Security daily (19-01-2021)

049| Ransomware 2.0, with Mikko Hypponen

We thought locking up data and demanding a ransom to decrypt it was bad. But ransomware criminals have stooped even lower and now, threats of public data exposure on top of multimillion-dollar ransoms are routine tactics. What's next? Where's ransomware going in 2021? Joining us to give his take is F-Secure's chief research officer and CISO MAG's Cybersecurity Person of the Year 2020, Mikko Hypponen. Also in this episode: Ransomware's evolution, why it's mainly a Windows problem, the impact of remote work, how ransomware's industrialization affects the threat landscape, and more. Links: Episode 49 transcript (Cyber Security Sauna)

Biden's Cabinet picks face cyber questions from Congress as SolarWinds looms large

President-elect Joe Biden’s choices to take on key cabinet roles outlined their approaches to pressing cybersecurity issues facing the new administration during Senate confirmation hearings on Tuesday. A suspected Russian hacking operation that has exposed frailties in federal defenses, as well as conspiracy theories that inspired the Jan. 6 siege of the Capitol, loomed large at the hearings, which came a day before Biden’s inauguration. Of note: Biden’s picks for Homeland Security chief and Director of National Intelligence said they will get a clearer picture of the SolarWinds hacking campaign after getting classified briefings on the matter. Here are the highlights from Tuesday’s confirmation hearings. Alejandro Mayorkas, Secretary of Homeland Security nominee Immigration issues dominated the discussion between Alejandro Mayorkas, Biden’s nominee for DHS chief, and Senate lawmakers. The inability of DHS and other federal departments to stop alleged Russian hacker from exploiting software built by the federal contractor SolarWinds, […] The post Biden's Cabinet picks face cyber questions from Congress as SolarWinds looms large appeared first on CyberScoop. (CyberScoop)

The big cyber issues Joe Biden will face his first day in office

Joe Biden has his work cut out for him. Biden will be sworn into office on Jan. 20 with a long list of challenges ranging from the coronavirus pandemic to re-considering America’s place on the world stage. There’s also the fallout from a far-reaching hacking campaign that the U.S. has suggested is the work of the Russian government. Yet the next American president has also chosen top advisers, including his picks to lead the Department of Homeland Security and the CIA, who appear to view digital security as an integral part of policymaking. Their thinking on these issues, and whether they succeed or fail in the face of deep-seated challenges to internet security, could affect the trajectory of Biden’s presidency. Here’s a closer look at three of the more pressing cybersecurity challenges the administration will encounter. Cleaning up the SolarWinds mess, then getting proactive Biden has vowed to get to […] The post The big cyber issues Joe Biden will face his first day in office appeared first on CyberScoop. (CyberScoop)

Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig

Michael Sulmeyer, a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone, will take the position of senior director for cyber in the Biden White House. Sulmeyer’s selection came with no formal announcement. Instead, the transition website posted his position Monday evening. Sulmeyer is a cybersecurity veteran with broad experience, one of many to join the Biden administration. He’s also one of several whose tenures have included roles in the Trump administration. Beyond serving under Nakasone, he also served in the Obama administration at the Defense Department, where he was director for plans and operations for cyber policy. Between roles in the Trump and Obama administrations, he was director of the Belfer Center’s Cyber Security Project at the Harvard Kennedy School. He also wrote extensively for Lawfare on subjects like election security, federal cybersecurity strategy and DOD-related cybersecurity issues. In the past, the National Security […] The post Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig appeared first on CyberScoop. (CyberScoop)

Health insurer Excellus penalized $5.1M by HHS for data breach

The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR). The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020. The OCR said the breached data included names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information. “The hackers installed malware […] The post Health insurer Excellus penalized $5.1M by HHS for data breach appeared first on CyberScoop. (CyberScoop)

Symantec connects another hacking tool to SolarWinds campaign

Private sector analysts uncovered a new hacking tool thought to be used in a suspected Russian spying operation in the latest example of how, as the investigation into the SolarWinds breach continues, the plot only thickens. Security firm Symantec on Tuesday said it had found previously undocumented malicious code that the attackers used to move through victim networks and then transmit additional malware onto specific computers. The attackers installed the malicious code, dubbed Raindrop, on a handful of carefully chosen computers in an effort to spy on them, according to the latest findings. The discovery underscores the range of tools the accused hackers had at their disposal — some to gain access to computer networks, others to sift through data — in a historic campaign that has infiltrated multiple U.S. federal agencies and consumed investigators at top security firms. U.S. federal investigators have said the hacking campaign is “likely Russian in origin.” […] The post Symantec connects another hacking tool to SolarWinds campaign appeared first on CyberScoop. (CyberScoop)

Attackers Steal E-mails, Info From OpenWRT Forum

(News ≈ Packet Storm)

DNSpooq Lets Attackers Poison DNS Cache Records

(News ≈ Packet Storm)

Livecoin Slams Its Doors Shut Unable To Recover From Hack

(News ≈ Packet Storm)

AnyVan Confirms Digital Breach Of Customer Data

(News ≈ Packet Storm)

Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin

In mass infection scenarios, our Malware Research team often looks for attack vectors to find patterns and other similarities among compromised websites. The identification of these patterns allows us to deploy better and faster solutions to our customers, minimizing impacts from massive attacks. Recently during a routine investigation, we found a number of vulnerabilities in 123contactform-for-wordpress WordPress Plugin Version <= 1.5.6. These critical vulnerabilities allow attackers to arbitrarily create posts and inject malicious files to the website without any form of authentication. Continue reading Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin at Sucuri Blog. (Sucuri Blog)

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution. (Threatpost)

Rob Joyce to Take Over as NSA Cybersecurity Director

Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration. (Threatpost)

SolarWinds Malware Arsenal Widens with Raindrop

The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks. (Threatpost)

Linux Devices Under Attack by New FreakOut Malware

The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks. (Threatpost)

Attackers Steal E-Mails, Info from OpenWrt Forum

Users of the Linux-based open-source firmware—which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn. (Threatpost)


/security-daily/ 20-01-2021 23:44:25