Information Technology

Image: SoalrWinds
Microsoft announced today plans to start forcibly blocking and isolating versions of the SolarWinds Orion app that are known to have contained the Solorigate (SUNBURST) malware.

Microsoft’s decision is related to the massive supply chain attack that came to light over the weekend and impacted IT software vendor SolarWinds.
On Sunday, several news outlets reported that hackers linked to the Russian government breached SolarWinds and inserted malware inside updates for Orion, a network monitoring and inventory platform.
Shortly after news reports went live, SolarWinds confirmed that Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were tainted with malware.
Following the company’s official statement, Microsoft was one of the first cybersecurity vendors to confirm the SolarWinds incident. On the same day, the company added detection rules for the Solorigate malware contained within the SolarWinds Orion app.
However, these detection rules only triggered alerts, and Microsoft Defender users were allowed to decide on their own what they wanted to do with the Orion app.
Trojanized SolarWinds apps to be isolated starting tomorrow
However, in a short blog post today, Microsoft says it has now decided to forcibly put all Orion app binaries in quarantine starting tomorrow.

“Starting on Wednesday, December 16 at 8:00 AM PST, Microsoft Defender Antivirus will begin blocking the known malicious SolarWinds binaries. This will quarantine the binary even if the process is running,” Microsoft said.
The OS maker said it took this decision for the benefit of its customers, even if it expects the decision to cause some crashes for network monitoring tools in sysadmin rooms.
“It is important to understand that these binaries represent a significant threat to customer environments,” the company said.
“Customers should consider any device with the binary as compromised and should already be investigating devices with this alert,” it added.
Microsoft recommended that companies remove and investigate devices where the trojanized Orion apps were installed. The advice is in line with a DHS emergency directive published on Sunday, where the Cybersecurity and Infrastructure Security Agency recommended the same thing.

SolarWinds Coverage

In SEC documents filed on Monday, SolarWinds estimated that at least 18,000 customers installed the trojanized Orion app updates and most likely have the Solorigate (SUNBURST) malware on their internal networks.
On the vast majority of these networks, the malware is present but dormant. The SolarWinds hackers only choose to deploy additional malware only on the networks of a few high-value targets. Currently known victims of this group’s attacks include:
US cybersecurity firm FireEye
The US Treasury Department
The US Department of Commerce’s National Telecommunications and Information Administration (NTIA)
The Department of Health’s National Institutes of Health (NIH)
The Cybersecurity and Infrastructure Agency (CISA)
The Department of Homeland Security (DHS)
The US Department of State More

Image: ACCC
The Australian Competition and Consumer Commission (ACCC) has commenced proceedings against Facebook and a pair of its subsidaries at the Federal Court of Australia, alleging the companies engaged in “false, misleading, or deceptive conduct” when promoting the Onavo Protect VPN app.
“The ACCC alleges that, between 1 February 2016 to October 2017, Facebook and its subsidiaries Facebook Israel Ltd and Onavo, Inc. misled Australian consumers by representing that the Onavo Protect app would keep users’ personal activity data private, protected and secret, and that the data would not be used for any purpose other than providing Onavo Protect’s products,” the ACCC said on Wednesday.
The consumer watchdog alleges that Facebook gathered and used “significant amounts” of user data for its commercial benefit.
“This included details about Onavo Protect users’ internet and app activity, such as records of every app they accessed and the number of seconds each day they spent using those apps,” the ACCC said.
“This data was used to support Facebook’s market research activities, including identifying potential future acquisition targets.”
The ACCC points to ads at the time that said data would be kept “secret” and “safe”.
“Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo Protect channelled significant volumes of their personal activity data straight back to Facebook,” ACCC chair Rod Sims said.

“We believe that the conduct deprived Australian consumers of the opportunity to make an informed choice about the collection and use of their personal activity data by Facebook and Onavo.”
The watchdog said it was seeking declarations and pecuniary penalties in bringing the action.
The Onavo app was pulled from Apple’s app store in 2018, after Cupertino asked for the app to be voluntarily pulled.
Onavo was purchased by Facebook in 2013.
Last week, Facebook suspended accounts linked to Vietnamese hacking group APT32.
A day earlier, the US Federal Trade Commission and a bipartisan coalition of over 40 state attorneys-general filed anti-trust suits against Facebook.
The FTC said in its lawsuit that Facebook initially tried to compete with Instagram on the merits by improving its own offerings, but it ultimately chose to buy Instagram to neutralise the direct threat posed by Instagram and make it more difficult for another personal social networking competitor to gain scale.
The lawsuits also allege companies that rebuffed offers to be acquired by Facebook — or those that posed a competitive threat — would subsequently be cut off from access to various key components within the social networking giant’s network.
“For nearly a decade, Facebook has used its dominance and monopoly power to crush smaller rivals and snuff out competition, all at the expense of everyday users,” New York Attorney-General Letitia James said.
“Almost every state in this nation has joined this bipartisan lawsuit because Facebook’s efforts to dominate the market were as illegal as they were harmful. Today’s suit should send a clear message to Facebook and every other company that any efforts to stifle competition, reduce innovation, or cut privacy protections will be met with the full force of our offices.”
Related Coverage More

By seizing the domain, Microsoft and its partners hope to identify all victims, but are also preventing attackers from escalating intrusions in currently infected networks. More

C++ and PHP have far more high-severity security flaws than programming languages like JavaScript and Python. More

AIR-FI technique can send stolen data at speeds of up to 100 b/s to Wi-Fi receivers at a distance of a few meters. More

Cybersecurity researchers discover millions of medical files and associated personal data left discoverable on the open web due to being stored insecurely. More

A USB power monitor and a data blocker in one convenient, low-cost, reliable tool. More

Roughly 13.5 million videos hosted on Pornhub are now reduced to only 2.9 million. More