President-elect Joe Biden is proposing to spend more than $10B on cybersecurity and information technology for the federal government as part of the $1.9T COVID-19 relief plan unveiled Thursday. Among other things, the funding would be used to remediate the SolarWinds breach that compromised federal agencies and secure the COVID-19 supply chain and vaccine process. 

More on the Biden plan: 

• $9B to launch major cybersecurity and IT shared services at the Cybersecurity and Infrastructure Security Agency (CISA) and the General Services Administration (GSA) and complete modernization projects at federal agencies.
• $200M for the rapid hiring of experts to support the federal Chief Information Security Officer and U.S. Digital Service. 
• $300M for technology transformation services at the GSA to drive secure IT projects without the need for reimbursement from agencies
• $690M to improve security monitoring and incident response for federal civilian networks. 

Microsoft is warning administrators that the fix for the critical Windows Zerologon bug will enter the enforcement phase next month. As part of the multiphase update, Microsoft will be enabling domain controller enforcement mode by default beginning Feb. 9. 

More:

• This week, the company provided guidance to administrators about mitigating the Zerologon bug, including the upcoming enforcement mode phase. 
• Discovered by Secura, the critical bug is located in the Windows Netlogon protocol and could enable an attacker to become a domain administrator of a corporate network.
• Microsoft issued an advisory last August in which it described a two-part rollout for the bug fix: an initial patch and an enforcement phase in Q1 2021.

China-linked threat actor APT41 (Winnti) has targeted organizations in Hong Kong and Russia with a previously unknown backdoor called FunnySwitch, according to Positive Technologies researchers. The attackers use shortcuts linked to pages hosted on the collaboration tool Zeplin, which fetches the final-stage malware that includes a shellcode loader and Crosswalk backdoor.

More:

• The attack group is using droppers, loaders, injectors, as well as Crosswalk, ShadowPad, PlugX, and FunnySwitch backdoors.
• FunnySwitch can send system information as well as arbitrary JScript code and has unusual message relay functionality.
• APT41 appears to be attacking game developers in Russia, Hong Kong, and elsewhere in its latest campaign.

The National Security Agency (NSA) is advising enterprises that the use of DNS over HTTPS (DoH) could disrupt their Domain Name System (DNS) monitoring and security tools. Enterprises should only use designated enterprise DNS resolvers, not DoH with external resolvers, to leverage cybersecurity defenses, facilitate access to local network resources, and protect internal network information, according to the NSA. 

More from the NSA:

• DoH encrypts DNS requests using HTTP to provide privacy, integrity, and source authentication with a client's DNS resolver and is useful to prevent eavesdropping and manipulation of DNS traffic. 
• DoH with external DNS resolvers is effective for home or mobile users and networks that do not use DNS security controls.
• The enterprise DNS resolver should support encrypted DNS requests for local privacy and integrity protection, but all other encrypted DNS resolvers should be disabled and blocked, the NSA advises. 

Google has removed 164 Android apps, downloaded by 10 million users, from Google Play because the apps bombard users with malicious out-of-context ads — mobile ads that are displayed separately from the app. Google banned these apps last year because it is impossible to determine the origin of the ads, which could open the door to silent ad spam.

More:

• Security firm White Ops discovered the 164 apps, which display out-of-context ads under the com.tdc.adservice package.
• The apps are controlled by a command-and-control JSON hosted on Dropbox.
• Google has so far taken down more than 1,000 apps that violated its out-of-context ad ban.

PATCH WATCH: (This premium content first appeared in the Jan. 13 issue of Inside Security. To get PATCH WATCH in your inbox every Wednesday, click here to upgrade to premium!)

• Adobe fixed a number of vulnerabilities in its products, including seven critical bugs that could result in arbitrary code execution. Adobe retired its Flash Player product, which has been plagued by security problems for years. 
• GitLab patched multiple vulnerabilities in its platform that could enable a remote attacker to launch a denial-of-service attack or steal data.
• Google patched 16 security bugs in Chrome stable channel 87.0.4280.141 for Windows, Mac, and Linux, including high-severity flaws that could be exploited to take control of an affected system.
• IBM fixed critical bugs in its IBM Cloud Event Management on IBM Cloud Private, Spectrum Discover, IBM Event Streams, IBM Blockchain Platform, and IBM Aspera high-speed transfer server/endpoint.
• Microsoft patched 83 security bugs in its products on Patch Tuesday, including 10 critical flaws. The most important patch is a fix for a critical bug in Windows Defender that is being exploited in the wild. Microsoft fixed a security bypass bug in Secure Boot that could enable an attacker to compromise Windows. Prior to Patch Tuesday, Microsoft fixed a number of vulnerabilities in the Chromium-based Edge browser.
• Mozilla fixed critical security bugs in Firefox, Firefox for Android, and Firefox ESR. It also patched a critical vulnerability in its Thunderbird email client that could enable an attacker to take control of a vulnerable system.
• QNAP patched a remote code execution bug in its network-attached storage product.
• SAP released 10 security notes and seven updates to previously released security notes. The notes contain patches for a range of bugs, including a critical bug in SAP Business Warehouse that could lead to a full compromise of an affected system.
• Siemens issued a number of security advisories to address vulnerabilities in its SCALANCE, JT2Go, Teamcenter Visualization, and Solid Edge products.

As previously reported in Inside Security:

• NVIDIA has patched high-severity security bugs in Windows and Linux GPU display drivers as well as bugs impacting its Virtual GPU management software. Read more...

QUICK HITS:

• Was 2020 a rough year for you too? Send a Lift Up Note to appreciate someone who helped you get through it.*
• Ronald McDonald House notified 17,373 guests that their personal data was exposed in last year's massive Blackbaud breach.
• Amazon's Ring Neighbors app leaked precise locations and home addresses of users. 
• An undisclosed Apache Velocity cross-site scripting bug can be exploited to target government sites. 
• Did you know that shopping apps convert 3x more than responsive websites? Stay ahead of the competition and create yours with GoodBarber!*

* This is sponsored content.