Know someone who needs to stay on top of the developments swirling around cybersecurity? Please give them a gift subscriptions today!

Give a gift subscription

President Biden has ordered a sweeping review of American intelligence about Russia’s role in the SolarWinds supply chain attack, which has implicated vast swaths of the federal government and U.S. private industry.

Reportedly, some intelligence officials have “quietly concluded” that more than a thousand Russian software engineers were most likely involved in developing the SolarWinds intrusion, an estimate that some noted cybersecurity officials say is virtually impossible. (David E. Sanger and Julian E. Barnes / New York Times)

Related: Washington Post

Lesley Carhart @hacks4pancakes

Excuse me? Which... intelligence officials determined this based upon what forensic evidence we cannot see?

Zach Dorfman @zachsdorfman

“Intelligence officials have quietly concluded that more than a thousand Russian software engineers were most likely involved in [Solarwinds], according to people involved in the investigation.” https://t.co/hpKO1dkYye

January 22nd 2021

28 Retweets254 Likes

Jake Williams @MalwareJake

Today I'm protecting my network against 1000 feral Russian software engineers.

January 22nd 2021

1 Retweet41 Likes

Intel said that a malicious hacker stole financially sensitive information in the form of an infographic from its corporate website yesterday, forcing the chip giant to release its earnings early.

The infographic was circulated outside the company but was not published online. (Richard Waters / Financial Times)

Related: Reuters, CNBC Technology, Business Insider, City AM, CNBC Technology, The Register

Security firm NetScout said that cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks using a DDoS amplification factor.

Netscout said the amplification factor is 85.9, with the attackers sending a few bytes and generating "attack packets" that are "consistently 1,260 bytes in length." The firm is currently detecting more than 14,000 RDP servers exposed online and running on UDP port 3389, which are the servers that can be abused in the attacks. (Catalin Cimpanu / ZDNet)

Related: SecurityWeek

Researchers at Check Point and Otorio discovered that a phishing campaign running for more than six months unintentionally left over a thousand stolen login-in credentials accessible to the public via Google search.

The stolen credentials were stored in designated web pages on compromised servers, and Google indexed them as part of its regular web crawling. (Ian Barker / Beta News)

Related: ZDNet Security, Bleeping Computer, Cyber Kendra, HotHardware.com, The Hacker News, Cyberscoop, SecurityWeek, Global Security Magazine, Check Point

Researchers at Sophos said they found evidence connecting the MrbMiner crypto-mining botnet operators to a small boutique software development company operating from the city of Shiraz, Iran.

Multiple MbrMiner domains used to host the crypto miner payloads were hosted on the same server used to host vihansoft.ir, the website of a legitimate Iranian-based software development firm, which was also used as the command and control (C&C) server for the MbrMiner operation. (Catalin Cimpanu / ZDNet)

Related: Threatpost, DataBreachToday.com, The Hacker News, Sophos

SophosLabs @SophosLabs

NEW on MrbMiner: Cryptojacking to bypass international sanctions Iran-based “garage startup” cryptojacking operation targets SQL servers... 1/13

January 21st 2021

8 Retweets10 Likes

The UK government sent laptops to a Bradford school to support children home-schooling during lockdown that contained malware, a worm called Gamarue.I, which was contacting Russian servers.

The malware installs spyware that can gather information about browsing habits and harvest personal information such as banking details. (Jane Wakefield / BBC News)

Related: The Guardian, IT Pro, Silicon UK, Bleeping Computer, The Register, Mac Observer

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a campaign to increase ransomware awareness through the public and private sectors called Reduce the Risk of Ransomware Campaign.

One main goal of the effort is to lower the risk of ransomware to pandemic response and K-12 educational organizations. (Brenda Marie Rivers / GovConWire)

Related: Inside Cybersecurity, The Hill: Cybersecurity, CISA, StateScoop

Google Project Zero security researcher Natalie Silvanovich found logic bugs in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps that allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.

The bugs, which have now been fixed, made it possible to force targeted devices to transmit audio to the attackers' devices without gaining code execution. (Sergiu Gatlan / Bleeping Computer)

Related: Computing.co.uk, E Hacking News, CISO MAG, SecureReading, TechRadar, Threatpost

Natalie Silvanovich @natashenka

I found logic bugs that allow audio or video to be transmitted without user consent in five mobile applications including Signal, Duo and Facebook Messenger The State of State MachinesPosted by Natalie Silvanovich, Project Zero On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an ...googleprojectzero.blogspot.com

January 19th 2021

674 Retweets1,663 Likes

Proofpoint researchers say that a threat actor has been sending thousands of emails to organizations as part of a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise (BEC) attack.

The spear-phishing emails contain C-level executives' unique names from the target organizations, indicating that the cybercriminals have done their homework. (Lindsey O’Donnell / Threatpost)

Related: Proofpoint

A Russian researcher has published a functional exploit on GitHub targeting a critical vulnerability that SAP patched in its Solution Manager (SolMan) product in March 2020.

The vulnerability is tracked as CVE-2020-620 and is a missing authorization check in the EEM Manager component of SolMan. (Ionut Arghire / Security Week)

Related: Security Affairs, isssource.com

A ransomware attack hit the Scottish Environment Protection Agency (SEPA) on Christmas Eve. Now, it has been discovered that the Conti ransomware gang has now published 4,150 files stolen during the attack.

Among the published data are corporate plans, contracts, spreadsheets, and potentially personal information about staff. (Graham Cluley / Graham Cluley)

Related: IT Pro, ZDNet Security,  Reddit - cybersecurity, Energy Voice, DIGIT, Hot for Security

Microsoft unveiled several new features to its Edge browser, including a password monitor developed by the Edge product team and a former Microsoft Research incubation group called the "Cryptography and Privacy Research Group.”

Password Monitor contacts a server periodically and verifies that the credentials you have saved in Edge are not present in a database of breached credentials.  (Usama Jawed / Neowin)

Related: Reddit - cybersecurity, BusinessLine - Home, MobileSyrup.com, AndroidHeadlines.com, MacRumors, Pocketnow, gHacks, Microsoft, The Next Web

Photo by NASA Goddard Space Flight Center - Flickr: Magnificent CME Erupts on the Sun - August 31, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=21422679