Happy newyear everyone!
Since 2020 saw the birth of our second daughter I can't call it a crappy year at all. But apart from that, well, let's just all wish that whatever comes is better than whatever came before :-) Onwards and upwards!
Full issue today, I hope you enjoy it. And a big thank you to Julian for sponsoring this issue!
Breaches and leaks
- Vietnam targeted in complex supply chain attack. Malware was introduced in software that citizens use to sign official documents: link.
- Microsoft's unreleased Windows Core Polaris OS leaks online: link.
- Data breach broker selling user records stolen from 26 companies: link.
- T-Mobile data breach exposed phone numbers and call records of around 200.000 customers: link.
- Emotet malware hits Lithuania's National Public Health Center: link.
- Home appliance giant Whirlpool hit in Nefilim ransomware attack: link.
- Voyager cryptocurrency broker halted trading due to cyberattack: link.
- Kawasaki discloses security breach, potential data leak: link.
- Finland says hackers accessed MPs' emails accounts: link.
- Microsoft says that the Solarwind hackers gained read-only access to source code of theirs, although they don't say for what software: link.
- Great essay by Bruce Schneier on the Solarwind attacks, and how it shows that we need to adopt a defense-dominant cybersecurity strategy, instead of focusing on the offensive: link.
Over 100.000 Zyxel VPN gateways, firewalls and access points have hardcoded credentials in them that can grant anyone remote admin level access. For things that are quite literally made to do the opposite. This is such incompetence that I have a hard time believing it's by accident. Especially since they had a similar issue once already back in 2016. If you have a Zyxel device, patch it. Or throw it out.
They hired a previous employee of their competitor, CrowdSurge, and then used the passwords they still had to log in to CrowdSurge's systems. Amazingly, they also held a company gathering showing off this ability at large. It's always good news when criminals don't think things through.
If you want to learn more about risk management, this is a great place to go. You can find a (free) copy of the book, Security Risk Management Aide-Mémoire, written by Julian Talbot, under 'Where can I get a copy'. You'll also find risk management related templates and graphics under the 'Resources' tab. And you can get access to the Security Risk Management SaaS platform SECTARA with a free tier.
A little trip down memory lane. Although the worst one doesn't require much walking, since it's the Solarwind hacks.
WeLeakInfo was a subscription service that sold compromised credentials. 21 people have been arrested for using those credentials, and notably 69 others were visited by authorities with a warning, in an effort to try and divert them from slipping into cybercrime.
Very interesting insight on how intelligence agencies use personal data to find other agents and recruit agents of their own.
Might be worth looking in to if you run these.
If we weren't social distancing I'm sure there would be celebration in the streets.