Cybersecurity News Headlines Update on February 17, 2021

Microsoft: SolarWinds Hack Code Includes the Work of Hundreds of Developers. Microsoft’s analysis of the code used in the SolarWinds supply chain attack suggests it includes the work of more than 1,000 developers. Microsoft president Brad Smith told TV news program 60 Minutes that “from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen. Read more in:

FS-ISAC: Single Threat Actor Hit Organizations Hit with DDoS Ransom Attacks. The Financial Services Information Sharing and Analysis Center (FS-ISAC) says that in 2020, more than 100 financial services organizations were targeted with distributed denial-of-service (DDoS) extortion attacks. All the attacks were launched by the same threat actor. Read more in:

Canadian Vehicle Rental Company Hit with Ransomware. Discount Car and Truck Rentals, a Canadian division of US-based Enterprise Holdings, has disclosed that it is recovering from a ransomware attack. The ransomware operators have also reportedly stolen data. The attack affected systems at the Discount Car and Truck Rentals headquarters office. As of Sunday morning, February 14, customers were not able to book or manage rentals online. Read more in:

French Hospital Suffers Ransomware Attack. The Center Hospitalier de Dax-Côte d’Argent in southwest France, is recovering from a ransomware attack that occurred earlier this month. The incident has affected the hospital’s ability to offer patient care and has impacted its switchboard. Read more in: Dax-Côte d’Argent hospital in France hit by ransomware attack

Book Excerpt. An excerpt from Nicole Perlroth’s recently-published book This is How They Tell Me the World Ends, which examines the zero-day vulnerability market. Read more in: The Untold History of America’s Zero-Day Market

Florida Water Treatment Plant Incident. Several sets of access credentials for the Oldsmar, Florida, water treatment plant system were found in a batch of data posted online shortly before the breach. A joint alert issued by the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center provides an overview of the incident and suggests mitigations. Read more in:

Phone Company Employee Charged in SIM Swapping Case. A Florida man who worked for a phone company is facing charges for allegedly taking advantage of his access to customer data to take control of 19 phone numbers. A co-conspirator allegedly paid Stephen Daniel DeFiore $2,325 to switch out SIM cards belonging to customers. Read more in: Prosecutor charges former phone company employee in SIM-swap scheme

Washington State Bill Would Centralize Government Cybersecurity. Following a breach that exposed citizens’ personal information, the US state of Washington is seeking to consolidate state cybersecurity operations in one office. Washington Governor Jay Inslee has called for the state’s Office of Cybersecurity to shift from an advisory body to agencies to an entity that oversees IT security for all state government agencies. Read more in:

Dutch Research Council Network Hit with Cyberattack. The network of the Dutch Research Council (NWO) is temporarily unavailable due to a cyberattack. NWO funds scientific research at universities and institutes. While the organization’s website has not been affected, the system that processes grant applications is currently unavailable. Read more in:

Two More Organizations Affected by Accellion Breaches. The University of Colorado, and telecommunications company Singtel have both been impacted by data breaches that were conducted through a vulnerability in Accellion’s File Transfer Appliance (FTA). The company recently announced that it is ending support for FTA. Read more in:

Florida Water Treatment System Breach: Employees Shared One TeamViewer Password. In the wake of an attack in which a hacker gained access a Florida water treatment plant’s network and altered the amount of chemicals being added to drinking water, the FBI released a Private Industry Notification (PIN) warning that “the cyber actors likely accessed the system by exploiting cyber security weaknesses including poor password security, and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment. The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.” Read more in:

Microsoft Patch Tuesday: Install Quickly. On Tuesday, February 9, Microsoft released updates to address 56 vulnerabilities in Windows and related software. Eleven of the flaws are rated critical. One of the flaws, a privilege elevation vulnerability in Win32k, is being actively exploited. Read more in:

12-Year-Old Windows Defender Vulnerability Fixed. Among the vulnerabilities fixed in Microsoft’s February Patch Tuesday is a 12-year-old privilege elevation flaw in Windows Defender. The flaw could be exploited by threat actors with basic user privileges. The update will be installed automatically for users who have that feature enabled. Read more in:

Bloomberg Says Spy Chips Found in Super Micro Computer Products. According to a report from Bloomberg, US intelligence agencies have known for nearly a decade that China has been tampering products made by Super Micro Computer, Inc. The situation illustrates the susceptibility of “American companies … to potential nefarious tampering of any products they choose to have manufactured in China. Read more in: The Long Hack: How China Exploited a U.S. Tech Supplier

Adobe Releases Security Updates for Acrobat and Reader, Magento, and Other Products. Hackers are exploiting a critical heap-based buffer overflow vulnerability in Adobe Reader in “limited attacks” targeting users running Adobe Reader on Windows. The flaw is one of 23 fixed in Adobe’s February 9 updates for Reader and Acrobat. Adobe also released updates to address 18 vulnerabilities in Magento, five vulnerabilities in Photoshop, two in Illustrator, and one in each Animate and Dreamweaver. Read more in:

Authorities Make Arrests in Connection with SIM-Swapping Scheme. Authorities in the UK have arrested eight people in connection with a SIM-swapping scheme that targeted celebrities. The National Crime Agency worked alongside US federal and state authorities on the investigation. Two other people were arrested earlier in Malta and in Belgium. Read more in:

Zerologon Defense, Phase Two. With the most recent security update, Microsoft has begun enforcing phase two of security measures to protect users from the Zerologon vulnerability that was disclosed in August 2020. The severity of the flaw prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an emergency directive, ordering federal agencies to take steps to protect vulnerable systems by September 21, 2020. The “February 9, 2021 and superseding Windows Updates enable enforcement mode on all supported Windows Domain Controllers and will block vulnerable connections from non-compliant devices.” Read more in:

Web Hosting Company Shuts Down After Cyberattack. A web hosting site has decided to shut down operations after “a hacker successfully compromised all the servers [they] use to operate [their ] business.” A message posted on its site urges customers to download backups of their websites and databases through cPanel. The company did not provide details about the attack. However, TorrentFreak has reported that two other hosting sites, both of which “provide IPTV services to pirate streaming sites,” have recently suffered similar attacks. Read more in:

Critical Flaw in SAP Commerce Platform. A critical vulnerability affecting the SAP Commerce platform could be exploited to allow remote code execution. The flaw affects SAP Commerce versions 1808, 1811, 1905, 2005 and 2011. A patch for the flaw is available. Read more in:

Responsive Menu WordPress Plugin Flaw. Three flaws affecting the Responsive Menu WordPress plugin could be exploited to take control of vulnerable websites. The plugin has been installed on more than 100,000 sites. An updated version of the plugin is available. Users are urged to update to Responsive menu version 4.0.4. Read more in:

In Wake of Recent Attacks, Accellion Announces EOL for FTA Software. Cloud service provider Accellion will retire its FTA filesharing product following a number of attacks that compromised data at government agencies and private companies in Australia, New Zealand, Singapore, and the US. The attackers appear to be using SQL injection to install a web shell and from there, steal files stored on the FTA appliance. In a January 11 statement, Accellion noted that it had been made aware of the issue in December 2020 and had “released a patch within 72 hours to the less than 50 customers affected.” More recently, Accellion announced that its FTA software will reach EOL on April 30, 2021. Read more in: