News
Hey everyone,
This is mostly a minimal issue, although all my newsfeeds were dominated this week by the Solarwinds hack anyway :-/
To my more recent subscribers: something went wrong with the signup process while I was on paternity break, causing you to miss last week's issue when I restarted. My apoligies, you can catch up on that one here.
Breaches and leaks
- The Solarwinds hack definitely falls under this category, but without a doubt deserves an item all of its own.
- Ledger, the crypto hardware wallet, had a breach of its e-commerce system last July. That database has now been put online for everyone to see, and it includes 1 million e-mail addresses and about 270.000 addresses of customers, even though Ledger at the time said it was only 9500: link.
The SolarWinds cyberattack: The hack, the victims, and what we know
This was definitely the big one this week, my goodness. Turns out that the FireEye hack was just the tip of a very big iceberg. Solarwinds Orion, a network management platform, was compromised. And with it about 18.000 customers like Microsoft and Cisco, and a bunch of US governement departments (Treasury, State, Health, Homeland Security, Energy, Nuclear Security and more).
This article seems to nicely sum up what we know so far, although more is definitely to come. There is so much more to read on it though, so I've added a few more articles to get you going if you want to dive deeper:
- A detailed technical writeup of the Sunburst malware by FireEye: link.
- Three articles from Brian Krebs on the hacks, in chronologic order: Dec 14th, Dec 15th, Dec 16th.
- Sunburst’s C2 secrets reveal second-stage SolarWinds victims: link.
Besides the obvious reason it definitely doesn't look great for Solarwinds. For one it sounds like (part of?) the compromise was due to a hardcoded password "solarwinds123", which is so insanely stupid I have trouble believing it but then again, sure. And apparently their management team was seen selling millions of dollars of shares before the news of the compromise broke out. Tsk tsk.
WordPress sites running 'Contact Form 7' plugin open to remote compromise
About 5 million sites are apparently vulnerable.
Trump Twitter account hacker won't be punished
The Dutch authorities decided that he had met the criteria to be treated as an ethical hacker performing responsible disclosure.
Twitter fined €450k by EU data protection watchdog for GDPR breach
It relates to a bug in the Android app that could expose the tweets of protected accounts. They were fined because they failed to inform the commision within 72 hours.