Security News
Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers. According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect, and Sync and Recover products with Microsoft 365 Exchange Web Services.
Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company's Orion software. SolarWinds has also revealed a new timeline for the incident and the discovery of two customer support incidents that they believe may be related to the Sunburst malware being deployed on customer infrastructure.
"The design of SUNSPOT suggests StellarParticle developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers," CrowdStrike found. This is the third malware strain found while investigating the SolarWinds supply-chain attack and associated with the threat actor tracked as StellarParticle(CrowdStrike), UNC2452(FireEye), and Dark Halo.
Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia's FSB security service. Referring to the hidden backdoor secretly implanted in SolarWinds' Orion product, Kaspersky's Georgy Kucherin wrote in a blog post on Monday: "While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar."
New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat group. "After the Sunburst malware was first deployed in February 2020, Kazuar continued to evolve and later 2020 variants are even more similar, in some respects, to Sunburst," the firm noted in an analysis published on Monday.
A landmark High Court ruling has struck down Britain's ability to hack millions of people at a time through so-called "General warrants" in what privacy campaigners are hailing as a major victory. Speaking on Friday afternoon when the judicial review judgment was handed down, Caroline Wilson Palow, PI's legal director, said in a statement: "General warrants are no more permissible today than they were in the 18th century. The government had been getting away with using them for too long. We welcome the High Court's affirmation of these fundamental constitutional principles."
A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies. Rei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online gambling offenses, and for his role in one of the largest thefts of U.S. customer data from a single financial institution in history, which involved the personal information of more than 80 million J.P. Morgan Chase customers.
Which has been embroiled in a recent, widescale hack, has called in two security powerhouses for help: Former director of the Cybersecurity and Infrastructure Security Agency Chris Krebs, and former Facebook security executive Alex Stamos. Stamos over the past year has been tapped by other companies hit by various security scandals - including Zoom, after a COVID-19 surge in its user base led to Zoom-bombing cyberattacks and privacy concerns.
The Administrative Office of the U.S. Courts is investigating a potential compromise of the federal courts' case management and electronic case files system which stores millions of highly sensitive and confidential judiciary records. US Judiciary is also working on immediately adding extra safeguards and security procedures to protect the highly sensitive court documents filed with the courts.
Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports. The New York Times and Reuters reported on Wednesday that cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal.