Microsoft: SolarWinds Hack Code Includes the Work of Hundreds of Developers. Microsoft’s analysis of the code used in the SolarWinds supply chain attack suggests it includes the work of more than 1,000 developers. Microsoft president Brad Smith told TV news program 60 Minutes that “from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen. Read more in:
- Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack
- Microsoft: SolarWinds attack took more than 1,000 engineers to create
FS-ISAC: Single Threat Actor Hit Organizations Hit with DDoS Ransom Attacks. The Financial Services Information Sharing and Analysis Center (FS-ISAC) says that in 2020, more than 100 financial services organizations were targeted with distributed denial-of-service (DDoS) extortion attacks. All the attacks were launched by the same threat actor. Read more in:
- More Than 100 Financial Services Firms Hit with DDoS Extortion Attacks
- 100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020
Canadian Vehicle Rental Company Hit with Ransomware. Discount Car and Truck Rentals, a Canadian division of US-based Enterprise Holdings, has disclosed that it is recovering from a ransomware attack. The ransomware operators have also reportedly stolen data. The attack affected systems at the Discount Car and Truck Rentals headquarters office. As of Sunday morning, February 14, customers were not able to book or manage rentals online. Read more in:
- Leading Canadian rental car company hit by DarkSide ransomware
- Canadian vehicle rental service hit by ransomware
French Hospital Suffers Ransomware Attack. The Center Hospitalier de Dax-Côte d’Argent in southwest France, is recovering from a ransomware attack that occurred earlier this month. The incident has affected the hospital’s ability to offer patient care and has impacted its switchboard. Read more in: Dax-Côte d’Argent hospital in France hit by ransomware attack
Book Excerpt. An excerpt from Nicole Perlroth’s recently-published book This is How They Tell Me the World Ends, which examines the zero-day vulnerability market. Read more in: The Untold History of America’s Zero-Day Market
Florida Water Treatment Plant Incident. Several sets of access credentials for the Oldsmar, Florida, water treatment plant system were found in a batch of data posted online shortly before the breach. A joint alert issued by the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center provides an overview of the incident and suggests mitigations. Read more in:
- Florida Water Plant Hack: Leaked Credentials Found in Breach Database
- Investigators suggest hackers exploited weak password security to breach Florida water facility
- Water plant’s missteps illustrates need for critical infrastructure security controls
- Cybersecurity Advisory for Public Water Suppliers
- Alert (AA21-042A) | Compromise of U.S. Water Treatment Facility
- Alert (AA21-042A) | Compromise of U.S. Water Treatment Facility (PDF)
Phone Company Employee Charged in SIM Swapping Case. A Florida man who worked for a phone company is facing charges for allegedly taking advantage of his access to customer data to take control of 19 phone numbers. A co-conspirator allegedly paid Stephen Daniel DeFiore $2,325 to switch out SIM cards belonging to customers. Read more in: Prosecutor charges former phone company employee in SIM-swap scheme
Washington State Bill Would Centralize Government Cybersecurity. Following a breach that exposed citizens’ personal information, the US state of Washington is seeking to consolidate state cybersecurity operations in one office. Washington Governor Jay Inslee has called for the state’s Office of Cybersecurity to shift from an advisory body to agencies to an entity that oversees IT security for all state government agencies. Read more in:
Dutch Research Council Network Hit with Cyberattack. The network of the Dutch Research Council (NWO) is temporarily unavailable due to a cyberattack. NWO funds scientific research at universities and institutes. While the organization’s website has not been affected, the system that processes grant applications is currently unavailable. Read more in:
- Hackers break into research council servers, grant applications halted
- Cyberattack on Dutch Research Council (NWO) suspends research grants
- NWO network hacked (in Dutch)
Two More Organizations Affected by Accellion Breaches. The University of Colorado, and telecommunications company Singtel have both been impacted by data breaches that were conducted through a vulnerability in Accellion’s File Transfer Appliance (FTA). The company recently announced that it is ending support for FTA. Read more in:
- Singtel Suffers Zero-Day Cyberattack, Damage Unknown
- University of Colorado Suffers Large, Complex Cyberattack
- Singtel hit by third-party vendor’s security breach, customer data may be leaked
Florida Water Treatment System Breach: Employees Shared One TeamViewer Password. In the wake of an attack in which a hacker gained access a Florida water treatment plant’s network and altered the amount of chemicals being added to drinking water, the FBI released a Private Industry Notification (PIN) warning that “the cyber actors likely accessed the system by exploiting cyber security weaknesses including poor password security, and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment. The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.” Read more in:
- Breached water plant employees used the same TeamViewer password and no firewall
- Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7
- What’s most interesting about the Florida water system hack? That we heard about it at all.
