Weekly Breach Report – January 18th 2021

Jan 18, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


SolarWinds (1)

Researchers found a connection between the Sunburst backdoor used in the SolarWinds hack and Kazuar malware, a .NET-based malware first documented in 2017. The Hacker News: https://thehackernews.com/2021/01/researchers-find-links-between-sunburst.html


Reserve Bank of New Zealand 

New Zealand’s central bank is responding to a security breach in one of its systems. A hacker accessed a third-party file-sharing service used by the bank to store sensitive information. https://www.reuters.com/article/us-newzealand-economy-rbnz/new-zealand-central-bank-says-its-data-system-was-breached-idUSKBN29F010?il=0


JP Morgan Chase

US courts sentenced a Russian hacker to 12 years in prison for his role in the 2012-15 JP Morgan Chase cyberattack, one of the largest data thefts from a single financial institution. The Hacker News: https://thehackernews.com/2021/01/russian-hacker-gets-12-years-prison-for.html


Online banking

Researchers discovered a fraud campaign in which hackers use a mobile emulator to create a virtual clone of a victim’s smartphone to break into their bank accounts. Tech Radar: https://www.techradar.com/news/massive-fraud-campaign-sees-millions-vanish-from-online-bank-accounts



This vendor of cloud-enabled IoT devices is urging customers to change their passwords and enable multi-factor authentication. The company said that a third-party cloud provider might have exposed customer account information. Krebs on Security: https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/


SolarWinds (2)

CrowdStrike identified a third malware strain, Sunspot, involved in the SolarWinds supply chain attack. Sunspot was installed on the SolarWinds build server to watch for build commands that assembled Orion software. ZDNet: https://www.zdnet.com/article/third-malware-strain-discovered-in-solarwinds-supply-chain-attack/


Solarwinds (3)

SolarWinds hackers breached email-security provider Mimecast and obtained a digital certificate to access its customers’ Microsoft Office services. The hackers appear to have gained access to Mimecast without the SolarWinds software. The Wall Street Journal: https://www.wsj.com/articles/solarwinds-hackers-attack-on-email-security-company-raises-new-red-flags-11610510375?mod=djemwhatsnews



Europol shut down the world’s largest online marketplace for illicit goods. DarkMarket has 500,000 users and more than 2,400 vendors. The Hacker News:https://thehackernews.com/2021/01/authorities-take-down-worlds-largest.html


Watering hole attacks

Google Project Zero researchers discovered two malicious servers targeting Windows and Android users that used remote-code-execution vulnerabilities on affected devices. TechRepublic: https://www.techrepublic.com/article/google-exposes-malicious-exploits-targeting-windows-and-android-users/


Microsoft Defender

Hackers are exploiting a remote code execution vulnerability in Microsoft Defender in the wild. Microsoft: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647


Amazon Ring Neighbors app

A security flaw in Ring’s Neighbors neighborhood-watch app exposed the precise locations and home addresses of users who posted in the app. Tech Crunch:https://techcrunch.com/2021/01/14/ring-neighbors-exposed-locations-addresses/


United States Capitol

The cybersecurity consequences from the US Capitol attack will take months to sort out after at least one laptop was stolen. ZDNet: https://www.zdnet.com/article/capitol-attacks-cybersecurity-fallout-stolen-laptops-lost-data-and-possible-espionage/


United Nations Environmental Programme (UNEP)

Researchers disclosed a vulnerability that would enable access to over 100,000 employee records at UNEP. Security Magazine: https://www.securitymagazine.com/articles/94325-united-nations-suffers-data-breach



A bug in the currently disabled social-media platform, frequently used by far-right extremists and US domestic terrorists, enabled hackers to download almost all of the site’s public contents and create millions of accounts with administrator privileges. Wired: https://www.wired.com/story/parler-hack-data-public-posts-images-video/



Hackers stole the personal and public details of more than 214m users of social-media platforms stored in a misconfigured database by this Chinese data-management company. Digital Information World: https://www.digitalinformationworld.com/2021/01/socialarks-data-breach-has-left-over.html



For the last five years, hackers distributed macOS malware disguised as pirated games and software that hijacks hardware resources to mine cryptocurrency. ZDNet: https://www.zdnet.com/article/macos-malware-used-run-only-applescripts-to-avoid-detection-for-five-years/


Windows 10

An unpatched zero-day bug in Windows 10 enables attackers to corrupt an NTFS-formatted hard drive with one command. Bleeping Computer: https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.