19-01-202121-01-2021

Security daily (20-01-2021)

Microsoft details how SolarWinds hackers hid their espionage

Attackers behind an espionage campaign that exploited software built by the federal contractor SolarWinds separated their most prized hacking tool from other malicious code on victim networks to avoid detection, Microsoft said Wednesday. The findings make clear that, while the hackers have relied on a variety of tools in their spying, the tampered SolarWinds software functioned as the cornerstone of an operation that Microsoft described as “one of the most sophisticated and protracted” of the decade. Multiple U.S. federal agencies focused on national security have been breached in the campaign, which U.S. officials have linked to Russia. The latest Microsoft research comes as influential security firms continue to come forward as victims of the hacking campaign. Malwarebytes said Tuesday that the same hacking group had apparently breached some of the firm’s internal emails by abusing access to Microsoft Office 365 and Azure software. Malwarebytes said it doesn’t use SolarWinds software, […] The post Microsoft details how SolarWinds hackers hid their espionage appeared first on CyberScoop. (CyberScoop)

Has the coronavirus pandemic affected Apple’s hardware design?

The more things change... the more they stay the same! (Naked Security)

Scammers Are Sending Fake Job Offers On LinkedIn

(News ≈ Packet Storm)

Interpol Warns Of Romance Scam Artists Sending Fake Investments Via Apps

(News ≈ Packet Storm)

SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach

(News ≈ Packet Storm)

Critical Cisco SD-WAN Bugs Allow RCE Attacks

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite. (Threatpost)

NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs

The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory. (Threatpost)

Malwarebytes Hit by SolarWinds Attackers

The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365. (Threatpost)

Investment Scammers Prey on Dating App Users, Interpol Warns

Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers. (Threatpost)

Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms

Mystery of spying using popular chat apps uncovered by Google Project Zero researcher. (Threatpost)

19-01-202121-01-2021

/security-daily/ 21-01-2021 23:44:24