Cybersecurity News Headlines Update on January 09, 2021

SolarWinds: Federal Judiciary Electronic Records Possibly Breached. The Administrative Offices of the US Courts is “adding new security procedures to protect highly sensitive confidential documents filed with the courts” following a possible compromise of its Case Management/Electronic Case Files (CM/ECF) system. The Judiciary is auditing the system along with the Department of Homeland Security (DHS). Read more in:

SolarWinds: DoJ eMail Accounts Breached. The US Department of Justice (DoJ) says that the hackers behind the SolarWinds supply chain attack breached the department’s Office 365 environment and compromised more than 3,000 email accounts. The DoJ Office of the Chief Information Officer (OCIO) detected malicious activity in late December 2020. Read more in:

SolarWinds: FBI, NSA, ODNI, and CISA Point Finger at Russia. In a joint statement, the US Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and The National Security Agency (NSA) wrote, “an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.” Read more in:

SolarWinds: CISA Guidance Update Requires Agencies to Conduct Forensic Analysis. The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its SolarWinds guidance. The January 6, 2021, “supplemental guidance v3 requires (1) agencies that ran affected versions conduct forensic analysis, (2) agencies that accept the risk of running SolarWinds Orion comply with certain hardening requirements, and (3) reporting by agency from department-level Chief Information Officers (CIOs) by Tuesday, January 19, and Monday, January 25, 2021.” Read more in:

Hackney Data Stolen, Leaked in Ransomware Attack. The ransomware operators responsible for an attack against the network of the Hackney council in London, UK have leaked stolen data. The ransomware attack occurred in October 2020. The council’s services are still “significantly disrupted.” The stolen information has reportedly been posted on the dark web. Read more in: Months after this ‘serious’ cyber-attack, stolen data has been leaked online by hackers

Ransomware Hits Minnesota Lake Region Healthcare Network. Lake Region Healthcare (LRHC) in Minnesota was the victim of a ransomware attack in late December 2020. The attack prompted LRHC to initiate HER downtime procedures. In a public statement, LRHC said they “are providing most of [their] services as usual by operating largely off alternative systems.” Read more in:

House Passes FedRAMP Bill. The US House of Representatives has passed a bill that codifies the Federal Risk and Authorization Management Program, or FedRAMP. The FedRAMP Authorization Act also establishes an advisory committee “to ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities.” Read more in:

Fired Healthcare Exec Sentenced to Prison for Sabotaging PPE Distribution. A former employee of Georgia-based Stradis Healthcare has pleaded guilty to computer intrusion for tampering with the company’s computer systems. Christopher Dobbins used a secret account he had created to gain access to the Stradis network where he altered and deleted data, hobbling the company’s efforts to distribute personal protective equipment (PPE) in spring 2020. Dobbins has been sentenced to one year in prison. Read more in:

Nissan Source Code Possibly Exposed. Source code for Nissan North America mobile apps and diagnostic tools may have been exposed due to an improperly configured Git server. Nissan says it has secured the server. Read more in:

NSA Guidance Urges Updating Outdated TLS Protocols. The US National Security Agency (NSA) has issued guidance urging system administrators to replace obsolete Transport Layer Security (TLS) protocols with updated versions. The guidance offers strategies for detecting obsolete TLS instances (TLS 1.0 and 1.1 as well as SL 2.0 and 3.0) and for replacing them with newer versions with strong encryption and authentication (TLS 1.2 and 1.3). Read more in:

Legislators’ Computers Left Unattended When They Were Evacuated. When people stormed the US Capitol building on Wednesday, legislators’ computers were left unattended. One senator has reported that a laptop was stolen from his office. It has not been determined what information the computer contains. Read more in:

SolarWinds: Attack May Have Started Earlier and is Looking Worse. More details about the SolarWinds supply chain attack are coming to light. It is now believed that at least 250 US government agencies and private businesses were affected. US Senator Mark Warner (D-Virginia), who serves as Vice-Chair of the Senate Intelligence Committee said that the attackers may have begun even earlier than March/April 2020. Warner also noted that “if FireEye had not come forward, I’m not sure we would be fully aware of [the attack] to this day.” Read more in:

