News provided by NetworkTigers on Monday, 8 February 2021
CLAREMONT, CA — CERTs issued by the CyberSecurity & Infrastructure Agency, California company sued by Seattle State agency, password weaknesses in Spotify, bots responsible for half of all web application attacks and human error culprint in Vermont State Department data breach.
Two CERTs issued by the CyberSecurity & Infrastructure Security Agency and the Sudo security bug
Both CERTs issued on 8 February are related to the malicious hack of Solarwinds. The first is the Malware Analysis Report (AR21-039A) MAR-10318845-1.v1 SUNBURST. This report provides a detailed analysis of several malicious artifacts associated with the SolarWinds Orion network management software compromise. After it is delivered as part of a SolarWinds updates, a trojanized version of the “solarwinds.orion.core.businesslayer.dll” containing the SUNBURST malware is installed by a legitimate SolarWinds installer application. Read more.
The second is the Malware Analysis Report (AR21-039B) MAR-10320115-1.v1 – TEARDROP. This report provides detailed analysis of malicious artifacts associated with the SolarWinds Orion network management software compromise. TEARDROP is a software loader designed to decrypt and execute an embedded payload on a target system. The payload has been identified as the “Cobalt Strike Beacon Implant”. After this trojan is installed, the remote operator can control a victim computer. Read more.
The Sudo app security bug allows for a heap-based overflow attack. If correctly executed, it may allow a remote attacker to execute local commands with elevated administrator privileges. The solution is to apply an update to the latest version of Sudo 1.9.5p2. Please check your distribution of Linux/UNIX you may be using. This vulnerability is now called CVE-2021-3156.
NetworkTigers offers state of the art firewalls that can help prevent many of the situations described below.
California company involved in unemployment data breach sued by Seattle State agency
A software hack that occurred as the California State Auditor’s Office investigated fraudulent unemployment claims has potentially exposed the private data of 1.4 million people and prompted a Seattle based firm to file a civil suit against the California based secure file sharing company Accellion. Those affected by the breach include state workers as well as individuals who were victims of fraud and had illegitimate unemployment claims unknowingly submitted in their name. The information exposed includes Social Security numbers, driver’s license information, employment locations, and banking data. In order to minimize the effects of the breach, the California State Auditor’s Office reports that it has enlisted the assistance of state cybersecurity officials and law enforcement. Read more.
Cybercriminals take advantage of password weaknesses in cyberattack on Spotify
Streaming music service provider Spotify has been forced to require password resets for customers affected by a cyberattack focused on individuals who use the same login information across multiple accounts or apps. This particular kind of attack is referred to as “credential-stuffing.” While having an account used to stream music disrupted might seem like a minimal transgression, if the same login information is used elsewhere for more critical accounts associated with banking or credit cards, the results could be severe. Up to 100,000 users may find their accounts taken over in what has been the second such attack against Spotify in the past four months. Read More.
Brazen attack by North Korean hackers phished cybersecurity researchers
North Korean hackers succeeded in getting cybersecurity researchers to click links leading to malicious code by creating phony social media accounts in which they posed as ethical hackers in search of collaboration. Highlighting the high level of detail presented in these fake accounts, it has been reported that a number of United States researchers who actually specialise in countering such hackers had fallen victim to the cybercriminals’ efforts. In yet another episode that reveals the critical nature of cyberspace when it comes to national security and information warfare, the weaponization of social media continues to play a tremendous role. Read More.
Bots account for more than half of attacks on web Applications
While traditional attacks are still prevalent, automated tools and bots are being used by cybercriminals to carry out attacks with growing frequency. Cybersecurity firm Barracuda Networks has reported that out of all of the attacks it had successfully blocked in the months of November and December of last year, 54% of them made use of automation. Attacks are predicted to increase and advance as new manners in which to break applications and expose data are developed, further emphasizing the importance of staying informed and on top of current and developing trends in regard to cybersecurity. Read More.
Human error likely culprit in Vermont State Department of Labor data breach
Local Vermont officials are working to address and fully understand how an apparent file sorting error at the Department of Labor caused around 44,000 of the state’s residents to have their tax information end up in the hands of strangers. Critics of Vermont’s data security feel that the state’s current regulations with regard to sensitive personal information are not up to the task. Residents are being requested to send any 1099 forms received back, even if they were correctly sent. Additionally, Vermont’s post offices are making an effort to track and intercept the forms currently on their way to mailboxes across the state. There are currently no identity theft cases reported in relation to the mix up. Read More.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402