Crowstrike Finds Third SolarWinds Malware and Nine Other Top Infosec Stories for 1/21/21

Crowstrike Finds Third SolarWinds Malware and Nine Other Top Infosec Stories for 1/21/21

FireEye CEO received mysterious postcard likely sent by Russian intelligence, Ubiquiti Networks breached, Bitdefender releases free DarkSide decryptor, Second Muslim prayer apps sold location data

Don’t forget to sign up for a premium subscription to Metacurity to gain access to our archives and special content. Thank you.

Cybersecurity firm Crowdstrike said it had identified a third malware strain named Sunspot directly involved in the recent SolarWinds hack.

Despite being the latest discovery, Sunspot was actually used first, deployed in September 2019 when hackers first breached SolarWinds. (Catalin Cimpanu / ZDNet)

Related: IT Pro, Reddit-hacking, Security Affairs, Infosecurity Magazine, The Hacker News, CRN, Crowdstrike

The FBI is investigating a mysterious postcard likely sent by Russian intelligence to FireEye’s Chief Executive Officer Kevin Mandia days after the security firm discovered the SolarWinds malware.

The postcard, which has FireEye’s logo, questions FireEye’s ability to attribute cyber operations to Russia accurately. (Christopher Bing / Reuters)

Related: Graham Cluley, Euractiv, Homeland Security Today, CRN

Intel announced it added hardware-based ransomware detection to their new Core H-Series Laptop and 11th Generation Desktop Processors using Intel Threat Detection Technology (Intel TDT) and Hardware Shield that run directly on the CPU underneath the operating system and firmware layers.

TDT uses hardware telemetry to detect fileless malware, crypto mining, polymorphic malware, and ransomware in real-time based on CPU metrics and behavioral detections. (Lawrence Abrams / Bleeping Computer)

Related: Dark Reading: Attacks/Breaches, Slashdot, Windows Central, AnandTech, WCCFtech, ZDNet, Trusted Reviews, Windows Central, xda-developers, ExtremeTech

Networking equipment and IoT device vendor Ubiquiti Networks announced it had been a victim of unauthorized access to certain parts of its information technology systems hosted by a third party cloud provider.

The server stored user profiles for, a web portal that Ubiquiti makes available to customers who bought one of its products. However, it has not seen unauthorized access to user accounts due to the incident. (Catalin Cimpanu / ZDNet)

Related: Reddit - cybersecurity, Slashdot, IT Pro, Help Net Security, The Register - Security, SlashGear » security, The Verge, The Verge, Reddit - cybersecurity, Slashdot, ARN, Security Affairs, Krebs on Security

Security firm Bitdefender released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom.

DarkSide operates under a ransomware-as-a-service business model and has experienced a spike in infections over the past few months. (Sergiu Gatlan / Bleeping Computer)

Related: SC Magazine, ZDNet Security, SecurityWeek, GBHackers On Security, TechNadu, Security Affairs

Accenture announced it had acquired Brazilian managed security and cyber defense services company Real Protect for an undisclosed amount.

Real Protect is an MSSP that says it helps organizations simplify IT management and improve IT security. (Dan Kobialka / MSSP Alert)

Related: ZDNet, FinSMEs, Yahoo

Microsoft has released a new version of its Sysinternals package, which helps system administrators debug Windows computers and helps security researchers track down and investigate malware attacks.

One of the most widely used apps is Sysmon, or System Monitor, which works by logging system-level events (process creations, network connections, and changes to file creation time) to the default Windows event log. The updated Sysmon app can now detect and log when malware tampers with a legitimate process. (Catalin Cimpanu / ZDNet)

Related: Bleeping Computer, Reddit - cybersecurity, MSPoweruser

A second Muslim prayer App called Salaast First, which has been downloaded ten million times, sold location data to U.S. ICE contractor Predicio.

Salaast First's discovery follows the revelation that another prayer app called Muslim Pro was selling its users' location data to a company called X-Mode Social, which sells products to the U.S. military via contractors. (Joseph Cox / Motherboard)

A disgruntled employee at the State Department prematurely changed President Donald Trump and Vice President Mike Pence's biographies to say their term was coming to an end on Monday, January 11.

The president’s biography was changed to read, “Donald J. Trump's term ended on 2021-01-11 19:49:00.” The vice president’s biography was edited to “Michael R. Pence's term ended on 2021-01-11 19:44:22.”  (Christopher Miller / Buzzfeed News)

Related: CNBC Technology, Graham Cluley, The Mary Sue, VICE News

Resident Evil video game publisher Capcom said that a data breach it experienced late last year is worse than originally estimated. The number of potentially compromised people increased by 40,000 to 390,000.

The company has now verified that the personal information of 16,406 people has definitely been stolen, up from nine in November. (Andy Robinson / Video Games Chronicle)

Related: GI Biz, Siliconera, Kotaku

Plug of the Day

Check out my column in today’s CSO Online on how new NERC cybersecurity regulations need more clarity to prevent the next SolarWinds-type attack on the power grid. (Photo by Patrick Hendry on Unsplash)

By Brocken Inaglory - Own work, CC BY 2.5,

Read more