A Review of the Best News of the Week on Cyber Threats & Defense

Sealed U.S. Court Records Exposed in SolarWinds Breach (Krebs on Security, Jan 07 2021)
The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.

Malware variant becomes world’s most popular, thanks to ransomware surge (SC Media, Jan 08 2021)
Ransomware actors are laundering hundreds of millions of dollars through pseudo-legitimate cryptocurrency exchanges, while early-stage malware that is often used to facilitate their attacks have become the most popular forms of malware in the world.

Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020 (Dark Reading, Jan 07 2021)
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Hackers can clone Google Titan 2FA keys using a side channel in NXP chips (Ars Technica, Jan 08 2021)
Yubico and Feitian keys that use the same chip are likely susceptible, too.

CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks (SC Media, Jan 07 2021)
The agency has found evidence of authentication token abuse in networks infected with corrupted versions of Orion software and say restoring integrity will require a full network rebuild in certain cases.

The physical breach of the Capitol building opens a cybersecurity Pandora’s box (SC Media, Jan 07 2021)
The incident, as well as the response among those on Capitol Hill tasked with securing government technology assets, serves as a dramatic and evolving case study for public and private sector entities on the scope of the cybersecurity risk tied to a physical breach.

Russian Hacker Sentenced to 12 Years for Role in Breaches of JP Morgan, Others (Dark Reading, Jan 08 2021)
Crimes netted him $19 million overall.

New Zealand Central Bank Hit by Cyber Attack (SecurityWeek, Jan 10 2021)
New Zealand’s central bank said Sunday it was responding with urgency to a "malicious" breach of one of its data systems, a third-party file sharing service that stored sensitive information.

Cryptocurrency stealer for Windows, macOS, and Linux went undetected for a year (Ars Technica, Jan 05 2021)
ElectroRAT was written from scratch and was likely installed by thousands.

Linux machines again targeted by hackers with new memory loader (SC Media, Jan 08 2021)
The Ezuri loader filelessly executes malware on Linux machines from memory, using a technique that is more common in Windows.

FBI Warns Businesses of Egregor Ransomware Attacks (SecurityWeek, Jan 08 2021)
Offered under a Ransomware-as-a-Service (RaaS) business model, the Egregor ransomware poses a great threat to businesses due to the use of double extortion, a recent private industry notification from the Federal Bureau of Investigation warns.

Malware Developers Refresh Their Attack Tools (Dark Reading, Jan 08 2021)
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.