- Ransomware Evolution
- FonixCrypter ransomware gang releases master decryption key [Catalin Cimpanu, ZDNet]
- Supply Chain Concerns
- A New Software Supply‑Chain Attack Targeted Millions With Spyware [Ravie Lakshmanan, The Hacker News]
- Hacker group inserted malware in NoxPlayer Android emulator [Catalin Cimpanu, ZDNet]
- Security firm Stormshield discloses data breach, theft of source code [Catalin Cimpanu, ZDNet]
- SolarWinds Saga
- CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds [ROOTDAEMON]
- 30% of “SolarWinds hack” victims didn’t actually use SolarWinds [Jim Salter, Ars Technica]
- Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities [Martin Rakhmanov, TrustWave]
- 3 New Severe Security Vulnerabilities Found In SolarWinds Software [Ravie Lakshmanan, The Hacker News]
- Bugs and Exploits
- Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble [Thomas Claburn, The Register]
- SonicWall zero-day exploited in the wild [Catalin Cimpanu, ZDNet]
- Industrial Gear at Risk from Fuji Code-Execution Bugs [Tara Seals, ThreatPost]
- Google patches an actively exploited Chrome zero-day [Catalin Cimpanu, ZDNet]
- Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices [Dan Goodin, Ars Technica]
- Further Reading
- Flash is dead—but South Africa didn’t get the memo [Jim Salter, Ars Technica]
- Top 10 most exploited vulnerabilities from 2020 [Zeljka Zorz, HelpNetSecurity]
C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F