Weekly Breach Report – December 14th

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

US Treasury and SolarWinds

Russian hackers have been monitoring internal email traffic at the US Treasury and Commerce departments, and potentially other organizations. The intruders tampered with software updates released by SolarWinds, a cybersecurity firm whose products monitor the health of IT networks. It is used by organizations as diverse as governments and multinationals. Krebs on Security: https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/ 

Global GDP

According to a new study, worldwide losses from cybercrime total more than $1 trillion a year, equivalent to over 1% of global GDP. Infosecurity:https://www.infosecurity-magazine.com/news/cybercrime-costs-1trillion/

RMD Kwikform

This British engineering-services firm is investigating a security breach that occurred in November. BBC: https://www.bbc.com/news/uk-england-birmingham-55208202

Shirbit 

Israeli insurance-company Shirbit experienced a data breach, and the hackers have already released documents containing personal information on Shirbit employees and customers. So far the company has refused to pay the $1m bitcoin ransom demand. I24: https://www.i24news.tv/en/news/israel/1607253802-shirbit-declines-to-pay-hackers-as-it-faces-further-threats-of-leaked-documents-increased-ransom

Ransomware tactics

Some ransomware gangs are now cold-calling their victims if they suspect the hacked entity might restore from a backup and avoid paying ransom demands. ZDNet: https://www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-paying/

D-Link VPN routers

Some D-Link VPN router models are vulnerable to three high-severity security vulnerabilities. The Hacker News: https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html

Microsoft Teams

A no-click remote code execution bug in Microsoft Teams desktop apps enables hackers to execute arbitrary code by sending a specially-crafted chat message. The Hacker News: https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html

FireEye

A well-known cybersecurity company that works with government agencies and companies worldwide announced that it had been hacked, and the (probably Russian) nation-state actors had taken red-team pentest tools that can mount sophisticated new attacks. New York Times: https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html?referringSource=articleShare

Zebrocy malware

A Russian hacker is leveraging COVID for phishing lures to deliver a Go version of Zebrocy malware. The Hacker News: https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html

AMNESIA:33

Researchers discovered 33 vulnerabilities in TCP/IP stacks that could impact millions of IoT and embedded devices. The Hacker News: https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html

Randstad

One of the world’s leading recruitment agencies fell victim to a ransomware attack, and the hackers accessed sensitive data. Graham Cluley: https://grahamcluley.com/recruitment-giant-randstad-hit-by-ransomware-sensitive-data-stolen/

Foxconn

Hackers hit electronics manufacturer Foxconn with DoppelPaymer ransomware last month. The hackers are demanding $34m in ransom. Hot for Security:https://hotforsecurity.bitdefender.com/blog/foxconn-hit-with-record-breaking-34-million-ransom-demand-after-cyber-attack-24797.html

Steam

Critical flaws in a core networking library in Valve’s Steam online-gaming platform could enable hackers to crash games and take over third-party game servers remotely. The Hacker News: https://thehackernews.com/2020/12/valves-steam-server-bugs-couldve-let.html

Embraer

Brazilian airplane maker Embraer experienced a ransomware attack last month. The hackers leaked private files after the company refused to negotiate and instead restored systems from backups. ZDNet: https://www.zdnet.com/article/hackers-leak-data-from-embraer-worlds-third-largest-airplane-maker/

Long Beach, NY

Hackers targeted the city of Long Beach with a cyberattack that forced the city to shut down its computer network. Patch: https://patch.com/new-york/longbeach/long-beach-computer-network-shut-down-after-cyber-attack-found

Cisco Jabber

Cisco fixed four previously disclosed bugs in its Jabber video-conferencing app that were inadequately addressed the first time. The Hacker News:https://thehackernews.com/2020/12/cisco-reissues-patches-for-critical.html

APT32 hackers

Researchers from Facebook linked the activities of a Vietnamese hacker to an IT company in the country. The criminal  is part of a hacking group that has been running espionage campaigns since 2012. The Hacker News: https://thehackernews.com/2020/12/facebook-tracks-apt32-oceanlotus.html

MySQL

More than 85,000 MySQL databases are on sale on the dark web for $550 per database. The hacked databases are a part of a ransom scheme where hackers download tables, delete the originals, and leave ransom notes behind. ZDNet: https://www.zdnet.com/article/hackers-are-selling-more-than-85000-sql-databases-on-a-dark-web-portal/

Ledger

Hackers are targeting users of the Ledger cryptocurrency wallet with fake data-breach notifications to steal cryptocurrency from their victims. Bleeping Computer: https://www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/

UiPath

A startup that makes robotics automation software is emailing users about a security incident that exposed their personal information online. ZDNet:https://www.zdnet.com/article/robotics-unicorn-uipath-discloses-data-breach/

Like the report? Sign up below and get it in your inbox.