Malwarebytes Hacked by the Same Group That Hit SolarWinds and Eleven Other Top Infosec Developments - 1/20/21

Another malware SolarWinds malware strain discovered, Open source tool released for tracking techniques used by SolarWinds threat group, Trump issues EO to thwart malicious foreign use of cloud stuff

Happy inauguration day to our readers! No pitches today, just good thoughts for our country flowing from Metacurity’s Washington, DC offices.

Security firm Malwarebytes said it was hacked by the same, presumed Russian state-backed threat group that hacked IT software provider SolarWinds.

The company learned about the hack from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity from the dormant Office 365 security app. Malwarebytes said the company only gained access to a limited subset of internal company emails. (Catalin Cimpanu / ZDNet)

Related:iTnews - Security, ZDNetSecurity IntelligenceARNThe Mac ObserverSiliconANGLE, Reuters: World News, Neowin, Malwarebytes, Slashdot

Security firm Symantec said it identified another malware strain called Raindrop used during the SolarWinds supply chain attack, adding a fourth malware strain involved in the SolarWinds hack, including Sunspot, Sunburst (Solorigate), and Teardrop.

According to Symantec, the malware was used only during the very last stages of an intrusion deployed only on the networks of very few selected targets. (Catalin Cimpanu / ZDNet)

Related:PCMag.comThreatpostiTnews - SecurityiTnews - SecurityThe Hacker NewsDataBreachToday.comReddit - cybersecurity, Symantec

FireEye Mandiant released an open-source tool named Azure AD Investigator designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name assigned by the cybersecurity firm to the threat group that attacked the IT management company SolarWinds.

The tool allows organizations to check their Microsoft cloud environments for evidence of an attack and alerts security teams if it identifies artifacts that may require further review. (Eduard Kovacs / Security Week)

Related: Dark ReadingCSO Online, ZDNet, FireEye, Slashdot

On his last day in office, Donald Trump issued an executive order to thwart foreign use of cloud computing products for malicious cyber operations against the United States.

The order allows the Commerce Department to write rules to bar transactions with foreigners in cloud computing products or services if a foreigner uses them for cyber attacks. (Alexandra Alper / Reuters)

Related: iTnews - Security

The Biden-Harris transition team announced that a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone Michael Sulmeyer would become the senior director for cybersecurity at the White House.

Sulmeyer joins another Nakasone cybersecurity lieutenant, Anne Neuberger, who will work as deputy national security adviser for cyber and emerging technology. (Tim Starks / Cyberscoop)

Related: Federal News Network, RAPPLER, NextGov, Biden-Harris Transition

The Indian government has asked Facebook-owned messaging app WhatsApp to withdraw the controversial changes in its privacy policy that might end up shoveling users’ over to the parent company.

In a letter to WhatsApp Chief Executive Will Cathcart, India’s Ministry of Electronics and Information Technology said that the WhatsApp terms of service and privacy policy "raise grave concerns regarding the implications for the choice and autonomy of Indian citizens.” (PTI News)

Related: The Times of IsraelReuters, RAPPLERMediaNamaBusinessLine - HomefossBytesAndroid CentralTechNaduxda-developersThe Next WebBusiness InsiderGulf News TechnologyElcomsoftiMoreTelecomlive.comAndroid PoliceTechradarThe Next WebNeowinAl Bawaba,Telecomlive.comDevdiscourse News DeskThe Financial Express, NDTV

Russian cryptocurrency exchange Livecoin shut down in the wake of a purported hack that some critics say was, in reality, an exit scam.

In December, the exchange claimed it was hacked and has asked currency owners to file a complex list of personal documents to file claims to obtain the currency they may have lost in the hack. (Kevin Helms /

Related: GBHackers on Security

According to an international law firm DLA Piper, European data regulators imposed GDPR fines totaling €158.5 million (around $191.89 million) between 28 January 2020 and 2021, a 39% increase over the previous 20 months since the introduction of the more stringent data protection law.

At the same time, the number of breach notifications jumped by 19% to 121,165. (Robert Scammell / Verdict)

Related: ZDNet UKPYMNTS.comDataBreachToday.comITProPortalStartups News | Tech NewsEngadgetSilicon RepublicInfosecurity Magazine, DLA Piper

VpnMentor discovered a data breach involving the now-defunct Fleek social media app, an X-rated alternative to Campus Stories from Snapchat.

VpnMentor discovered a misconfigured AWS S3 bucket in October 2020 with 377,000 files containing photos and bot scripts. (Waqas / HackRead)

Related:Reddit - cybersecurityInfosecurity Magazine, vpnMentor

President-elect Joseph Biden’s nominee for defense secretary General Lloyd Austin told the Senate Armed Services Committee during a hearing that the perpetrators of the SolarWinds hack should face the consequences.

He also said that he believes the intelligence agencies’ attribution to Russia as the source of the hack is an accurate one. (Mila Jasper / NextGov)

Related: C4ISRNETJust

Security experts disclosed details about seven vulnerabilities, tracked as DNSpooq, impacting a popular DNS software package, Dnsmasq, commonly deployed in networking equipment, such as routers and access points.

DNSpooq software can be combined to poison DNS cache entries recorded by Dnsmasq servers. It is now in millions of devices sold worldwide, such as Cisco devices, Android smartphones, and many types of networking gear like routers, access points, firewalls, and VPNs. (Catalin Cimpanu / ZDNet)

Related: Bleeping Computer, Threatpost

In what might be considered a refreshing scandal of the incoming Biden Administration, some cybersecurity experts say the President-Elect’s use of a Peloton bike, which is connected to the Internet, might be a cybersecurity risk.

However, most cybersecurity experts say the threat of a Peloton bike to national security pales compared to the digital security threats posed by Biden’s predecessor. (Sheryl Gay Stolberg / New York Times)

Related: New York Post, Popular Mechanics

Photo by Joan Gamell on Unsplash