SUPERNOVA malware linked to threat actor Spiral
A new report from the security firm Secureworks linked the SUPERNOVA web shell used as a backdoor on SolarWinds’ Orion IT monitoring platforms to a threat actor named Spiral, saying “characteristics of the activity suggest the group is based in China.” This is based on the similarity of the SUPERNOVA attack with attacks carried out in August against Zoho ManageEngine servers. Secureworks did not say if there was any indication Spiral had any government affiliation.
Intel working on FHE silicon
Intel agreed to work with DARPA on the Data Protection in Virtual Environments program, which aims to advance fully homomorphic encryption, or FHE, which enables encrypted data to be processed without decrypting first. Intel will work on an Application Specific Integrated Circuit accelerator to speed compute times, as current FHE workloads take weeks to compute operations conventionally done in less than a second. Intel plans to offer the accelerator to cloud providers, specifically naming Microsoft for Azure and JEDI cloud, initially with the US government.
Gender disparity remains an issue in cyber security
According to (ISC)2 Women in Cybersecurity report, women made up almost 25% of the cybersecurity workforce the organization surveyed. While far from ideal, this is a marked improvement from years past, with a 2017 report from the Center for Cyber Safety and Education finding just 11% of the cyber security workforce made up of women, a figure that had been stagnant for years. While a greater percentage of women seemingly make up the cyber security workforce, pay disparities remain, with 17% of women in the field reported earning between $50,000 to $99,999 compared to 29% of men.
Krebs on the Microsoft Exchange hack
Security researcher Brian Krebs put together a timeline of when Microsoft knew about recently patch Exchange Server vulnerabilities. Microsoft said they became aware of the flaws in early January, with Krebs noting a researcher from the firm DEVCOR details two now patched flaws on the 5th. The security firm Dubex saw clients hit on January 18th, informing Microsoft on the 27th, who escalated the issue on February 8th, although failed to confirm these as zero-days prior to issuings its emergency patch. Krebs said that given Microsoft issued an out of support patch going back to Exchange Server 2010, the flaws had been in Exchange’s code for at least ten years.
Thanks to our episode sponsor, Trend Micro
PayPal acquires crypto security company
The company announced the acquisition of the startup Curv, which uses novel cryptography to secure digital assets. Curv provides a multi-party computation service to secure cryptocurrency and other digital assets, using mathematics and cloud computing to prevent unauthorized access. PayPal began offering customers the ability to buy and sell select cryptocurrencies in November, and plans to use Curv’s assets to secure its own assets, especially for cross-border transactions. Terms of the deal were not disclosed, but Decrypt’s sources say it was worth around $200 million.
(Decrypt)
WhatsApp working on encrypted iCloud backups
The Twitter leaker WABetaInfo claims that the messaging service will soon give users the option to password protect their WhatsApp messages backed up to iCloud. Currently iCloud backups are not encrypted and can be turned over to law enforcement with a warrant. WhatsApp users would be required to confirm a phone number to use the feature, with passwords having an 8 character minimum, and not recoverable by WhatsApp if lost. The feature is currently in testing although it’s unclear when it will be rolled out.
McAfee sells enterprise security business
The company agreed to sell its enterprise security business to the private equity firm Symphony Technology Group for $4 billion, with the deal expected to close by the end of the year. This move fully positions McAfee as a consumer security company with its remaining antivirus and VPN solutions. McAfee claimed its enterprise business is a “trusted partner” with 86% of the Fortune 100, and had $1.3 billion in net revenue for 2020. Symphony Technology acquired RSA from Dell last year for $2 billion.
Chrome blocks TCP port 554
Google made the move to protect against attacks using the NAT Slipstreaming 2.0 vulnerability, following similar blocks by Firefox and Safari. This exploit allows scripts to bypass a NAT firewall for someone visiting a website, allowing access to any TCP/UDP port on the visitor’s internal network. Chrome began blocking ports to mitigate this vulnerability back in November, starting with TCP ports 5060 and 5061, adding seven more in January. Users attempting to access the ports receive a ‘ERR_UNSAFE_PORT’ warning.