26-01-202128-01-2021

Security daily (27-01-2021)

For Microsoft, cybersecurity has become bigger than business

Since the cybersecurity firm FireEye hired Microsoft to help investigate a hack at the federal contractor SolarWinds, Microsoft has helped clean up the mess, alerted victims and distributed other details meant to fend off alleged Russian spies. Microsoft did all of that as it wrestled with its own probe of how hackers infiltrated its systems. Yet the company’s role in the SolarWinds investigation, while significant, represents a fraction of the cybersecurity-focused work Microsoft has done in recent years, including some behind the scenes and some in globe-spanning public relations campaigns. Once viewed as a traditional tech behemoth, Microsoft has evolved into a firm that fights cybersecurity battles in court, in election administration, in the international sphere, in the marketplace and elsewhere. The entirety of that perspective gives Microsoft a unique — if imperfect — place in the cybersecurity universe. The size of the company, and its level of visibility into […] The post For Microsoft, cybersecurity has become bigger than business appeared first on CyberScoop. (CyberScoop)

NetWalker ransomware investigation yields arrest, big cryptocurrency seizure

In a coordinated, multi-part offensive against NetWalker ransomware attackers, law enforcement agencies announced Wednesday that they charged a Canadian national, seized nearly half a million dollars in cryptocurrency and disabled a dark web leak site. The NetWalker attackers have been part of a growing ransomware trend where the hackers hold stolen data hostage, leak a sample of it and threaten to release the rest in order to incentivize victims into paying. They’ve been gone after everyone from government agencies to hospitals to schools, and haven’t shied from exploiting the COVID-19 crisis. They’ve also sought to expand profits by offering their ransomware as a service to other cybercriminals, leading to reports of booming revenue in 2020. The amount ransomware victims paid out increased by 311% in 2020, according to recent research by Chainalysis, a cryptocurrency tracking firm. The charges against Sebastien Vachon-Desjardins, as well as the seizure of approximately $454,530.19 in […] The post NetWalker ransomware investigation yields arrest, big cryptocurrency seizure appeared first on CyberScoop. (CyberScoop)

US arrests Twitter troll accused of spreading election disinformation in 2016

U.S. law enforcement officials say they’ve arrested an infamous far-right troll for allegedly using social media to spread disinformation in support of Donald Trump in the 2016 election. Douglass Mackey, a 31-year-old Florida man, is accused of using Twitter and other platforms to disenfranchise voters by encouraging them to vote via text or social media, which are invalid voting methods. Law enforcement officials arrested Mackey, who was better known as Ricky Vaughn on social media, on Wednesday, the Justice Department said in a statement. The arrest shows how investigations into electoral interference can take years, and is a reminder of the din of domestic disinformation that still challenges U.S. democracy. While the Russian effort to sow disinformation among U.S. voters in 2016 gained widespread attention, U.S.-based propagandists were also active. Mackey and other unnamed associates allegedly flooded social media for two months prior to Election Day in 2016, urging people to […] The post US arrests Twitter troll accused of spreading election disinformation in 2016 appeared first on CyberScoop. (CyberScoop)

Cyber Command, NSA warn to patch decade-old sudo vulnerability

U.S. intelligence officials are urging American companies and security workers to fix a software flaw that, if exploited, would give attackers deep access to a victim machine. The vulnerability, which now has a patch, would have allowed unauthorized users to gain what’s known as root privileges on vulnerable hosts as early as 2011 when the flaw was introduced, researchers at the security firm Qualys found. Root access would enable hackers to obtain administrative privileges over a machine, and quietly collect sensitive information. The vulnerability has existed for 10 years in sudo, a common tool found on nearly all Unix and Linux-based operating systems that generally allows system administrators to give some approved users root privileges. The flaw affects legacy versions from 1.8.2 to 1.8.31p2 and all default versions from 1.9.0 to 1.9.5p1, according to Qualys. The National Security Agency warned this week of how prevalent and damaging this issue could […] The post Cyber Command, NSA warn to patch decade-old sudo vulnerability appeared first on CyberScoop. (CyberScoop)

US, European police say they’ve disrupted the notorious Emotet botnet

U.S. and European law enforcement agencies said Wednesday they had seized control of the computing infrastructure used by Emotet, a botnet of infected machines that has been one of the most pervasive cybercrime threats over the last six years. Through the police and the courts, investigators from Ukraine to Germany to the U.S. took aim at the hundreds of computer servers that Emotet has used globally to defraud victims of millions through extortion and data theft. The investigators “gained control of the infrastructure and took it down from the inside,” Europol, the European Union’s law enforcement agency, said in a statement. “The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure.”   A video posted by Ukrainian police shows officers raiding an apartment and confiscating computer equipment as part of the Emotet bust. “Through international cooperation, the FBI’s Charlotte field office and our partners were able to […] The post US, European police say they’ve disrupted the notorious Emotet botnet appeared first on CyberScoop. (CyberScoop)

Grindr faces fine of nearly $12 million in Norway for alleged privacy violations

Norway’s data protection agency is proposing a fine of $11.7 million against Grindr for the alleged improper sharing of users’ data to third-party companies for marketing purposes. The Norwegian Data Protection Authority (DPA) said Tuesday that Grindr, which bills itself as “the world’s leading LGBTQ+ social application,” had shared, without full consent, users’ GPS locations, profile data and other information with other companies. Grindr has until Feb. 15 to argue against the decision. The case, which applies to the free version of the app, originated with a 2020 complaint from the Norwegian Consumer Council, and it falls under Europe’s General Data Protection Regulation (GDPR). The DPA said the fine of 100 million Norwegian kroner would represent its largest ever, reflecting that “our findings suggest grave violations of the GDPR.” “Users were not able to exercise real and effective control over the sharing of their data,” the Norwegian authority says. The […] The post Grindr faces fine of nearly $12 million in Norway for alleged privacy violations appeared first on CyberScoop. (CyberScoop)

Apple critical patches fix in-the-wild iPhone exploits – update now!

Apple says. "Additional details available soon", which you can translate as "this one took us by surprise". So patch now! (Naked Security)

Insurers Defend Covering Ransomware Payments

(News ≈ Packet Storm)

23 Million Gamer Records Exposed In VIPGames Leak

(News ≈ Packet Storm)

Apple Patches Three Actively Exploited Zero Days

(News ≈ Packet Storm)

Emotet Botnet Disrupted By International Police Operation

(News ≈ Packet Storm)

TeamTNT Cloaks Malware With Open-Source Tool

The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs. (Threatpost)

NetWalker Ransomware Suspect Charged: Tor Site Seized

The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector. (Threatpost)

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet. (Threatpost)

Sudo Bug Gives Root Access to Mass Numbers of Linux Systems

Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo. (Threatpost)

ADT Security Camera Flaws Open Homes to Eavesdropping

Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more. (Threatpost)

Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline

Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker's Dark Web leaks site offline and charged a suspect. (Threatpost)

26-01-202128-01-2021

/security-daily/ 28-01-2021 23:44:25