SolarWinds Attack, AIR-FI Technique, & Zodiac Cypher Decoded – PSW #678
In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Security Researcher states ‘solarwinds123’ Password Left Firm Vulnerable in 2019, Why the Weakest Links Matter, and a 26-Year-Old Turns ‘Mistake’ of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist!
Announcements
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach
- 2. SolarWinds hackers’ capabilities include bypassing MFA"Some companies are about to find out they actually do use SolarWinds in production…"
- 3. Linus Torvalds: ‘Nothing that looks scary’ in important new Linux kernel 5.10
- 4. Data Leak Exposes Details of Two Million Chinese Communist Party Members
- 5. Reported Russian hack of US systems has implications for DoD network security plans
- 6. Google Cloud is majorly upping its security game
- 7. Academics turn RAM into Wi-Fi cards to steal data from air-gapped systemsthis one's for Larry
- 1. FireEye Mandiant SunBurst CountermeasuresThese rules are provided freely to the community without warranty. In this GitHub repository you will find rules in multiple languages: Snort Yara IOC ClamAV
- 2. InfoSec Handlers Diary BlogSANS ISC summary on the Solarwinds event
- 3. SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain AttackSANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack - YouTube
- 4. cyber.dhs.gov – Emergency Directive 21-01Emergency Directive 21-01 December 13, 2020 Mitigate SolarWinds Orion Code Compromise - mitigations and actions required.
- 5. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST BackdoorExecutive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452.
- 6. Up to 3 million devices infected by malware-laced Chrome and Edge add-onsAs many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to ad or malware infected sites. - This one is from Chelle (my wife)
- 7. AMNESIA:33 – ForescoutForescout Research Labs discovered 33 vulnerabilities impacting millions of IoT , OT and IT devices that present an immediate risk for organizations worldwide.
- 8. Data of 243 million Brazilians exposed online via website source codePersonally identifiable information (PII) belonging to some 243 million living and dead Brazilians was found exposed online after web developers inadvertently left the password to a government database in the source code of an official Brazilian Ministry of Health website for roughly six months.
- 9. TransLink confirms ransomware attack, says payment data secureIn this case, customers were unable to use credit and debit cards at certain vending machines and tap-to-pay fare gates, but TransLink said that payment card data was not compromised. Egregor ransomware was used in this attack.
- 10. Adobe users targeted in dangerous new phishing campaignA new credential capturing phishing attack has been discovered targeting Adobe users. This particular campaign uses an email that purports to be from the non-existent service Adobe Cloud. (As opposed to Adobe Creative Cloud which exists.)
- 11. Ransomware gang says they stole 2 million credit cards from E-LandClop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. E-Land claims no customer data was accessed or exposed in the attack as that data was encrypted on a different server.
- 12. Hackers target groups in COVID-19 vaccine distribution, says IBMIBM is warning companies instrumental in the distribution of COVID-19 vaccines that its "cold chain" process for keeping vaccines at the proper temperature during delivery is being targeted in a global phishing campaign.
- 13. Nuclear weapons agency breached amid massive cyber onslaughtThe Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies. They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE.