Rob Joyce named new NSA cybersecurity director - CyberScoop

Written by Shannon Vavra Jan 15, 2021 | CYBERSCOOP Rob Joyce, the National Security Agency's special U.S. liaison officer at the U.S. Embassy in London, will replace Anne Neuberger as director in the agency's Cybersecurity Directorate, the NSA announced Friday.


Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop - Microsoft Security

One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?

Microsoft Security

Raindrop: New Malware Discovered in SolarWinds Investigation

Threat Hunter Team Symantec Symantec, a division of Broadcom (NASDAQ: AVGO), has uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers. In a second victim where the Raindrop loader was seen, it was installed in a file called astdrvx64.dll in late May.


IObit forums hacked to spread ransomware to its members

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. IObit is a software developer known for Windows system optimization and anti-malware programs, such as Advanced SystemCare.


Malwarebytes said it was hacked by the same group who breached SolarWinds | ZDNet

US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year. Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network.


CISA Launches Campaign to Reduce the Risk of Ransomware

WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.


U.S. National Cybersecurity Plan to Safeguard Maritime Sector

The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation's maritime sector against cybersecurity threats that could endanger national security. With International Maritime Organization's (IMO) mandate "to ensure that cyber risks are appropriately addressed in existing safety management systems" and the increasing number of cyber-attacks against maritime and shipping organizations, cybersecurity of maritime and shipping organizations is a top priority.

The State of Security

DDoS-Guard To Forfeit Internet Space Occupied by Parler

Parler, the beleaguered social network advertised as a "free speech" alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from its stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company.


The State of Financial Crime 2021 | ComplyAdvantage

In the State of Financial Crime 2021, ComplyAdvantage explores how technology and geopolitics are set to shape financial crime compliance.


Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020

Cobalt Strike and Metasploit were the offensive security tools most commonly used to host malware command-and-control (C2) servers in 2020, researchers report. Researchers with Recorded Future's Insikt Group collected more than 10,000 unique C2 servers across at least 80 malware families last year.

Dark Reading

After US Capitol assault, a different cybersecurity threat emerges

But hold on a second: before getting to the attacks, we need to have some real talk about who would do such a thing. It's a question we're all asking about many aspects of this unbelievably painful moment. If "nation-state actor" is your go-to answer, you're echoing the focus of nearly everyone else pontificating right now about threat modeling.


New SolarWinds hack victims emerging every day, as Malwarebytes goes public on breach

The spate of cyber attacks launched by suspected Russian hackers through compromised SolarWinds software have no easy fix and the effects will be felt for years to come, says security company FireEye....


Spies and cybercriminals are sharing their supply-chain attack strategy

It's clear the SolarWinds incident has rocked the infosec community to its core, with the still-unfolding episode expected to reverberate in the industry for years to come. While there is still much to be uncovered, the public details point to a known Russian APT inserting code into a third-party IT provider's services, allowing for further targeting of approximately 50 organizations.

Intel 471