CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity
us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. . see also
www.cisa.gov/supply-chain-compromise
DHS warns of data theft risk when using Chinese products
www.bleepingcomputer.com/news/security/dhs-warns-of-data-theft-risk-when-using-chinese-products/ The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the Peoples Republic of China (PRC).
Emotet Returns to Hit 100K Mailboxes Per Day
threatpost.com/emotet-returns-100k-mailboxes/162584/ Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.. After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day.. see also
blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/
Lazarus covets COVID-19-related intelligence
securelist.com/lazarus-covets-covid-19-related-intelligence/99906/ As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research.. see also
threatpost.com/lazarus-covid-19-vaccine-maker-espionage/162591/
QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities
www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/ QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems.
Malware wrapped in Cyberpunk 2077
www.kaspersky.com/blog/cyberpunk-2077-ransomware/38196/ No sooner was Cyberpunk 2077 released for Windows and consoles than we came across a beta version for Android online. It was completely free to download from a site bearing the name cyberpunk2077mobile[.]com. The games actual developer has yet to announce any mobile version of the game, so we decided to investigate.
Microsoft 365 admins can now get security incident email alerts
www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/ Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution.