Cybersecurity News Headlines Update on January 16, 2021

CISA: Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments. The US Cybersecurity and Infrastructure Security Agency (CISA) has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services, after becoming aware of cyber-attacks leveraging weaknesses in cloud security services. Threat actors are leveraging phishing and other techniques to exploit poor cyber hygiene practices and misconfigurations in cloud services. CISA has listed steps organizations can take to improve their cloud security posture. Read more in:

NSA Warns Enterprises Not to Use Third-Party DNS Resolvers. The US National Security Agency (NSA) has released recommendations for enterprises to securely adopt encrypted DNS. The document “explain[s] the benefits and risks of adopting the encrypted domain name system (DNS) protocol, DNS over HTTPs (DoH), in enterprise environments.” The NSA recommends against using third-party DNS resolvers to “ensure proper use of essential enterprise security controls, facilitate access to local network resources, and protect internal network information.” Read more in:

Microsoft Patch Tuesday Includes Fix for Actively Exploited Microsoft Defender Flaw. Microsoft has released fixes for 83 security issues in its software, including Windows, Edge, Office, SQL Server, and Azure. Ten of the flaws are rated critical. One of the flaws fixed was disclosed prior to the monthly security update, and one of the flaws is being actively exploited: a remote code execution vulnerability that affects Microsoft Defender. Read more in:

Adobe Patch Tuesday – High Priority. Adobe has released security updates to address seven critical vulnerabilities in Photoshop, Illustrator, Animate, Bridge, and other products. As of Tuesday, January 12, Adobe is blocking Flash content. Users are being urged to uninstall the software, which is no longer supported. Read more in:

Cisco Updates Include Fix for Serious Vulnerability in CMX and 70 Other High-Severity Flaws. Cisco has released fixes for nearly 70 high-severity flaws in a variety of products. One of the most serious vulnerabilities affects Cisco Connected Mobile Experiences (CMX); it could be exploited to “allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system.” Cisco has also released fixes for vulnerabilities in its RV routers, but it is not releasing updates for older RV routers that have reached end-of-life (EOL). The devices in question, which include Cisco Small Business RV110W, RV130, RV130W, and RV215W systems, reached EOL in 2017 and 2018, and paid extended support contracts expired on December 1, 2020. Cisco is urging customers using older versions of its RV routers to upgrade to newer, actively supported models. Read more in:

Proposed Rulemaking Would Require Financial Institutions to Report Cybersecurity Incidents Within 36 Hours. US federal financial regulatory agencies have proposed a rule that would require financial institutions to report cybersecurity events to financial regulators “no later than 36 hours after the banking organization believes in good faith that the incident occurred.” The US The Office of the Comptroller of the Currency, Treasury, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation (FDIC) published the proposed rulemaking in the Federal Register on January 12, 2021; comment will be accepted through April 12, 2021. Read more in:

International Effort Leads to DarkMarket Server Takedown and Arrest of Alleged Operator. An international law enforcement operation involving Europol and agencies in Germany, Australia, Denmark, Moldova, Ukraine, the UK, and the US has taken down the DarkMarket illegal online marketplace. The alleged operator of the marketplace, an Australian citizen living in Germany, has been arrested. Authorities also seized more than 20 associated servers in Moldova and Ukraine. Read more in:

SolarWinds: Third Malware Tool Discovered. SolarWinds and CrowdStrike have disclosed information about yet another piece of malware that helped enable the supply chain attack. Dubbed Sunspot, the malware is designed “to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product.” Read more in:

Apple Will Remove Feature that Let its Apps Bypass Security Measures. In October 2020, Mac researchers noticed a feature in a beta version of macOS 11.2 that allowed Apple apps to bypass socket firewalls and virtual private networks. Dubbed the ContentFilterExclusionList, the feature permitted roughly 50 Apple programs to access the Internet without going through the Network Extension Framework, which was established to allow the monitoring and filtering of network traffic. Researchers noted that exploiting the ContentFilterExclusionList is trivial. The second beta version of macOS 11.2 will not include that feature. Read more in: Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers

Stolen COVID-19 Data Leaked. Hackers who stole COVID-19 vaccine and medicine data from the European Medicines Agency (EMA) late last year have posted the information online. Law enforcement authorities are investigating. Read more in:

Mimecast Says Hackers Stole Digital Certificate. In a January 12 blog post, eMail security provider Mimecast says, “Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor.” The issue affects approximately 10 percent of Mimecast’s customer base. Mimecast has asked affected customers “to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate” Mimecast has made available. Both the methods and the targets of the attack bear similarities to the SolarWinds supply chain attack. Read more in:

Update Available to Fix Critical Flaw in Orbit Fox by ThemeIsle WordPress Plugin. A critical authenticated privilege elevation flaw in the Orbit Fox by ThemeIsle WordPress plugin could be exploited to take control of vulnerable websites. An update for the plugin is available. It also addresses a medium-severity stored cross-site scripting vulnerability that could be exploited to inject malicious JavaScript into websites. The plugin has been installed on more than 400,000 WordPress sites. Users are urged to update to Orbit Fox by ThemeIsle version 2.10.3. Read more in:

