Security News > 2020 > December

All fingers are pointing to Russia as the source of the worst-ever hack of U.S. government agencies. To be sure, it's not uncommon for administrations to refrain from leveling public accusations of blame for hacks until they've accumulated enough evidence.

Cyberattack recovery frameworks are a necessary part of cybersecurity. Rolfe developed the model to help the medical field, but it can work equally well as a way to recover from a cybersecurity incident.

Researchers at Sophos noticed recently that the operators of multiple ransomware families have been using a backdoor named SystemBC, which provides attackers a connection to compromised devices and which uses the Tor anonymity network to hide command and control communications. Designed with support for the execution of commands and to allow adversaries to download and execute scripts, executables, and DLLs, the backdoor is continuously evolving, with recent samples having switched from creating a SOCKS5 proxy to using the Tor network for communication purposes.

Europol and the European Commission have launched a new decryption platform that will help boost Europol's ability to gain access to information stored in encrypted media collected during criminal investigations. The new decryption platform operated by Europol's European Cybercrime Centre was developed in collaboration with the European Commission's Joint Research Centre science and knowledge service.

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school...

More high-profile organizations are named as victims of the cyber-espionage campaign that involved an attack on Texas-based IT management and monitoring company SolarWinds. Politico reported on Thursday that the U.S. Energy Department and National Nuclear Security Administration were also targeted in the attack.

Microsoft's December 2020 Windows 10 updates are conflicting with the Corsair Utility Engine software and causing the operating system to go into a BSOD crash loop. After the December 2020 Patch Tuesday updates were released, Windows 10 users began reporting that the operating system would go into a crash loop where Windows would restart and automatically crash and restart again.

An advisory from the U.S. National Security Agency provides Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging authentication information. The two tactics, techniques, and procedures discussed in NSA's advisory have been in use since at least 2017 and refer to forging Security Assertion Markup Language tokens for single sign-on authentication to other service providers.

Google has disabled a feature that displays a warning when submitting insecure forms after receiving many complaints from users and website administrators. Google has been focusing on removing mixed-content in Google Chrome, when a secure page loads content from an insecure URL. As part of this initiative, Google rolled out a new feature in Chrome 86 that warns users when submitting insecure forms from a secure page to an insecure URL. Submitting an insecure form would display a warning about the risks of doing so and asks the user if they wish to continue submitting the information.

Some 5G networks are at risk of attack thanks to "Long-standing vulnerabilities" in core protocols, according to infosec researchers at Positive Technologies. "The stack of technologies in 5G potentially leaves the door open to attacks on subscribers and the operator's network. Such attacks can be performed from the international roaming network, the operator's network, or partner networks that provide access to services," the biz said.