Weekly Breach Report – December 21st

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Gitpaste-12 botnet

A wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners is targeting Linux servers and IoT devices. The Hacker News:https://thehackernews.com/2020/12/wormable-gitpaste-12-botnet-returns-to.html

SolarWinds

Around 18,000 of SolarWind’s high-profile customers have installed a version of its Orion Products with a malicious backdoor. The HackerNews: https://thehackernews.com/2020/12/nearly-18000-solarwinds-customers.html

Communist Party of China

Sensitive data on 2m members of the Communist Party of China was leaked. The information includes official records such as party position, birthday and ethnicity. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/data-leak-chinese-communist-party/

5G network flaws

Researchers discovered several exploitable weaknesses in 5G networks that could carry out DoS attacks and intercept data traffic. The Hacker News:https://thehackernews.com/2020/12/new-5g-network-flaws-let-attackers.html

Spotify

Spotify alerted users that their data was exposed to a third-party partner in the streaming service’s third breach in less than a month. Threatpost:https://threatpost.com/spotify-changes-passwords-data-breach/162256/

Desjardins Group

Quebec privacy commissioners reported that a 2019 data breach at Canada’s Desjardins Group, a financial-services company, was caused by lax administrative and technological safeguards. IT World Canada: https://www.itworldcanada.com/article/breaking-desjardins-at-fault-for-huge-data-breach-say-privacy-commissioners/439581

Hurtigruten

This Norwegian cruise company said that it suffered a severe ransomware attack this week that left several of its systems paralyzed. Nasdaq: https://www.nasdaq.com/articles/norwegian-cruise-liner-hurtigruten-sustains-cyber-attack-2020-12-14

Instagram click farm

Researchers discovered an Instagram click farm after uncovering a command and control server that contained data for thousands of Instagram profiles. Best Gaming Pro: https://bestgamingpro.com/massive-instagram-click-farm-found-following-data-breach/

European Medicines Agency

Europe’s drug regulator confirmed that it was hit by a cyberattack, and that some documents, including those related to COVID-19, were unlawfully accessed by a third-party. KFGO: https://kfgo.com/2020/12/11/eu-drugs-regulator-confirms-data-breach-in-cyber-attack/

Vietnam Government Certification Authority

Researchers discovered an attack targeting the Vietnam Government Certification Authority that compromised the agency’s digital-signature toolkit to install a backdoor on systems. The Hacker News: https://thehackernews.com/2020/12/software-supply-chain-attack-hits.html

Russian attacks on US federal agencies

The Energy Department and National Nuclear Security Administration found that hackers had accessed their networks, part of an extensive cyber-espionage campaign that has impacted several other federal agencies. Politico: https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855

Browser extensions

Three million people have been infected by Chrome and Edge browser extensions that steal data and redirect users to phishing sites. Researchers discovered a total of 28 extensions that contained malware. Ars Technica: https://arstechnica.com/information-technology/2020/12/up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons/

RAM as wireless emitter

Researchers published a new technique that converts a RAM card into a wireless emitter that could transmit sensitive data from inside non-networked air-gapped computers. ZDNet: https://www.zdnet.com/article/academics-turn-ram-into-wifi-cards-to-steal-data-from-air-gapped-systems/

Microsoft

Microsoft made a statement saying that it had detected malicious SolarWinds binaries in its environment. The Hacker News: https://thehackernews.com/2020/12/microsoft-says-its-systems-were-also.html

University of Vermont hospital 

An October cyberattack is costing the University of Vermont Medical Center $1.5m a day in lost revenue and recovery costs. Insurance Journal: https://www.insurancejournal.com/news/east/2020/12/15/593996.htm

Lithuania

Lithuania’s defense minister announced that hackers hit the country with one of the “most complex” cybersecurity attacks in recent history. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/lithuania-cyberattack/

Like the report? Sign up below and get it in your inbox.