Cyber Security News Round-Up January 19th 2021

The CyberWire


The threat actors who stole covid nineteen vaccine documents appear to have altered them before releasing them online. The european medicines agency says the material stolen. Ama says included internal confidential email correspondence dating from november relating to evaluation processes for covid nineteen vaccines. Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines emails about the vaccine development process. Where altered to give the appearance that this process was less credible than it might otherwise have been believed to be and ema standby the effectiveness and credibility of its reviews the corrupted alter data thus appear to have been emails about vaccine development and not data collected in the course of the development or evaluate of vaccines symantec reports another discovery in the salora gate threat actors armaments. Barium raindrop a back door used to drop. cobalt strike. raindrop bears some similarities to teardrop now where earlier identified as having been delivered by the sunburst back door both load cobalt strike beacon but raindrop uses accustomed packer. Cobalt strike raindrop also appears to be used to propagate across networks and may have been used selectively against high interest targets. Various sources are warning against seven vulnerabilities in the widely used. Dns forwarding client for unix based operating systems. Dns mask vulnerable. Systems could be susceptible to dns. Cache poisoning seven. Vulnerabilities are being collectively tracked. As dns spook jas off has a page up. Devoted to dna spook and users of affected systems are advised to apply patches as they become available on friday the us fbi renewed and updated a december warning about an iranian campaign. Enemies of the people intended to exacerbate us domestic mistrust and division by quote threatening the lives of us federal state and private sector officials using direct email and text messaging and quote. The operation also involves menacing dachshund. The bureau's warning says quote the iranian cyber actors have sought to intimidate some of the officials with direct threats including an image of an apparent text communication between the eeo teepee actors and an unidentified individual in the united states purportedly supporting the operation individuals. In the united states' intent on disrupting the peaceful transition of power potentially may be inspired by an act upon these influence efforts to harass harm threaten tack individuals specifically identified and quote enemies of the people represents an extreme form of this tendency and influence operations cyber scoop reports seeing a us intelligence assessment that claims russian and chinese services are using the capitol hill riot as an occasion for propaganda and disinformation. Those two nations styles have been consistent with that on display in past campaigns. Russian disinformation has been negative and disruptive concentrating on producing red meat conspiracy theories about the capitol hill riot. Chinese disinformation has been characteristically positive. That is not positive in the sense of or optimistic but positive in the sense of persuading its international audience of a particular position more accurately two positions. I the united states is a power in decline. And second this is what happens when you tolerate democratic demonstrations you get anarchy which is why in beijing's line. It's a good thing. They cracked down on hong kong at the end of last week. The fbi also issued a private industry notification warning of increased rates of fishing aimed at theft of corporate remote access credentials with a view to furthering privilege escalation. A common gambit is an invitation to log into a bogus. vpn page bleeping. Computer observes that this is the second such alert. The fbi has issued since the onset of the pandemic the fbi sees. This particular warning is calling out a new style of criminal activity quote. Cyber criminals are trying to obtain all employees credentials not just individuals who would likely have more access based on their corporate position. The alert says once they have some initial access even relatively lowly access. It's then the criminals task to work their way into other more sensitive precincts of the organization's network and finally the fbi is investigating whether pennsylvania woman identified as riley. June williams stole a laptop or a hard drive from. us speaker. nancy pelosi's office during the capitol hill. Riots with the intent of selling it to russian intelligence services. The washington post says. The suspect has now turned herself in and been arrested politico which broke the story over the weekend calls. The charges bizarre by which they mean startling not inherently implausible. The fbi says it was tipped off by a source identified only as a former romantic partner of the suspect. The ex-boyfriend as the new york times describes the tipster said that ms williams intended to sell the computer device to a friend in russia. Who then planned to sell. The device to svr vr russia's foreign intelligence service the transfer of the device to the russian middleman seems to have fallen through for unclear reasons if indeed there was any actual plan to do so and ms williams is believed to have retained the laptop in her possession. Investigation is continuing the laptop speaker. Pelosi's staff reported stolen is said to have been used only for presentations. But it's unclear. What if anything. Ms williams may have taken and what if anything hoped to turn over to the espn

Coming up next