SolarWinds: Hackers Accessed Microsoft Source Code. Microsoft says that the hackers behind the SolarWinds supply chain attack accessed Microsoft source code repositories. Microsoft said that the hackers did not alter the code because the compromised account they used to access the repositories had read-only permission. Microsoft is not concerned that the source code was viewed. In a December 31 blog post, the MSRC Team writes, “We do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.” Read more in:

SolarWinds: CISA Updates Guidance – Update SolarWinds Orion Now. The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance regarding the SolarWinds supply chain attack. The update comes in response to the discovery of a new vulnerability in SolarWinds Orion – an authentication bypass flaw in the SolarWinds Orion API. Government agencies were instructed to update their SolarWinds Orion platforms to version 2020.2.1HF2 by the end of 2020. Agencies unable to update by the deadline were instructed to take all their Orion systems offline. Read more in:

TransLink Ransomware Update: Most Systems are Still Down. Vancouver, BC, transportation agency TransLink says that as of January 4, most of its IT systems are still unavailable a month after they suffered a ransomware attack. Employees have been receiving pay advances rather than their regular paychecks. TransLink has acknowledged that the ransomware operators also compromised employee data. Read more in:

Zyxel Releases Fixes for Hardcoded Backdoor. Researchers from Eye Control discovered an undocumented user account with administrative rights hardcoded in the firmware of Zyxel firewall and AP controller devices. The account can be accessed via SSH or web interface. Eye Control reported the vulnerability to Zyxel in late November. Zyxel has released updated firmware for affected devices. Read more in:

T-Mobile Discloses Fourth Breach in Three Years. T-Mobile has disclosed a data breach that exposed some customers’ call-related information. This is the fourth breach T-Mobile has acknowledged in the past three years. T-Mobile did not provide specifics about the attack, except to say its “cybersecurity team recently discovered and shut down malicious, unauthorized access to some” customer proprietary network information (CPNI). Read more in:

FBI: Smart Home Devices are Being Hijacked for Swatting Attacks. The FBI has released a public service announcement warning that vulnerable smart home security devices are being hijacked by attackers to use in swatting attacks. By hijacking devices with voice and camera features, the attackers can watch the arrival of law enforcement teams and interact with them. The FBI’s announcement urges people “to use complex, unique passwords and enable two-factor authentication to help protect against “swatting” attacks.” Read more in:

Kawasaki Aerospace Company Discloses Breach, Reports of Phony Recruiting eMails. Japanese aerospace company Kawasaki Heavy Industries has disclosed that its network was hit by a data breach in June 2020. Kawasaki says that intruders may have accessed customer data. Separately, Kawasaki has warned that it has received reports of phony emails pretending to be from recruiters from Kawasaki heavy Industries Group in the US. Read more in:

Ticketmaster to Pay $10M Fine for Hacking Competitor. Ticketmaster has agreed to pay a $10 million fine for accessing a competitor’s computer systems without authorization. A Ticketmaster employee who formerly worked at the rival company retained access credentials, which were used to snoop on that company’s activity with the intent of stealing business. Read more in:

Citrix Offers Feature Enhancement to Block DDoS Amplification Attacks. Citrix has released an enhancement to prevent the Datagram Transport Layer Security (DTLS) feature in its ADC and Gateway devices from being used to amplify distributed denial-of-service (DDoS) attacks. Reports emerged last month about attacks taking advantage of vulnerable devices. Read more in:

Bye-bye, Flash. Adobe Flash Player reached end-of-life status as of January 1, 2021. Windows users have begun receiving alerts from Adobe urging them to uninstall Flash. Adobe will block Flash from running as of January 12, 2021. Chrome 88 and Firefox 85, both scheduled for release this month, will remove support for Flash. Microsoft plans to release an update for Windows 10 that will permanently remove Flash. An optional Windows 10 update, released in October 2020, removes Flash Player that was installed by Windows in Internet Explorer, Edge, and Chrome; users who installed Flash Player manually can remove it using Adobe’s uninstall instructions. Read more in:

Apex Laboratory Patient Data Stolen. New York-based medical testing company Apex Laboratory has disclosed that the operators responsible for a July 2020 ransomware attack against the company’s network stole patient data. The compromised information includes patient names, dates of birth, test results, and in some cases, Social Security numbers. Read more in:

Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.