Round Up of Major Breaches and Scams
Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today. FireEye’s report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce’s National Telecommunications and Information Administration (NTIA).
Hackers broke into the networks of federal agencies including the Treasury and Commerce departments as U.S. government officials said Sunday that they were working to identify the scope of the breach and to fix the problem. The FBI and the Department of Homeland Security’s cybersecurity arm are investigating. The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools.
Pay2Key ransomware operators claim to have compromised the network of the Intel-owned chipmaker Habana Labs and have stolen data. Intel-owned AI chipmaker Habana Labs was hacked by Pay2key ransomware operators who claim to have stolen from the company. The group announced the hack on Twitter, they claim to have stolen sensitive data, including information about a new artificial intelligence chip code named Gaudi.
A sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, according to people familiar with the matter. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.
A major leak containing a register with the details of nearly two million CCP members has occurred – exposing members who are now working all over the world, while also lifting the lid on how the party operates under Xi Jinping, says Sharri Markson. Ms Markson said the leak is a register with the details of Communist Party members, including their names, party position, birthday, national ID number and ethnicity.
The former Cisco engineer who pleaded guilty to intentionally causing damage that shut down thousands of Webex Teams accounts for two weeks in 2018 was sentenced Wednesday to two years in federal prison. Sudhish Kasaba Ramesh, of San Jose, resigned from the San Jose networking giant in April 2018 and joined the San Francisco personal styling service Stitch Fix. Four months after leaving Cisco, Ramesh admittedly accessed Cisco’s cloud infrastructure on Amazon Web Services and deployed a code that deleted 456 virtual machines for Webex Teams, Cisco’s video meeting and collaboration tool.
Round Up of Major Malware and Ransomware Incidents
Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. Subway UK customers received emails from ‘Subcard’ about the processing of an alleged Subway order. The malicious emails were including a link to a weaponized Excel document containing confirmation of the order.
Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. PostgreSQL, also known as Postgres, is one of the most-used open-source relational database management systems (RDBMS) for production environments.
MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files. This ransomware operation started in July 2020, and it targets corporate networks. Its operators steal data before encrypting it and threaten victims to leak files unless their multi-million dollar ransom demands are met.
Round Up of Major Vulnerabilities and Patches
Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.
This week Samsung has started rolling out Android’s December security updates to mobile devices to patch critical security vulnerabilities in the operating system and related components. This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices. As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on December 7, 2020, this week.
Update your system with the latest patches released by Microsoft Office on the last Patch Tuesday roll out. These include vulnerabilities ranging from critical (nine of them), important (forty-six of the flaws were rated important), and moderate (rest three). None of these vulnerabilities or bugs were publicly known or exploited by hackers yet. Both users and administrators should update their systems with these patches as soon as possible.