Top Eleven Infosec News Stories You Should Know 12/23/20

ACLU sues FBI to get information on the software used to unlock encrypted phones, FBI says Iran behind 'Enemies of the People,' DHS warns against using China-linked companies, much more

Thank you for reading Metacurity. We hope all our readers and subscribers have a warm and safe holiday season filled with joy and love. We will be on hiatus until January 4 unless pressing events dictate a special report. Peace and health to all living creatures in 2021!

The American Civil Liberties Union (ACLU) is suing to obtain information related to the FBI’s Electronic Device Analysis Unit (EDAU) and its possible use of software that would allow the government to decrypt information on encrypted devices.

The ACLU had filed several Freedom of Information Act requests for any Department of Justice and FBI records related to the EDAU but received a Glomar response, a refusal even to confirm or deny that any such records of the EDAU ever existed in the first place. (Brianna Provenzano / Gizmodo)


The FBI has concluded that Iran is behind efforts to mount lethal violence against FBI Director Christopher A. Wray and ousted Homeland Security Department official Christopher Krebs among a dozen other people who have refuted widespread voter fraud, federal and state officials say.

The targets for the calls to violence were posted on a website titled “Enemies of the People.” Crosshairs were superimposed over the photos. (Ellen Nakashima, Amy Gardner, and Aaron C. Davis / Washington Post)

Related: Cyberscoop

The Department of Homeland Security’s Office of Trade and Economic Security has issued an advisory to U.S. businesses warning them against using communications equipment and services from China-linked companies.

The advisory warns specifically about data centers owned or operated by Chinese firms, foreign data centers built with Chinese equipment, joint ventures with Chinese firms, software, mobile device applications, fitness trackers, and other wearables. (Bethany Allen-Ebrahimian / Axios)

Related: Bloomberg, DHS, Infosecurity Magazine, The Register

President-elect Joe Biden slammed Donald Trump for “irrationally downplaying” the widespread hacking of American government and businesses as part of the SolarWinds supply chain breach, widely believed to be orchestrated by Russian state hackers.

Biden warned Russia that he would not allow the intrusion to “go unanswered” after he takes office. (David Sanger / New York Times)

Related: The IndependentCBSNews.comThe ConversationCNBC TechnologyFortuneJust SecurityInternet Security AllianceJezebelThe IndependentSky NewsMarketwatchInquirer,  Business StandardWashington Post PoliticsCBSNews.comNew York PostBloombergBoing BoingCBSNews.comBig News NetworkDigital JournalChannel News Asia, USA TodayBleeping ComputerThe SunPOLITICOTeller ReportCourthouse News ServiceThe New DailyMediaiteThe Hill: CybersecurityInsideCyberSecurity.comDaily MailBloomberg TechnologyCyberscoopThe GazetteBoing Boing, Business, FCW

Authorities in the US, Germany, France, Switzerland, and the Netherlands seized the web domains and server infrastructure of three VPN services: active,, and

The U.S. Justice Department and Europol say that the servers were used to mask activities such as ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, keeping them behind a proxy network of up to five layers. (Catalin Cimpanu / ZDNet)

Related: Justice Department, Europol, TechNaduSecurityWeekThreatpost, isssource.comThe Hacker NewsCyberscoopPogoWasRight.orgHomeland Security Today HackReadThe Daily SwigInfosecurity MagazineBleeping Computer, The Hacker NewsSlashdot, GizmodoDataBreachToday.comTechradarSiliconANGLE

An investigation by Italian police’s cybercrime divisions in Rome and Naples and Naples prosecutors in the theft of data from Italian defense group Leonardo shows that an inside hacker appeared to target details of Europe’s biggest unmanned fighter jet program and aircraft used by the military and police.

The arrest warrant for the hacker shows that one of the hacked computers belonged to a Leonardo technician who worked on the electronic system of the nEUROn, an experimental crewless military aircraft that was designed in 2012 under a European defense program led by France. (Francesca Landini / Reuters)

Related: Aerotime Hub

Tennessee-based expired transportation company ForwardAir was hit by a ransomware attack a week ago, causing shipping delays for customers, especially those that use them to move loads to, from, and between airports.

Logistics providers are implementing expensive manual processes to work around the problem. The attack appears to be the work of a ransomware group called Hades. (John Kingston, Eric Kulisch, Nate Tabak / FreighWaves)

Related: FreightWaves, Bleeping Computer

Europol and the European Commission are launching a new decryption platform to help law enforcement agencies decrypt data that has been obtained as part of a criminal investigation.

The platform will be operated by Europol's European Cybercrime Center, or EC3, which focuses on cybercrime committed by organized crime groups. (Prajeet Nair / GovInfoSecurity)


Share Metacurity

British cryptocurrency exchange EXMO said hackers withdrew almost 5% of its total assets after compromising its hot wallets.

EXMO suspended all withdrawals after detecting suspicious and large withdrawals starting on December 21st, at 2:27:02 UTC. (Sergiu Gatlan / Bleeping Computer)

Related: Graham CluleyTechradar, SecurityWeek

Digital certificate authority Let’s Encrypt has developed a workaround so that its expired root certificate can continue to be used by old Android phones.

Let's Encrypt will start providing subscribers both the expired certificate, ISRG Root X1 along with DST Root CA X3 certs, which it says will ensure "uninterrupted service to all users and avoiding the potential breakage we have been concerned about." (Ron Amadeo / Ars Technica)

Related: Let’s Encrypt, Engadget, ZDNet, Slashgear

Apple has begun shipping researchers specially-configured iPhones equipped with unique code execution and containment policies to support security research as part of its Apple Security Research Device Program.

Participating security researchers will get the phones on loan for one year, although it’s possible that the time period could be extended. (Juli Clover / MacRumors)

Related: TechDator9to5MacApple InsideriMore

Share Metacurity

Photo by Jack Young on Unsplash