HomePodcastCyber Security HeadlinesCyber Security Headlines – February 04, 2021

Cyber Security Headlines – February 04, 2021

Microsoft sees a rise in business email compromise attacks on schools

The company said it saw a spike in email scams soliciting gift cards towards K-12 school teachers. These emails would pose as friends or colleagues asking the teacher to purchase the gift cards, using a combination of publicly available school and teacher information and free email services to generate the messages. According to Microsoft, the same threat actors attempted similar schemes using COVID-19 related lures last year. Security researchers say they’ve seen the rise in attacks for over a year, with universities also increasingly targeted.  

(Security Week)

Facebook takes a proactive content stance after Myanmar coup

According to an internal message from Facebook’s director of public policy in the Asia-Pacific region Rafael Frankel, the company outlined news steps to crack down on users trying to spread misinformation and foment further violence. The company has labeled Myanmar a  “Temporary High-Risk Location” for two weeks, under which Facebook will remove content that incites violence. Washington DC received a similar designation in the wake of the January 6th Capitol riots. The company pledged to protect posts critical of the military coup, and track accounts hacked or taken over by the military.  

(BuzzFeed News)

SolarWinds CEO says its email systems were compromised for months

SolarWinds is still untangled how threat actors were able to compromise its supply chain. The latest update comes from new CEO Sudhakar Ramakrishna, who disclosed in an interview that a few compromised email accounts were used as a beachhead to compromise the company’s broader Office365 environment. This initial compromise dates back to December 2019. He further said the company is investigating if this was the initial entry of the attackers to its network or if it occurred earlier. He also confirmed that SolarWinds was investigating a single report of a hacker exploiting the separate flaw used in the attack on the National Finance Center we reported on yesterday, when it learned of the larger supply chain attack in December. 

(WSJ)

Three more SolarWinds vulnerabilities found

Security researchers at TrustWave reported on the three previously unknown Orion vulnerabilities, which were originally reported to SolarWinds in December with patches issued this week. The most serious was a remote code execution flaw that only required remote access, allowing attackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute. The other two required local access, with one allowing read write access to SolarWinds Serv-U FTP, while the other preyed on insecurely stored credentials to the Orion local database. 

(SC Magazine)

Thanks to our episode sponsor HID Global

Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa

Sudo flaw impacts macOS too

Security researcher Matthew Hickey disclosed that a 10-year old vulnerability recently found in the Sudo utility could also impact macOS with very minor modifications. Last week researchers at Qualys found the bug could allow low-privileged users root access, but only tested it on Linux systems. Other security researchers verified that macOS was also vulnerable to the exploit, even after applying the latest security updates from Apple, issued February 1st. 

(ZDNet)

A look at Huawei’s “new” HarmonyOS

When the US banned exports to Huawei in 2019, the company quickly trumpeted its in-house HarmonyOS as a replacement for phones and other smart devices. The company recently released version 2 of HarmonyOS, but after obtaining the SDK, Ars Technica found it to be seemingly identical to Android 10, with the app info screen still showing “Android Services Library” and other apps for the OS. The “remote” SDK obtained by Ars was actually a remote stream from another physical phone in China, and required the reporter to submit a photo of a passport, credit card, and pass a two day background check. All that for a look at an extremely minor fork of Android. 

(Ars Technica)

Application Guard for Office released

Microsoft released Application Guard for Office, a new defensive sandbox that prevents untrusted Office documents from accessing trusted resources on a user’s device. Application Guard is available on Word, Excel, and PowerPoint for Microsoft 365, on Windows 10 Enterprise. The feature is available as part of the next cumulative security update for Windows. The feature is enabled and managed under group policies. Untrusted documents won’t be allowed to access disk storage and other system resources, displaying a warning and closing the document if it tries to do so. Admins can allow files to access system resources on a case by case basis. 

(CISO Mag)

Bad patching leads to more zero-days

“Patch all the things” is a pretty common security credo. But new research from Google’s Project Zero team finds that the devil is in the details. They found that one in four zero-day exploits it tracked throughout 2020 could have been avoided “if a more thorough investigation and patching effort were explored.” Many patches looked at by Project Zero didn’t identify the root cause of the problem, often just patching Proof of Concept code provided by security researchers, with attackers able to change just a line or two of code to create a new exploit. 

(CyberScoop)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.
RELATED ARTICLES

Most Popular