Security News > 2020 > December

It's going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington's worst cyberespionage failure on record. Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked.

Russia was "Pretty clearly" behind a devastating cyberattack on several US government agencies that also hit targets worldwide, Secretary of State Mike Pompeo said. "There was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems," Pompeo told The Mark Levin Show on Friday.

As a direct result, users weren't able to access Gmail, YouTube, Google Drive, Google Maps, Google Calendar, and several other Google services for almost an hour on Monday, December 14th. During the outage, users could not send emails via Gmail mobile apps or receive email via POP3 for desktop clients, while YouTube visitors were seeing error messages stating that "There was a problem with the server - Tap to retry." "The majority of authenticated services experienced similar control plane impact: elevated error rates across all Google Cloud Platform and Google Workspace APIs and Consoles."

Since the SolarWinds supply chain attack was disclosed in December, there has been a whirlwind of news, technical details, and analysis released about the hack. The information is distilled into a format that will hopefully explain the attack, who its victims are, and what we know to this point.

Stuffed squid for Christmas Eve. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

That's according to researchers from Checkmarx, which just published its 2021 Software Security Predictions report. "I expect to see malicious attackers exploit developers' missteps in these flexible environments. To combat this, we will see a major concentration around cloud security training, IaC best practices, and additional spend allocated toward software and application security to support the demand of a remote workforce and more complex software ecosystems," he added.

Enterprise Management Associates and Pulse Secure report that 60% of organizations have accelerated their zero trust projects during the pandemic, while only 15% have slowed down. Pulse Secure, a provider of zero trust secure access solutions, released a report last month stating the COVID-19 pandemic has not impacted the adoption of zero trust technology globally.

To answer his own question, Conti, who gained significant cybersecurity experience working for several US security agencies and West Point, not only offers what he sees as big picture cybersecurity challenges, but big picture solutions designed to level the playing field. "We've been working on cybersecurity by various names for many decades, but holistically solving the overall problem is still on the horizon," writes Conti.

More information has come to light about the Sunburst backdoor that could help defenders get a better handle on the scope of the sprawling SolarWinds espionage attack. With Sunburst embedded, the attackers have since been able to pick and choose which organizations to further penetrate.

A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Synopsys CyRC security researchers revealed this week that an authentication vulnerability they identified in the OpenBSDBcrypt class of the Java cryptography library could be abused to bypass password checks in applications relying on the library.