Trump considers clemency for Silk Road founder
The Daily’s Beast’s sources say the White House counsel’s office has had documents related to the case of Silk Road founder Ross Ulbricht under review. Sources also say that President Trump has privately expressed some sympathy for his case, and has considered him for inclusion in a round of pardons and commutations before January 20th. Ulbricht used the alias Dread Pirate Roberts on Silk Road, and was convicted on computer fraud, money laundering, and drug charges in 2015, receiving a life sentence without parole.
Researcher warned of SolarWinds security issues last year
Security researcher Vinoth Kumar told Reuters that he alerted the company last year that anyone could access SolarWinds’ update server by using the password “solarwinds123” though this was before the Orion malware was first injected and Kumar says this is NOT considered the most likely source of the malware intrusion. Three weeks ago, SolarWinds posted a job ad seeking a new vice president for security; the position is still listed as open.
(Reuters)
What can the US do to prevent cyberattacks?
In light of the high profile cyberattacks performed by the Russian Foreign Intelligence Service and other state-backed actors, Alex Stamos published an op-ed in the Washington Post on how the US should defend against them going forward. He called on the US to create a cybersecurity equivalent of the National Transportation Safety Board to track, investigate, and issue recommendations on cyberattacks, and further calls on a federal data breach law which would require disclosure of breaches outside of state-based laws. He further calls on putting defensive cybersecurity on the same level of intelligence gathering and offensive operations, with the creation of CISA a good start, but noting it lacks the size and technical competence of offensive operations. The third measure would be to appoint individuals with practical defensive cybersecurity experience to key roles in the Biden administration.
Lithuania hit with complex cyberattack
Last week, Lithuania was hit by a coordinated cyberattack that breached multiple content management systems across 22 public sector websites. The attackers proceeded to publish misinformation on the platforms, and sent emails impersonating the defense and foreign ministries to further spread the misinformation. In a statement this week, Lithuania’s defense minister called the attack the “biggest and most complex” cyber-attacks to hit the country in recent years. A preliminary investigation by Lithuania’s National Cyber Security Centre found the attacks mostly targeted sites run by regional municipalities.
Thanks to our episode sponsor, ReversingLabs
Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo.
Microsoft will quarantine SolarWinds software with Windows Defender
We reported yesterday that Microsoft seized domains associated with the SolarWinds hack. Now the company announced it will start forcibly blocking and isolating binaries of the SolarWinds Orion app known to carry malware using Microsoft Defender. The company previously added alerts for the malware to Defender when it went public with the vulnerability over the weekend. Microsoft recommends treating any devices with the binaries installed to be compromised. Microsoft said this decision is to benefit customers, but warned that some sysadmins could see potential crashes of network monitoring tools as a result.
(ZDNet)
Why CISA’s Einstein missed on Orion
The Washington Post looks at how the SolarWinds Orion malware managed to go undetected by CISA’s multibillion-dollar Einstein detection system. This was designed to find new uses of known malware and detect traffic associated with past cyberattacks. This issue is that the system wasn’t designed to hunt for novel connections or malware, something suggested by the Government Accountability Office in a 2018 report on the system. Now that the exploit has been discovered, Einstein is now being used to detect where it has spread across government infrastructure.
Facebook takes out ads criticizing Apple’ ad disclosure policy
The social network took out full-page ads in the New York Times, Washington Post and Wall Street Journal saying “We’re standing up to Apple for small businesses everywhere.” Apple plans to force pop-ups that ask a user for permission when an app wants to collect data or track them across apps and websites. Facebook argues that the practice will cut sales to small businesses by more than 60%. Apple plans to enforce the changes in early 2021, after delaying implementation originally scheduled for September to give developers more time to adapt.
Germany approves use of Huawei 5G gear
Chancellor Angela Merkel’s cabinet approved a bill that would allow for the continued use and expansion of 5G network equipment from Huawei. The bill requires vendors to give assurances that equipment is safe to use, with the ability to issue stiff fines for breaches. The bill also requires network vendors and operators to give German security agencies technical and legal means to monitor network integrity. The bill now requires parliamentary approval. China is Germany’s largest trading partner, and China’s ambassador in Germany has previously warned of trade consequences if Huawei received an outright ban in the country.
(WSJ)
Dutch prosecutors confirm security researcher accessed Trump’s Twitter
Back in October, we reported that security researcher Victor Gevers claimed to have accessed the Twitter account of President Trump using the password “MAGA2020!” At the time the White House and Twitter denied the claim. Now an investigation by Dutch prosecutors confirmed Gevers claim, although no charges are being brought as the investigation found he had acted “ethically.” The Dutch police said they have passed their findings on to US authorities.
(BBC)