Categories
APT Botnet Breach Bug CVE Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Spearphishing TrickBot Vulnerability Zero-day

SolarWinds breached, infects multiple US companies, Pay2Key compromises Habana Labs’ networks, and more

Major cybersecurity events on 14th December 2020 (Morning Post): Hackers backed by foreign govt. breach US Treasury, steal data. Major leak exposes members and ‘lifts the lid’ on the Chinese Communist Party. Former Cisco engineer gets two years in prison for Webex Teams hack.

Round Up of Major Breaches and Scams

Microsoft, FireEye confirm SolarWinds supply chain attack

Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today. FireEye’s report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce’s National Telecommunications and Information Administration (NTIA).

US Investigating Computer Hacks of Government Agencies

Hackers broke into the networks of federal agencies including the Treasury and Commerce departments as U.S. government officials said Sunday that they were working to identify the scope of the breach and to fix the problem. The FBI and the Department of Homeland Security’s cybersecurity arm are investigating. The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools.

Pay2Key hackers stole data from Intel’s Habana Labs

Pay2Key ransomware operators claim to have compromised the network of the Intel-owned chipmaker Habana Labs and have stolen data. Intel-owned AI chipmaker Habana Labs was hacked by Pay2key ransomware operators who claim to have stolen from the company. The group announced the hack on Twitter, they claim to have stolen sensitive data, including information about a new artificial intelligence chip code named Gaudi.

U.S. Treasury breached by hackers backed by foreign government

A sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, according to people familiar with the matter. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.

Major leak ‘exposes’ members and ‘lifts the lid’ on the Chinese Communist Party

A major leak containing a register with the details of nearly two million CCP members has occurred – exposing members who are now working all over the world, while also lifting the lid on how the party operates under Xi Jinping, says Sharri Markson. Ms Markson said the leak is a register with the details of Communist Party members, including their names, party position, birthday, national ID number and ethnicity.

Former Cisco engineer gets two years in prison for Webex Teams hack

The former Cisco engineer who pleaded guilty to intentionally causing damage that shut down thousands of Webex Teams accounts for two weeks in 2018 was sentenced Wednesday to two years in federal prison. Sudhish Kasaba Ramesh, of San Jose, resigned from the San Jose networking giant in April 2018 and joined the San Francisco personal styling service Stitch Fix. Four months after leaving Cisco, Ramesh admittedly accessed Cisco’s cloud infrastructure on Amazon Web Services and deployed a code that deleted 456 virtual machines for Webex Teams, Cisco’s video meeting and collaboration tool.

Round Up of Major Malware and Ransomware Incidents

Hacked Subway UK marketing system used in TrickBot phishing campaign

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. Subway UK customers received emails from ‘Subcard’ about the processing of an alleged Subway order. The malicious emails were including a link to a weaponized Excel document containing confirmation of the order.

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. PostgreSQL, also known as Postgres, is one of the most-used open-source relational database management systems (RDBMS) for production environments.

MountLocker ransomware gets slimmer, now encrypts fewer files

MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files. This ransomware operation started in July 2020, and it targets corporate networks. Its operators steal data before encrypting it and threaten victims to leak files unless their multi-million dollar ransom demands are met.

Round Up of Major Vulnerabilities and Patches

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.

Samsung fixes critical Android bugs in December 2020 updates

This week Samsung has started rolling out Android’s December security updates to mobile devices to patch critical security vulnerabilities in the operating system and related components. This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices. As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on December 7, 2020, this week.

Microsoft releases patches for 58 vulnerabilities

Update your system with the latest patches released by Microsoft Office on the last Patch Tuesday roll out. These include vulnerabilities ranging from critical (nine of them), important (forty-six of the flaws were rated important), and moderate (rest three). None of these vulnerabilities or bugs were publicly known or exploited by hackers yet. Both users and administrators should update their systems with these patches as soon as possible.