Microsoft
Microsoft announced that the Russian hackers behind the SolarWinds attack gained access to its internal accounts and escalated privileges inside its network, viewing some of its source code. The Hacker News: https://thehackernews.com/2020/12/microsoft-says-solarwinds-hackers.html
Wray & Nephew (JWN)
Rum maker JWN reported that it reverted to manual procedures following a malware breach that impacted operations at its Italian parent Campari. Jamaica Gleaner: http://jamaica-gleaner.com/article/business/20201227/campari-data-breach-slows-local-operations
macOS
2020 started with reports that Mac cyber threats took off, but the average user saw fewer malware and ransomware threats than Windows users during the year. Dark Reading: https://www.darkreading.com/endpoint/mac-attackers-remain-focused-mainly-on-adware-fooling-users/d/d-id/1339807
SolarWinds timeline
PaloAlto Networks recently published a timeline of the SolarWinds supply-chain attack. Unit 42: https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/
Finnish politicians
Finland’s parliament was targeted by cyberattacks this past autumn that compromised several politicians’ email accounts. Bloomberg: https://www.bloomberg.com/news/articles/2020-12-28/finnish-politicians-email-accounts-targeted-by-cyber-attack
Google Docs
Google patched a bug in a feedback tool incorporated into Google Docs that would have enabled an attacker to take screenshots of sensitive documents. The Hacker News: https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html
Kawasaki Heavy Industries
An internal audit at Kawasaki revealed that a hacker had accessed its servers and may have leaked information to a third party. The Daily Swig: https://portswigger.net/daily-swig/kawasaki-heavy-industries-reports-data-breach-as-attackers-found-with-year-long-network-access
General Medical Laboratory
Hackers attacked this Antwerp, Belgium, laboratory with ransomware, bringing all lab activities to a halt. General Medical handles 3,000 COVID-19 tests per day, and is the largest private lab in Belgium dealing with the crisis. The Brussels Times: https://www.brusselstimes.com/news/belgium-all-news/147433/antwerp-laboratory-becomes-latest-victim-of-cyber-attack/
Hacker logic
Understanding the logic hackers use to decide which targets to hit can help enterprises protect their critical systems. Threatpost: https://threatpost.com/6-questions-attackers-ask-exploit/162651/
Indian engineering company
An unnamed multinational engineering company based in Pune, India, lost 56,000 euros in a man-in-the-middle cyberattack during a transaction with a German company. The Indian Express: https://indianexpress.com/article/cities/pune/pune-based-engineering-company-loses-56000-euros-in-cyber-attack-7126733/
T-Mobile
T-Mobile announced a data breach that exposed customer personal information, including phone numbers and calls records. Bleeping Computer: https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/
Zyxel firewalls
Zyxel patched a secret backdoor in its firmware that could have been used by an attacker to log in with admin privileges. The flaw affects a wide range of devices. The Hacker News: https://thehackernews.com/2021/01/secret-backdoor-account-found-in.html