Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – December 28th

Dec 28, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

SolarWinds

Microsoft announced that another group of hackers may have been abusing SolarWinds Orion software to drop similar persistent backdoors into target systems. The Hacker News: https://thehackernews.com/2020/12/a-second-hacker-group-may-have-also.html

 

Federated Authentication

The NSA and CISA warned that the attacker-modified update to SolarWinds is not the only way Russian attackers infiltrated networks. The attackers are also stealing private keys for single sign-on infrastructure. Dark Reading: https://www.darkreading.com/vulnerabilities—threats/advanced-threats/nsa-cisa-warn-of-attacks-on-federated-authentication/d/d-id/1339776

 

VMware and Cisco

The SolarWinds breach also impacted VMware and Cisco, and in one case, hackers exploited a vulnerability in VMware Workspace ONE. Security Week:https://www.securityweek.com/vmware-cisco-reveal-impact-solarwinds-incident

 

Ledger

In June, this popular hardware wallet for storing digital assets experienced a data breach that impacted more than one million clients. The hackers responsible for the breach just released all of the stolen data to the public. Securities.io: https://www.securities.io/ledger-still-suffering-from-june-data-breach-as-stolen-data-goes-public/

 

Treck TCP/IP

The US Cybersecurity Infrastructure and Security Agency (CISA) warned of critical vulnerabilities in a low-level TCP/IP software library from Treck that could enable remote attackers to run arbitrary commands. The Hacker News: https://thehackernews.com/2020/12/new-critical-flaws-in-treck-tcpip-stack.html

 

Safe-Inet

A range of international law-enforcement agencies announced a coordinated takedown of Safe-Inet, a popular VPN service for criminal activity. The Hacker News: https://thehackernews.com/2020/12/cybercriminals-favorite-bulletproof-vpn.html

 

Sangoma Technologies

In a statement, Canadian-based Sangoma announced that a ransomware attack on its servers resulted in private and confidential data being posted online. GlobeNewswire: https://www.globenewswire.com/news-release/2020/12/24/2150482/0/en/Sangoma-Technologies-Confirms-Data-Breach-as-Result-of-Ransomware-Attack.html

 

NetGalley

This publishing website, which gives book reviewers pre-release access to new titles, warned users that a data breach had exposed their personal data. The Daily Swig: https://portswigger.net/daily-swig/netgalley-data-breach-publishing-industry-website-forces-password-reset-following-security-incident

 

Portnox

The Iran-based Pay2Key hacking group said that it hacked into computer systems belonging to Israeli cybersecurity company Portnox. The same group also hacked Israel Aerospace Industries several days earlier. The Times of Israel: https://www.timesofisrael.com/iran-linked-hackers-say-they-breached-israeli-cyber-security-firm-portnox/

 

Citrix

Hackers hit Citrix with a cyberattack that impacted its application-delivery controller devices. As a result, the hackers could use these devices to launch amplified DDoS attacks. The Statesman: https://www.thestatesman.com/technology/citrix-confirms-ddos-cyber-attack-firm-investigating-impact-1502942815.html

 

Livecoin

On Christmas Eve this Russian cryptocurrency exchange announced that hackers took control of its infrastructure and caused the exchange to lose control of some servers. Livecoin told customers to stop using its services. ZDNet: https://www.zdnet.com/article/russian-crypto-exchange-livecoin-hacked-after-it-lost-control-of-its-servers/

 

The Hospital Group

The Hospital Group, a private British healthcare company, confirmed that a ransomware attack had occurred, and that the hackers are threatening to release plastic-surgery photos of its customers online. BBC:https://www.bbc.com/news/technology-55439190

 

Symrise 

Hackers hit German flavor- and scent-producer Symrise with a ransomware attack that disrupted its operations. Latest Hacking News: https://latesthackingnews.com/2020/12/26/flavor-and-fragrance-giant-symrise-ag-hit-by-clop-ransomware/

 

Koei Tecmo

This Japanese game developer disclosed a data breach and took its European and American websites offline after discovering stolen data posted on a hacker forum. Bleeping Computer: https://www.bleepingcomputer.com/news/security/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data/

 

COVID-19 research

North Korean hackers are targeting pharmaceutical companies to steal sensitive information about COVID-19 vaccine research. The Hacker News: https://thehackernews.com/2020/12/north-korean-hackers-trying-to-steal.html

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.