Happy inauguration day to our readers! No pitches today, just good thoughts for our country flowing from Metacurity’s Washington, DC offices.

Security firm Malwarebytes said it was hacked by the same, presumed Russian state-backed threat group that hacked IT software provider SolarWinds.

The company learned about the hack from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity from the dormant Office 365 security app. Malwarebytes said the company only gained access to a limited subset of internal company emails. (Catalin Cimpanu / ZDNet)

Related:iTnews - Security, ZDNet, Security Intelligence, ARN, The Mac Observer, SiliconANGLE, Reuters: World News, Neowin, Malwarebytes, Slashdot

Security firm Symantec said it identified another malware strain called Raindrop used during the SolarWinds supply chain attack, adding a fourth malware strain involved in the SolarWinds hack, including Sunspot, Sunburst (Solorigate), and Teardrop.

According to Symantec, the malware was used only during the very last stages of an intrusion deployed only on the networks of very few selected targets. (Catalin Cimpanu / ZDNet)

Related:PCMag.com, Threatpost, iTnews - Security, iTnews - Security, The Hacker News, DataBreachToday.com, Reddit - cybersecurity, Symantec

FireEye Mandiant released an open-source tool named Azure AD Investigator designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name assigned by the cybersecurity firm to the threat group that attacked the IT management company SolarWinds.

The tool allows organizations to check their Microsoft cloud environments for evidence of an attack and alerts security teams if it identifies artifacts that may require further review. (Eduard Kovacs / Security Week)

Related: Dark Reading, CSO Online, ZDNet, FireEye, Slashdot

On his last day in office, Donald Trump issued an executive order to thwart foreign use of cloud computing products for malicious cyber operations against the United States.

The order allows the Commerce Department to write rules to bar transactions with foreigners in cloud computing products or services if a foreigner uses them for cyber attacks. (Alexandra Alper / Reuters)

Related: iTnews - Security

Eric Geller @ericgeller

Trump just issued an EO aimed at fighting hackers' use of cloud platforms. @StevenOverly and I scooped it in December: subscriber.politicopro.com/article/2020/1… Summary in next tweet.

January 20th 2021

52 Retweets79 Likes

The Biden-Harris transition team announced that a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone Michael Sulmeyer would become the senior director for cybersecurity at the White House.

Sulmeyer joins another Nakasone cybersecurity lieutenant, Anne Neuberger, who will work as deputy national security adviser for cyber and emerging technology. (Tim Starks / Cyberscoop)

Related: Federal News Network, RAPPLER, NextGov, Biden-Harris Transition

The Indian government has asked Facebook-owned messaging app WhatsApp to withdraw the controversial changes in its privacy policy that might end up shoveling users’ over to the parent company.

In a letter to WhatsApp Chief Executive Will Cathcart, India’s Ministry of Electronics and Information Technology said that the WhatsApp terms of service and privacy policy "raise grave concerns regarding the implications for the choice and autonomy of Indian citizens.” (PTI News)

Related: The Times of Israel, Reuters, RAPPLER, MediaNama, BusinessLine - Home, fossBytes, Android Central, TechNadu, xda-developers, The Next Web, Business Insider, Gulf News Technology, Elcomsoft, iMore, Telecomlive.com, Android Police, Techradar, The Next Web, Neowin, Al Bawaba,Telecomlive.com, Devdiscourse News Desk, The Financial Express, NDTV Gadgets360.com

Russian cryptocurrency exchange Livecoin shut down in the wake of a purported hack that some critics say was, in reality, an exit scam.

In December, the exchange claimed it was hacked and has asked currency owners to file a complex list of personal documents to file claims to obtain the currency they may have lost in the hack. (Kevin Helms / Bitcoin.com)

Related: GBHackers on Security

According to an international law firm DLA Piper, European data regulators imposed GDPR fines totaling €158.5 million (around $191.89 million) between 28 January 2020 and 2021, a 39% increase over the previous 20 months since the introduction of the more stringent data protection law.

At the same time, the number of breach notifications jumped by 19% to 121,165. (Robert Scammell / Verdict)

Related: ZDNet UK, PYMNTS.com, DataBreachToday.com, ITProPortal, Startups News | Tech News, Engadget, Silicon Republic, Infosecurity Magazine, DLA Piper

VpnMentor discovered a data breach involving the now-defunct Fleek social media app, an X-rated alternative to Campus Stories from Snapchat.

VpnMentor discovered a misconfigured AWS S3 bucket in October 2020 with 377,000 files containing photos and bot scripts. (Waqas / HackRead)

Related:Reddit - cybersecurity, Infosecurity Magazine, vpnMentor

President-elect Joseph Biden’s nominee for defense secretary General Lloyd Austin told the Senate Armed Services Committee during a hearing that the perpetrators of the SolarWinds hack should face the consequences.

He also said that he believes the intelligence agencies’ attribution to Russia as the source of the hack is an accurate one. (Mila Jasper / NextGov)

Related: C4ISRNET, Just Security, InsideDefense.com

Security experts disclosed details about seven vulnerabilities, tracked as DNSpooq, impacting a popular DNS software package, Dnsmasq, commonly deployed in networking equipment, such as routers and access points.

DNSpooq software can be combined to poison DNS cache entries recorded by Dnsmasq servers. It is now in millions of devices sold worldwide, such as Cisco devices, Android smartphones, and many types of networking gear like routers, access points, firewalls, and VPNs. (Catalin Cimpanu / ZDNet)

Related: Bleeping Computer, Threatpost

In what might be considered a refreshing scandal of the incoming Biden Administration, some cybersecurity experts say the President-Elect’s use of a Peloton bike, which is connected to the Internet, might be a cybersecurity risk.

However, most cybersecurity experts say the threat of a Peloton bike to national security pales compared to the digital security threats posed by Biden’s predecessor. (Sheryl Gay Stolberg / New York Times)

Related: New York Post, Popular Mechanics

Lesley Carhart @hacks4pancakes

We ain’t really doing this ‘hard hitting’ Biden Cybersecurity reporting already, are we? He’s not even sworn in yet. 🤔🤨

The New York Times @nytimes

Can President-elect Joe Biden bring his Peloton bike with him to the White House? The answer, cybersecurity experts say, is yes. Sort of. https://t.co/eOH59yA0Jw

January 20th 2021

24 Retweets334 Likes

Adrian Sanabria @sawaba

Are we really though? ARE WE REALLY?

January 20th 2021

5 Retweets129 Likes

Photo by Joan Gamell on Unsplash