- Why Cybersecurity Experts Hate TeamViewer, the Software Used to Tamper With Florida Water Supply
Microsoft Patch Tuesday: Install Quickly. On Tuesday, February 9, Microsoft released updates to address 56 vulnerabilities in Windows and related software. Eleven of the flaws are rated critical. One of the flaws, a privilege elevation vulnerability in Win32k, is being actively exploited. Read more in:
- Microsoft February 2021 Patch Tuesday
- Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day
- Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
- Microsoft Patch Tuesday, February 2021 Edition
- Actively Exploited Windows Kernel EoP Bug Allows Takeover
- Security Update Guide
12-Year-Old Windows Defender Vulnerability Fixed. Among the vulnerabilities fixed in Microsoft’s February Patch Tuesday is a 12-year-old privilege elevation flaw in Windows Defender. The flaw could be exploited by threat actors with basic user privileges. The update will be installed automatically for users who have that feature enabled. Read more in:
- A Windows Defender Vulnerability Lurked Undetected for 12 Years
- 12-year-old Windows Defender bug gives hackers admin rights
Bloomberg Says Spy Chips Found in Super Micro Computer Products. According to a report from Bloomberg, US intelligence agencies have known for nearly a decade that China has been tampering products made by Super Micro Computer, Inc. The situation illustrates the susceptibility of “American companies … to potential nefarious tampering of any products they choose to have manufactured in China. Read more in: The Long Hack: How China Exploited a U.S. Tech Supplier
Adobe Releases Security Updates for Acrobat and Reader, Magento, and Other Products. Hackers are exploiting a critical heap-based buffer overflow vulnerability in Adobe Reader in “limited attacks” targeting users running Adobe Reader on Windows. The flaw is one of 23 fixed in Adobe’s February 9 updates for Reader and Acrobat. Adobe also released updates to address 18 vulnerabilities in Magento, five vulnerabilities in Photoshop, two in Illustrator, and one in each Animate and Dreamweaver. Read more in:
- Adobe patches wave of critical bugs in Magento, Acrobat, Reader
- Attackers Exploit Critical Adobe Flaw to Target Windows Users
- Security update available for Adobe Acrobat and Reader | APSB21-09
- Security Updates Available for Magento | APSB21-08
Authorities Make Arrests in Connection with SIM-Swapping Scheme. Authorities in the UK have arrested eight people in connection with a SIM-swapping scheme that targeted celebrities. The National Crime Agency worked alongside US federal and state authorities on the investigation. Two other people were arrested earlier in Malta and in Belgium. Read more in:
- Brits arrested for sim swapping attacks on US celebs
- Ten Hackers Arrested for String of Sim-Swapping Attacks Against Celebrities
- Authorities arrest SIM swapping gang that targeted celebrities
Zerologon Defense, Phase Two. With the most recent security update, Microsoft has begun enforcing phase two of security measures to protect users from the Zerologon vulnerability that was disclosed in August 2020. The severity of the flaw prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an emergency directive, ordering federal agencies to take steps to protect vulnerable systems by September 21, 2020. The “February 9, 2021 and superseding Windows Updates enable enforcement mode on all supported Windows Domain Controllers and will block vulnerable connections from non-compliant devices.” Read more in:
- Microsoft Launches Phase 2 Mitigation for Zerologon Flaw
- Microsoft now forces secure RPC to block Windows Zerologon attacks
Web Hosting Company Shuts Down After Cyberattack. A web hosting site has decided to shut down operations after “a hacker successfully compromised all the servers [they] use to operate [their ] business.” A message posted on its site urges customers to download backups of their websites and databases through cPanel. The company did not provide details about the attack. However, TorrentFreak has reported that two other hosting sites, both of which “provide IPTV services to pirate streaming sites,” have recently suffered similar attacks. Read more in:
- Web hosting provider shuts down after cyberattack
- Hacker Blackmails Pirate IPTV Services, Threatens To Send User Data To Police
Critical Flaw in SAP Commerce Platform. A critical vulnerability affecting the SAP Commerce platform could be exploited to allow remote code execution. The flaw affects SAP Commerce versions 1808, 1811, 1905, 2005 and 2011. A patch for the flaw is available. Read more in:
- SAP Commerce Critical Security Bug Allows RCE
- SAP Security Patch Day – February 2021
- SAP Security Patch Day February 2021: Critical Patch released for SAP Commerce
Responsive Menu WordPress Plugin Flaw. Three flaws affecting the Responsive Menu WordPress plugin could be exploited to take control of vulnerable websites. The plugin has been installed on more than 100,000 sites. An updated version of the plugin is available. Users are urged to update to Responsive menu version 4.0.4. Read more in:
- Multiple Vulnerabilities Patched in Responsive Menu Plugin
- Buggy WordPress plugin exposes 100K sites to takeover attacks
In Wake of Recent Attacks, Accellion Announces EOL for FTA Software. Cloud service provider Accellion will retire its FTA filesharing product following a number of attacks that compromised data at government agencies and private companies in Australia, New Zealand, Singapore, and the US. The attackers appear to be using SQL injection to install a web shell and from there, steal files stored on the FTA appliance. In a January 11 statement, Accellion noted that it had been made aware of the issue in December 2020 and had “released a patch within 72 hours to the less than 50 customers affected.” More recently, Accellion announced that its FTA software will reach EOL on April 30, 2021. Read more in:
