News
Happy newyear everyone!
Since 2020 saw the birth of our second daughter I can't call it a crappy year at all. But apart from that, well, let's just all wish that whatever comes is better than whatever came before :-) Onwards and upwards!
Full issue today, I hope you enjoy it. And a big thank you to Julian for sponsoring this issue!
Breaches and leaks
- Vietnam targeted in complex supply chain attack. Malware was introduced in software that citizens use to sign official documents: link.
- Microsoft's unreleased Windows Core Polaris OS leaks online: link.
- Data breach broker selling user records stolen from 26 companies: link.
- T-Mobile data breach exposed phone numbers and call records of around 200.000 customers: link.
- Emotet malware hits Lithuania's National Public Health Center: link.
- Home appliance giant Whirlpool hit in Nefilim ransomware attack: link.
- Voyager cryptocurrency broker halted trading due to cyberattack: link.
- Kawasaki discloses security breach, potential data leak: link.
- Finland says hackers accessed MPs' emails accounts: link.
Solarwinds continued
- Microsoft says that the Solarwind hackers gained read-only access to source code of theirs, although they don't say for what software: link.
- Great essay by Bruce Schneier on the Solarwind attacks, and how it shows that we need to adopt a defense-dominant cybersecurity strategy, instead of focusing on the offensive: link.
Backdoor account discovered in more than 100,000 Zyxel firewalls and VPN gateways
Over 100.000 Zyxel VPN gateways, firewalls and access points have hardcoded credentials in them that can grant anyone remote admin level access. For things that are quite literally made to do the opposite. This is such incompetence that I have a hard time believing it's by accident. Especially since they had a similar issue once already back in 2016. If you have a Zyxel device, patch it. Or throw it out.
Ticketmaster fined $10 million for breaking into rival’s systems
They hired a previous employee of their competitor, CrowdSurge, and then used the passwords they still had to log in to CrowdSurge's systems. Amazingly, they also held a company gathering showing off this ability at large. It's always good news when criminals don't think things through.
(Sponsored) Security Risk Management Aide-Mémoire goes online
If you want to learn more about risk management, this is a great place to go. You can find a (free) copy of the book, Security Risk Management Aide-Mémoire, written by Julian Talbot, under 'Where can I get a copy'. You'll also find risk management related templates and graphics under the 'Resources' tab. And you can get access to the Security Risk Management SaaS platform SECTARA with a free tier.
2020 had its share of memorable hacks and breaches. Here are the top 10.
A little trip down memory lane. Although the worst one doesn't require much walking, since it's the Solarwind hacks.
UK authorities visits WeLeakInfo users to warn of using stolen data
WeLeakInfo was a subscription service that sold compromised credentials. 21 people have been arrested for using those credentials, and notably 69 others were visited by authorities with a warning, in an effort to try and divert them from slipping into cybercrime.
How China uses stolen US personnel data
Very interesting insight on how intelligence agencies use personal data to find other agents and recruit agents of their own.
CISA releases malicious activity detection tool for Azure and Microsoft 365
Might be worth looking in to if you run these.
Adobe Flash Player is officially dead - EOL of January 1st has come and gone
If we weren't social distancing I'm sure there would be celebration in the streets.