Security daily (22-12-2020)

Biden takes aim at Trump, Russia over SolarWinds breach

President-elect Joe Biden pressured Donald Trump on Tuesday to name the hackers behind the SolarWinds breach, saying that the evidence suggests Russia is responsible. Biden also faulted the incumbent president for his handling of the nation’s digital defenses and vowed to do “all that needs to be done” to get to the bottom of the sweeping cyber espionage campaign, then punish the culprits. “It is a grave risk and it continues. I see no evidence that it’s under control,” Biden said during a speech in Wilmington, Delaware. “The Defense Department won’t even brief us on many things. So I know of nothing that suggests it’s under control. This president hasn’t even identified who is responsible yet.” Biden’s remarks amounted to his most extensive statement on cybersecurity since winning office. They came shortly after Trump downplayed the severity of the backdoor inserted into SolarWinds software that has afflicted both Cabinet departments […] The post Biden takes aim at Trump, Russia over SolarWinds breach appeared first on CyberScoop. (CyberScoop)

Tech titans throw weight behind WhatsApp allegations in NSO surveillance lawsuit

Facebook’s lawsuit against Israeli software surveillance firm NSO Group just got a big boost from tech titans across the U.S. Microsoft, alongside Google, Cisco, GitHub, LinkedIn, VMWare and the Internet Association, filed an amicus brief Monday to join the lawsuit, which alleges that NSO Group exploited a vulnerability in WhatsApp last year to spy on thousands of users, such as journalists, dissidents and human rights activists. More filings from other companies and organizations are expected in the coming days. Access Now, Amnesty International, the Committee to Protect Journalists, Internet Freedom Foundation, Paradigm Initiative, Privacy International, Reporters Without Borders and Red en Defensa de los Derechos Digitales (R3D), are expected to file another amicus brief in support of WhatsApp on Wednesday, CyberScoop has learned. The suit, which Facebook’s WhatsApp filed last year, is currently under appeal in U.S. Court of Appeals for the Ninth Circuit. The Israeli firm’s lawyers have argued […] The post Tech titans throw weight behind WhatsApp allegations in NSO surveillance lawsuit appeared first on CyberScoop. (CyberScoop)

Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts

The fallout from a sweeping hacking campaign by suspected Russian operatives continued Monday as Sen. Ron Wyden said that the hackers had breached “dozens of email accounts” of officials at the Treasury Department. The hackers “broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials,” Wyden said after Treasury officials briefed the Senate Finance Committee, where the Oregon Democrat serves as ranking member. “Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen.” Multiple federal agencies, including the departments of Commerce and Homeland Security, are investigating breaches in the apparent espionage campaign, which has used tampered software made by federal contractor SolarWinds, but also has other vectors for breaking into systems. The breach at Treasury began in July, and the full extent of it is still unknown, Wyden said in a statement. “Microsoft notified the agency […] The post Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts appeared first on CyberScoop. (CyberScoop)

International sting shuts down 'favorite' VPN of cybercriminals

The latest international action against cybercrime infrastructure involves the takedown of a virtual private network (VPN) used to hide the activities of ransomware gangs and other illegal operations. The FBI and European police announced the sting against the Safe-Inet service Tuesday morning. The VPN company was billed as “cybercriminals’ favorite” by Europol. The FBI said three Web domains associated with the service — safe-inet.com, safe-inet.net and insorg.org — had been seized and then plastered with notices from police. Officials said that taking down Safe-Inet was disruptive to major active cybercriminal campaigns, but they did not specify what those were. “Active for over a decade, Safe-Inet was being used by some of the world’s biggest cybercriminals, such as the ransomware operators responsible for ransomware, E-skimming breaches and other forms of serious cybercrime,” according to a news release from Europol, the top police agency for the European Union. “This VPN service was […] The post International sting shuts down 'favorite' VPN of cybercriminals appeared first on CyberScoop. (CyberScoop)

Does a friend “need money urgently”? Check your facts before paying out…

Don't get scammed by fake online requests to help a friend online. Check your facts first - here's why. (Naked Security)

Make Your New Year's Resolution to Master Azure with This Bundle

Microsoft has plenty of products that you're likely familiar with, especially if you work or dream of working in IT. One of the most important now and in the future will be Azure, the company's cloud computing service. You might not know it, but a significant portion of the internet runs on Azure, and that share of the web is projected to keep growing in the coming years.

If you want to make your career in IT, knowing how to master Microsoft Azure will give you a leg up on the competition. It will be key to future-proofing your skillset, giving you the tools you need to work with the growing... more (Null Byte « WonderHowTo)

Trump Administration Says Russia Behind SolarWinds Hack. Trump Himself Begs To Differ

(News ≈ Packet Storm)

U.S. House Intel Chair Wants Briefing On Recent Hacking Campaign

(News ≈ Packet Storm)

Law Enforcement Take Down Three Bulletproof VPN Providers

(News ≈ Packet Storm)

Signal: Firm Claims To Have Cracked Chat App's Encryption

(News ≈ Packet Storm)

Joker's Stash Carding Site Taken Down, For Now

(News ≈ Packet Storm)

Holiday Puppy Swindle Has Consumers Howling

Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride. (Threatpost)

Tech Giants Lend WhatsApp Support in Spyware Case Against NSO Group

Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities. (Threatpost)

Joker’s Stash Carding Site Taken Down

The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort - and now Tor sites are down. (Threatpost)

Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks

Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks. (Threatpost)


/security-daily/ 23-12-2020 23:45:50