Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ In many of their actions, the attackers took steps to maintain a low profile. For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread such that the DLL’s normal operations are not altered or interrupted. In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor
CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise
us-cert.cisa.gov/ncas/current-activity/2020/12/19/cisa-updates-alert-and-releases-supplemental-guidance-emergency This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise.
Windows Hello is now being used by 84% of Windows 10 users
www.bleepingcomputer.com/news/microsoft/windows-hello-is-now-being-used-by-84-percent-of-windows-10-users/ Windows Hello, which is an all-in-one biometric authentication process integrated into Windows 10, is slowly growing in popularity, according to a new report from Microsoft. According to a new report from Microsoft, the number of consumers using Windows Hello to sign in to Windows 10 instead of a password grew to 84.7 percent from 69.4 percent in 2019.
Passwords begone: GitHub will ban them next year for authenticating Git operations
www.theregister.com/2020/12/17/github_bans_passwords/ Microsoft’s GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier.
Gitpaste-12 worm botnet returns with 30+ vulnerability exploits
www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-returns-with-30-plus-vulnerability-exploits/ Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. Expanding on its predecessor, this new version of Gitpaste-12 comes equipped with over 30 vulnerability exploits, concerning Linux systems, IoT devices, and open-source components.
Ransomware’s Next Nasty Surprise: Pay Up Or We’ll Brick Your PC’s UEFI Firmware
www.forbes.com/sites/johndunn/2020/12/18/ransomwares-next-nasty-surprise-pay-up-or-well-brick-your-pcs-uefi-firmware/ After researching the discovery with research partner Eclypsium, the companies recently published an analysis of what they nicknamed TrickBoot which suggests the answer might be connected to a new and imminent type of ransomware attack.
Ransomware and Cyber-Extortion Payments Double in 2020
www.infosecurity-magazine.com/news/ransomware-extortion-payments/ The total cost of ransom payments doubled year-on-year during the first six months of 2020. Businesses have to consider the financial impact of a ransomware attack beyond the ransom payment; business interruption, loss of income and now breach damages such as compromised data. The best outcome for businesses is to have a backup and subscribe to a cyber insurance policy that covers recovery expenses and brings expertise in negotiating a ransom payment if at all needed.