SolarWinds Hires Krebs and Stamos; FBI Investigating JetBrains as Possible Victim. SolarWinds has hired Christopher Krebs, former head of the US Cybersecurity and Infrastructure Security Agency (CISA) and Alex Stamos, former Facebook CISO, to help manage the aftermath of the discovery of the supply-chain attack affecting the SolarWinds Orion management tool. In a related story, the FBI is investigating the possibility that Czech software company JetBrains may have been a victim of the SolarWinds attack as well. Read more in:

SolarWinds CEO Shares New Information About the Attack. In a blog post, SolarWinds CEO Sudhakar Ramakrishna writes, “We believe we have found a highly sophisticated and novel malicious code injection source the perpetrators used to insert the SUNBURST malicious code into builds of our Orion Platform software.” Ramakrishna adds that they are sharing the information because “we believe that sharing this information openly will help the industry guard against similar attacks in the future and create safer environments for customers.” Read more in:

FBI Issues Egregor Ransomware Advisory. The FBI has released a Private Industry Notification (TLP: white) warning of an increased threat to businesses from the Egregor ransomware operators. The notification describes Egregor’s ransomware-as-a-service operation model and suggests mitigations organizations can apply. Read more in:

Hacker Involved in JP Morgan Chase Data Theft is Sentenced to 12 Years in Prison. A US federal judge in New York has sentenced Andrei Tyurin to 12 years in prison for numerous offenses, including computer intrusion, wire fraud, and bank fraud. Tyurin and three accomplices hacked major US financial institutions, brokerages, and other companies. They stole personal information of more than 80 million JP Morgan Chase customers. Tyurin has been in US custody since was extradited from the country of Georgia in September 2018. Read more in:

Major Browsers Updated to Fix Hijacking Bugs. The developers of the Firefox, Chrome, and Edge browsers are urging users to update to the newest versions to protect their systems from hijacking. Firefox users should update to the browsers’ most recent versions to fix a critical use-after-free vulnerability. Chrome and Edge users should update their browsers to fix an out-of-bounds write vulnerability. The Chrome and Edge updates also address a dozen other security issues. Read more in:

UK High Court Says Intelligence Agencies May Not Use Bulk Hacking. The UK High Court has ruled that authorities may not use bulk equipment interference warrants, also known as general warrants, to gather information about millions of people at once while conducting surveillance. The practice raises privacy concerns, as sensitive information of innocent people gets captured when authorities cast a broad net. The High Court’s ruling strikes down a 2016 ruling by the Investigatory Powers Tribunal, which allowed that a single warrant could be used by the likes of GCHQ, MI5, and MI6 to conduct mass surveillance. Read more in:

Two People Sentenced for Data Theft from UK Roadside Assistance Organization. Two people have received suspended sentences for their roles in the theft of data from UK emergency roadside assistance company RAC. Kim Doyle, an RAC employee, sold customer data to William Shaw, who is the director of an accident claims management company. Doyle received an eight-month suspended sentence; Williams received a two-year suspended sentence. Read more in:

Bitdefender Releases DarkSide Ransomware Decryption Tool. Romanian security company Bitdefender has released a free decryption tool for victims of the DarkSide ransomware. DarkSide first appeared late last summer; it uses a ransomware-as-a-service operating model. Read more in:

macOS Cryptomining Malware Variant is Hard to Analyze. A new variant of malware that is being used to mine cryptocurrency on macOS computers is proving difficult to analyze. The malware’s “payloads are exported as run-only AppleScript files, which makes decompiling them” complicated. OSAMiner has been around since at least 2015. Read more in:

Reserve Bank of New Zealand is Investigating a Data Breach. The Reserve Bank of New Zealand is investigating a security breach of a third-party file-sharing service provider. The bank disclosed the incident on Sunday, January 10, noting that “a third party file sharing service used by the Reserve Bank to share and store some sensitive information, has been illegally accessed.” The Reserve Bank uses the system to share information outside its organization. Read more in:

Civil Liberties Groups Ask US Supreme Court to Hear Case Regarding Personal Device Passcodes. The American Civil Liberties Union (ACLU) is asking the US Supreme Court to hear a case involving the question of whether or not passcodes for privately owned mobile devices are protected under the Fifth Amendment. The ACLU, along with along with the Electronic Frontier Foundation (EFF), has filed a petition for a writ of certiorari to the Supreme Court in the case of Robert Andrews v. the State of New Jersey. Andrews is a Newark, NJ, sherriff’s officer who refused to provide police with passcodes for two iPhones. (Please note that the WSJ story is behind a paywall.) Read more in:

Ubiquiti Networks Urges Customers to Change Passwords. Ubiquiti Networks has notified customers of a data breach that affected servers containing user profile information for the company’s account.ui.com web portal. The site allows customers to manage devices remotely. Ubiquiti encouraged customers to change their passwords. Read more in:

Published by Julie Robert

, passionate about technology, Windows, and everything that has a power button, I spent most of the time to develop new skills and learning more about the tech world because I derive great satisfaction from helping readers eliminate technological headaches that plague their day-to-day lives.