Top Infosec News Items for January 5, 2021

Plug: Check out my column today in CSO Online about the emergence of the new “double extortion” ransomware group Egregor, which appears to be picking up where the Maze group left off.

In an all but inevitable development, the first class-action lawsuit has been brought against SolarWinds for its role in the massive supply chain infection that has undermined hundreds of government and private sector organizations' security.

The suit filed in the U.S. District Court for the Western District of Texas claims that SolarWinds “mispresented and failed to disclose the following adverse facts about the company’s business, operations, and prospects, which were known to Defendants or recklessly disregarded by them.” (Michael Novinson / CRN)

A new SMS phishing campaign or smishing is seeking to steal PayPal user account credentials to conduct identity theft attacks.

Users that have fallen for the campaign should immediately go to PayPal.com and change their passwords. (Lawrence Abrams / Bleeping Computer)

Related: TechNadu, TechDator, Reddit - cybersecurity, Spyware News

The data of 100 million Indian credit card holders have been leaked on the dark web via a compromised server of Bengaluru-headquartered mobile payment solutions company Juspay. 

Among the exposed information is issuing bank, expiry date, masked credit/debit card numbers, names, customer ID, and merchant account ID have been leaked among several other details. (Harshit Rakheja / Inc42)

Related: Data Breaches Digest, Economic Times, Telecomlive.com, BGR

Singapore has confirmed that its police force can obtain any data, including information gathered by the contact tracing TraceTogether app and wearable token to help its criminal probes.

Around 4.2 million residents, or 78% of the population, have downloaded and adopted the coronavirus tracing app, which is mandatory for the entire population. (Eileen Yu / ZDNet)

Related: RAPPLER, rthk.hk World News, South China Morning Post, ET news, Tech Xplore, The Register - Security, Business Insider, MediaNama, Slashdot, Digital Journal, Asia One Digital

Researchers from cybersecurity firms Profero and Security Joes discovered ransomware that may be the work of a Chinese threat group APT27, which is normally involved in cyber espionage campaigns.

During 2020, the group, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse, directly targeted at least five companies in the online gambling sector that operate globally and successfully encrypted several core servers. (Ionut Ilascu / Bleeping Computer)

Related: SC Magazine, Security Affairs, TechDator

Xavier Mertens, a security researcher with the SANS Internet Storm Center, discovered a new malware strain that grabs the infected user's BSSID or Basic Service Set Identifier, basically the MAC physical address of the wireless router or access point the user is using to connect via WiFi.

Using the BSSID and the victim’s IP address confirms that the initial IP-based geolocation query is correct. (Catalin Cimpanu / ZDNet)

Related: Slashdot

Vancouver's transportation agency TransLink confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information.

Most of TransLink’s systems are still down following the early December ransomware attack. (Sergiu Gatlan / Bleeping Computer)

The New York Stock Exchange backed off its plan to delist three Chinese telcos, China Telecom, China Mobile, and China Unicom Hong Kong, to comply with an executive order from Donald Trump.

The order banned trading and investing in the companies because of their supposed close ties to Chinese military intelligence. (Chris Duckett / ZDNet)

Related: Financial Times, Hong Kong Free Press HKFP, GovernmentCyber.com, CyberNews, Infosecurity Magazine, The Star

Must-Read of the Day

Matt Stoller, who works at the American Economic Liberties Project and specializes in monopolies, has this excellent and slightly controversial essay on how venture capitalist Orlando Bravo, of the famed Thoma Bravo VC firm, has made millions by excluding hacking risks from his profitability calculations. Photo by 金 运 on Unsplash

Coming Soon - Exclusive Business Analysis for Premium Subscribers

For three years, DCT Associates has been tracking the cybersecurity business, from venture funding deals to stock market and financial performance of publicly-traded cybersecurity companies. Starting soon, premium subscribers to Metacurity will gain access to a wealth of information and analysis regarding the business of cybersecurity. We will offer our customers access to detailed stock and financial performance of leading cybersecurity companies, along with rich run-down and analysis of the still highly robust venture capital investment in information security start-ups.

Today, and if space permits inside the newsletter format, every day, we will present a summary of how our custom cybersecurity stock index performed during the previous day. Yesterday, January 4, 2021, was a brutal day for the previously red-hot publicly traded cybersecurity companies, which declined 2.3% overall on a downmarket day when investors feared the worst from the ongoing coronavirus crisis. Check out how well cybersecurity stocks fared against the other market indices below.

Photo by Tingey Injury Law Firm on Unsplash