team published their findings on Github, saying its decoder tool had identified nearly a hundred suspected victims of the SolarWinds/Orion breach, including universities, governments and high tech companies. Meanwhile, the potential legal fallout for SolarWinds in the wake of this breach continues to worsen. The Washington Post reported Tuesday that top investors in SolarWinds sold millions of dollars in stock in the days before the intrusion was revealed. SolarWinds’s stock price has fallen more than 20 percent in the past few days. The Post cited former enforcement officials at the U.S. Securities and Exchange Commission (SEC) saying the sales were likely to prompt an insider trading investigation.
An in-depth analysis of Bitdefender’s Digital Identity Protection community has uncovered an alarming rate of exposure of users' personal data over the past eight months.
The Firefox and Chrome bug in question (CVE-2020-16042) is still not fully described by either browser maker, and is only listed as a memory bug which is believed to be a critical severity flaw.
Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said.
Both business and security leaders are allowing massive insider risk problems to fester in the aftermath of the significant shift to remote work in the past year, according to a Code42 report.
GDPR was enacted in 2018, but the Twitter case is the first using a new dispute resolution system under which one lead national regulator makes a decision before consulting with other EU regulators.
Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it might be used to infect computers running Linux and macOS.
In a letter dated December 8, Sonoma Valley Hospital told patients that it was one of several American healthcare providers victimized two months ago in a wide-sweeping ransomware campaign.
A vast majority of operational technology (OT) devices affected by the Urgent/11 vulnerabilities and many devices impacted by the CDPwn flaws remain unpatched, IoT security firm Armis reported.
Microsoft announced today plans to start forcibly blocking and isolating versions of the SolarWinds Orion app that are known to have contained the Solorigate (SUNBURST) malware.
At the beginning of the month, the City of Independence, Missouri, suffered a ransomware attack that forced them to shut down their IT system as they recovered from the attack.
The music streaming giant said in a customer data breach notification sent to the California attorney general that the privacy snafu was only discovered and fixed after seven months.
In contrast to conventional national security thinking, such skirmishes in the cyber world call for a new strategic outlook, according to a new paper co-authored by an MIT professor.
Agent Tesla first came into the scene in 2014, specializing in keylogging (designed to record keystrokes made by a user in order to exfiltrate data like credentials and more) and data-stealing.
Facebook said Tuesday that it had removed two networks based in Russia and one linked to the French military, accusing them of carrying out interference campaigns in Africa.
Named Goontact, this mobile malware has the ability to collect from infected victims data such as phone identifiers, contacts, SMS messages, photos, and location information.
Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, Bugcrowd, with critical issue reports recording a 65% jump.
The scale of this fraud operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices.
Cybersecurity capabilities must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
Researchers at Kaspersky discovered an average of 360,000 new malicious files every day over the past 12 months – 18,000 more per day than the previous year, an increase of 5.2 percent.
Experts from IoT security firm Sternum discovered flaws discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device.
The vulnerabilities in the default password settings as well as arbitrary code execution affect the Verifone VX520 and Verifone MX series and the Ingenico Telium 2 series.
Some of the world’s biggest private equity firms, including Blackstone Group, Silver Lake Partners, and Thoma Bravo, own major stakes in software firms that were breached by suspected Russian hackers.
Vinoth Kumar, a security researcher, claimed on Tuesday he had made such a report to SolarWinds last November, warning that it could be used to upload files to the server.
Using this attack technique, after compromising a network, an attacker can extract password hashes to bypass and forge credentials for other systems on the same network.
Insertion of an obfuscated DNA could create dangerous substances, including synthetic viruses or toxic material, that the software designed to implement the screening guidelines would not be able to detect.
Researchers observed a VHD file containing a PDF document and an executable file masquerading as a Microsoft Word document, which actually contained the Zebrocy malware.
Recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads for further exploitation.
SideWinder was observed using credential phishing pages copied from their victims’ webmail login pages and modified for phishing targets based in South Asian countries.
Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted messaging app considered safe from external snooping, it claimed in a blog post on Thursday.
Hewlett Packard Enterprise (HPE) has disclosed a zero-day flaw in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.
Of the 88 domain names publicly attributed to APT1, 28 remain active in the Domain Name System as of 4 December 2020. Of the remaining 23 APT1 domain IoCs, 19 were cited as "malicious" by VirusTotal.
Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests for the discovered flaws.
The recommended changes build off of updates proposed back in October regarding consumer opt-out requests. Those interested in submitting a comment for the proposed regulations have until December 28.
The LuckyMouse APT group planted backdoors and keyloggers to gain long-term access to government networks and then uploaded a variety of tools that they used to perform additional activities.
Red Hat Security Advisory 2020-5585-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP20. Issues addressed include bypass, deserialization, and information leakage vulnerabilities.
Red Hat Security Advisory 2020-5586-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP75. Issues addressed include bypass and deserialization vulnerabilities.
Red Hat Security Advisory 2020-5588-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2020-5571-01 - python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library packaged for setuptools / pip. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2020-5581-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include code execution and denial of service vulnerabilities.
Red Hat Security Advisory 2020-5583-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2020-5572-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Issues addressed include an open redirection vulnerability.
Red Hat Security Advisory 2020-5363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged show more ...
the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
Red Hat Security Advisory 2020-5568-01 - This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, bypass, code execution, cross site show more ...
scripting, denial of service, deserialization, file disclosure, information leakage, memory leak, out of bounds read, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2020-5566-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2020-5561-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5565-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5563-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5562-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5564-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5361-01 - This release of Red Hat build of Thorntail 2.7.2 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include XML injection, bypass, denial of service, and remote SQL injection vulnerabilities.
Ubuntu Security Notice 4671-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, or execute arbitrary code. Various other issues were also addressed.
Red Hat Security Advisory 2020-5554-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components.
Red Hat Security Advisory 2020-5359-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Ubuntu Security Notice 4670-1 - It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. show more ...
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10. It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2020-5529-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You show more ...
can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.4 on OpenJDK for operation within the OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release.
Red Hat Security Advisory 2020-5412-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include a code execution vulnerability.
There is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.
Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads
As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new "5G Standalone core
How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet, it can also help web development by enhancing UX through reverse geocoding. Not to mention
The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed
