China's APT 31 Repurposed NSA Hacking Tool Before Shadow Brokers Leak

Bill creating State Dept to be introduced, Fin11 hacking group behind Accellion hacks, Apple makes zero-click exploits harder, Hyundai files leaked after KIA ransomware attack, much more

(Plug: Check out my latest CSO column that examines New York’s new cyber insurance risk framework that was introduced just as costs mount due to ransomware’s ongoing rise and the considerable expenses of the SolarWinds breach.)

While you’re here, ask your organization’s administrative offices if they would like to sign up for a bulk subscription to Metacurity at half off the individual subscription price!

Get 50% off for 1 year

Security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Judgment Panda, obtained and reused another NSA hacking tool known as EpMe years before the mysterious group of hackers known as Shadow Brokers leaked hacking tools from NSA’s elite Equation Group on the web.

In 2014, the Chinese group built its own hacking tool from EpMe code, which originated from the NSA’s Equation Group in 2013.  (Andy Greenberg / Wired)

Related: ZDNet Security, Check PointThe Hacker NewsReuters, Startups News | Tech NewsSecurity AffairsCheck Point, CyberscoopBleeping ComputerSecurityWeek, Startups News | Tech NewsSecurity Affairs, CyberscoopBleeping ComputerSecurityWeek

Security researchers at FireEye have identified that criminal attacker UNC2546 exploited multiple vulnerabilities in software firm Accellion’s file transfer service to install malware on at least a dozen victims’ networks.

FireEye said that organizations began receiving extortion emails threatening to publish stolen data on the “CLOP^_-LEAKS”.onion website, which jives with the previous identification of the ransomware gang known as Clop, and a financially motivated hacking group dubbed FIN11. (Jeff Stone / Cyberscoop)

Related: SecurityWeekSecurityWeekDataBreachToday.comBleeping Computer, HOTforSecurityInfosecurity MagazineDataBreaches.netThreat Research BlogFireEye Threat Research Blog, Accellion

Adam Donenfeld of security firm Zimperium discovered that Apple quietly made a change in the beta version of the next iOS version, 14.5, slated for final release, which makes it harder for hackers to take control of an iPhone with a technique known as a zero-click (or 0-click) exploit.

Apple has implemented a technology called Pointer Authentication Codes (or PAC), which prevents hackers from leveraging corrupted memory, which should make zero-click exploits harder. (Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard)

Related: iPhone Hacks, iMore9to5MacMacRumorsAppleInsiderCult of MacVICE NewsSlashdotSlashdot

Follow Us on Twitter

Following a ransomware attack on Kia Motors America, the DoppelPaymer ransomware gang leaked data related to parent company Hyundai Motor America’s logistics operation.

Among the files leaked are information about Hyundai Glovis, the automaker’s global logistics firm, as well as documents related to a trucking partner, in addition to other data. (Nate Tabak / Freightwaves)

A security researcher who goes by the name of Phenomite has discovered that botnet operators are abusing VPN servers from VPN provider Powerhouse Management to bounce and amplify junk traffic part of DDoS attacks.

The cause of the new VPN attack vector, which can respond to requests with forty times the size of the original packet, is a yet-to-be-identified service that runs on UDP port 20811 on Powerhouse VPN servers. (Catalin Cimpanu / ZDNet)

Related: CISO MAG, Github/Phenomite

Congressional lawmakers, including Reps. Michael McCaul (R-TX)), Gregory Meeks (D-NY), and Jim Langevin (D-RI) plan to introduce today an updated version of the Cyber Diplomacy Act, which rankled the Trump administration.

The bill would re-establish many of the capabilities created in the Department of State during the Obama Administration. It establishes a centralized cyber bureau headed by an ambassador who would advise the Secretary of State on cyber strategy, push U.S. digital economic interests, and lead international responses to security incidents.

Related: The Hill

The Cybersecurity and Infrastructure Security Agency (CISA) announced it had filled three leadership positions.

Nitin Natarajan has joined CISA as its Deputy Director, Eric Goldstein as Executive Assistant Director for Cybersecurity, and Dr. David Mussington as Executive Assistant Director for Infrastructure Security. (Homeland Security Today)

Related: InsideCyberSecurity.comMeritalk

After a month of questioning, Google quietly added Apple’s app privacy labels to Gmail on the server-side but has yet to issue an update on the app.

Apple added its app privacy labels in December. Still, Google has been conspicuously slow in adding them to its products, even going so far as to allow the Gmail app, for example, to be displayed as being out of date. (Juli Clover / MacRumors)

Related: CNBC Technology9to5GoogleSlashdotTimes of IndiaThe VergeiMorePhoneArenaTechJuiceAppleInsider, NDTV Gadgets360.comPocketnowfossBytes

A paper from the UK think tank Royal United Services Institute said that a new tactic known as “Silent Stealing” is conning victims out of small amounts of money from victims, typically 10 pounds or less, thefts that are likely to fly under the radar screen for many victims.

Silent Stealing has become popular because the sheer amounts of breached data available online make it easy for criminals to buy people's personal details and use them for fraud. (Sky News)

Related: Reddit - cybersecurityIT ProReddit - cybersecurityCybersecurity Insiders, Reddit - cybersecurityIT ProSecurity - ComputingSecurity - ComputingRT NewsET news, Telegraph, RUSI

A UK-based nursery school webcam system called NurseryCam has informed families it has experienced a data breach, although it does not believe that the hackers watched youngsters or staff.

NurseryCam shut down operations anyway and notified the UK’s Information Commissioner’s Office. (BBC News)

Related: The Register - SecurityGlobal Security Magazine

Bug bounty hunter and penetration tester Vishal Bharad discovered a stored cross-site scripting (XSS) vulnerability in the iCloud domain, which Apple has reportedly patched.

Bharad reported the bug to Apple on August 7, 2020, and received a $5,000 bounty on October 9. (Charlie Osborne / ZDNet)

Related: ZDNet SecurityiPhone Hacks

Photo by freestocks on Unsplash