Security News > 2021 > January

The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. The exploit allows an attacker to obtain the long-term elliptic curve digital signal algorithm private key designated for a given account.

CrowdStrike, one of the cybersecurity companies called in by IT management firm SolarWinds to investigate the recently disclosed supply chain attack, on Monday shared details about a piece of malware used by the attackers to insert a backdoor into SolarWinds' Orion product. According to CrowdStrike, the threat group behind the attack on SolarWinds used a piece of malware named Sunspot to inject the previously analyzed Sunburst backdoor into the Orion product without being detected.

The European Medicines Agency today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. "The Agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access."

American networking tech vendor Ubiquiti is asking customers to change their password because of unauthorized access to some of their information technology systems hosted by a third party cloud provider. "We cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account. The data may also include your address and phone number if you have provided that to us," the company explained in an online alert and and notification sent directly to users.

Email security company Mimecast has disclosed today that a "Sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services. "Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor," Mimecast said earlier today.

The updated privacy policies, it argued, are instead related to the data collection of WhatsApp users who message businesses on the platform. According to WhatsApp, the policy update changes began rolling out in December.

"The design of SUNSPOT suggests StellarParticle developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers," CrowdStrike found. This is the third malware strain found while investigating the SolarWinds supply-chain attack and associated with the threat actor tracked as StellarParticle(CrowdStrike), UNC2452(FireEye), and Dark Halo.

Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia's FSB security service. Referring to the hidden backdoor secretly implanted in SolarWinds' Orion product, Kaspersky's Georgy Kucherin wrote in a blog post on Monday: "While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar."

Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL Insurance, the malicious variants have been found to obfuscate their operations to stealthily download a payload in the form of an Android Dalvik executable file.

Some states have enacted privacy laws, and the federal government has enacted industry-specific laws - HIPAA, Gramm-Leach-Bliley Act and FCRA - but there is no single, homogeneous enforceable set of data privacy guidelines that all US companies are required to follow. With the emergence of stronger privacy laws abroad, the absence of national data privacy regulation in the US is making it harder for US companies to compete for global partners.