In the end, this all reminds us how much power Microsoft has at its disposal. Between its control of the Windows operating system, its robust legal team, and its position in the industry, it has the power to change the world nearly overnight if it wants to. And when it chooses to train that power on an adversary, it really is the equivalent of the Death Star: able to completely destroy a planet in a single blast.
Daily Archives: 18. Dezember 2020
Domain name sinkholes and those funky domain registrations
(September 2018)
A sinkhole redirects or blocks traffic meant for a destination. They are used by the security community to stop botnet traffic, phishing and other bad activity.
There are many ways to create a sinkhole. An ISP can simply divert traffic from the IP address nameserver you see in Whois to another. A company (or the government) can also go through the courts to get control of a domain name and then change its nameservers.
Microsoft and industry partners seize key domain used in SolarWinds hack
(15.12.2020)
According to analysis from security firm FireEye, the C&C domain would reply with a DNS response that contained a CNAME field with information on another domain from where the SUNBURST malware would obtain further instructions and additional payloads to execute on an infected company‘s network.
Nurse Fainting After COVID Vaccine Not Due to Shot Ingredients, Doctor Says
The nurse told reporters she has a condition that often causes her to faint when she experiences pain. As a result, Dover said she was not surprised that she had fainted after receiving the vaccine.
Krankenschwester erhält BioNtech mRNA-Impfstoff im Beisein von Medienvertretern und bricht kurz darauf zusammen. Vor laufenden Kameras.
Ergänzung: zwischen Impfung und Schwächeanfall vergingen 17 Min. Was die genaue Ursache des Schwächeanfalls war, klären Ärzte.
Nurse faints at press conference after getting COVID-19 vaccine
(17.12.2020)
About 17 minutes after receiving the Pfizer-made vaccine against COVID-19, she started feeling dizzy, apologized and fell over before she was caught by doctors standing behind her.
“It just hit me all of a sudden, I could feel it coming on. I felt a little disoriented, but I feel fine now, and the pain in my arm is gone,” Ms. Dover said.
FBI, CISA officially confirm US govt hacks after SolarWinds breach
(17.12.2020)
The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI).
„Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign,“ the US intelligence agencies said …
DHS, DOJ And DOD Are All Customers Of SolarWinds Orion, The Source Of The Huge US Government Hack
Though it’s not clear whether it uses the Orion tool, the DHS’s own Cybersecurity and Infrastructure Security Agency (CISA) is a SolarWinds customer too, buying $45,000-worth of licenses in 2019. The U.S. Cyber Command also spent over $12,000 on SolarWinds tools in the same year.
SolarWinds, a publicly-listed Austin, Texas-based company with a value of over $6 billion, has its own customer list, though it doesn’t break down which products clients use. That list includes more than 425 of the Fortune 500, all major US telecoms providers, the top five U.S. accounting firms, hundreds of global universities, the NSA and the White House.
FAQ: Security Advisory
(18.12.2020)
In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.
Lawmakers ask whether massive hack amounted to act of war
Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a vulnerability in updates to IT group SolarWinds’s Orion software. The hack has compromised the Treasury, State and Homeland Security departments and branches of the Pentagon, though it is expected to get worse. SolarWinds counts many more federal agencies as customers, along with the majority of U.S. Fortune 500 companies.
Israeli spy firm suspected of accessing global telecoms via Channel Islands
Invoices seen by the Guardian and the Bureau of Investigative Journalism suggest Rayzone, a corporate spy agency that provides its government clients with “geolocation tools”, used an intermediary in 2018 to lease an access point into the telecoms network via Sure Guernsey, a mobile operator in the Channel Islands.
Such access points, known in the telecoms industry as “global titles”, provide a route into a decades-old global messaging system known as SS7, which allows mobile operators to connect users around the world. It is not uncommon for mobile companies to lease out such access.
Spy companies using Channel Islands to track phones around the world
The investigation has found that private intelligence companies are able to rent access from mobile phone operators and this can then be exploited to allow the tracking of the physical location of users across the world. They are also potentially able to intercept calls and other private data, including bank accounts and emails.
These intrusions, which are very widely exploited, rely on commands designed to help phone operators track their customers’ whereabouts. Such commands, known as “signals”, are sent via a kind of global switchboard for the telecoms industry called SS7.
Veranstaltungssicherheitskonzeptn wurden erarbeitet. In der Selbstdarstellung hat sich @derInnensenator nichts vorzuwerfen. Er plädiert im Umgang mit Gefährdern für die „Al Capone“-Methode. Gefährder sollten bei anderen Straftaten keine Nachlässigkeit erfahren. #UA1BT
Attorney-General to High Court: Don’t overturn unity gov’t
It was unclear whether the High Court could ever strike down a quasi-constitutional basic law, he said. In any event, if it were possible, it would need to be a far more extreme law, implying something criminal or actively undermining democracy, he added.
Furthermore, Mandelblit rejected the notion that the coalition was abusing or ignoring the will of the voter by forming coalitions they had vowed not to form.
Netanyahu Preparing Another Request for Lawmakers to Grant Him Immunity
(30.11.2020)
Prime Minister Benjamin Netanyahu is preparing to ask the Knesset again for immunity from prosecution in his corruption cases, based on his lawyers’ argument that the criminal investigation against him was flawed and should be reconsidered.
In the past month, the prime minister has told associates that he is weighing the benefits of such a move against the possible damage it could do to his image in public opinion.
#TdM streitet Zusammenhänge mit der VP-01 ab. Die Information sei aus einem Staat gekommen, mit dem man exzellent kooperiere. Die Quelle der Information aus einem dritten Staat. Mehr dürfe er in öffentlicher Sitzung nicht sagen. #UA1BT
Die Sicherheits-Community sei in Deutschland kleiner als in anderen Ländern. Folge: Die kommen häufig aus seinem Stall, kennen und vertrauen sich.
Nachteil: Die sind aus einer Sozialisation. #Kahl kam aus dem BMI, also aus anderem Stall. Das habe zu Debatten mit #Maaßen geführt.