Weekly Breach Report – January 4th 2021

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Microsoft

Microsoft announced that the Russian hackers behind the SolarWinds attack gained access to its internal accounts and escalated privileges inside its network, viewing some of its source code. The Hacker News: https://thehackernews.com/2020/12/microsoft-says-solarwinds-hackers.html

Wray & Nephew (JWN)

Rum maker JWN reported that it reverted to manual procedures following a malware breach that impacted operations at its Italian parent Campari. Jamaica Gleaner: http://jamaica-gleaner.com/article/business/20201227/campari-data-breach-slows-local-operations

macOS

2020 started with reports that Mac cyber threats took off, but the average user saw fewer malware and ransomware threats than Windows users during the year. Dark Reading: https://www.darkreading.com/endpoint/mac-attackers-remain-focused-mainly-on-adware-fooling-users/d/d-id/1339807

SolarWinds timeline

PaloAlto Networks recently published a timeline of the SolarWinds supply-chain attack. Unit 42: https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/

Finnish politicians

Finland’s parliament was targeted by cyberattacks this past autumn that compromised several politicians’ email accounts. Bloomberg: https://www.bloomberg.com/news/articles/2020-12-28/finnish-politicians-email-accounts-targeted-by-cyber-attack

Google Docs

Google patched a bug in a feedback tool incorporated into Google Docs that would have enabled an attacker to take screenshots of sensitive documents. The Hacker News: https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html

Kawasaki Heavy Industries

An internal audit at Kawasaki revealed that a hacker had accessed its servers and may have leaked information to a third party. The Daily Swig: https://portswigger.net/daily-swig/kawasaki-heavy-industries-reports-data-breach-as-attackers-found-with-year-long-network-access

General Medical Laboratory

Hackers attacked this Antwerp, Belgium, laboratory with ransomware, bringing all lab activities to a halt. General Medical handles 3,000 COVID-19 tests per day, and is the largest private lab in Belgium dealing with the crisis. The Brussels Times: https://www.brusselstimes.com/news/belgium-all-news/147433/antwerp-laboratory-becomes-latest-victim-of-cyber-attack/

Hacker logic

Understanding the logic hackers use to decide which targets to hit can help enterprises protect their critical systems. Threatpost: https://threatpost.com/6-questions-attackers-ask-exploit/162651/

Indian engineering company

An unnamed multinational engineering company based in Pune, India, lost 56,000 euros in a man-in-the-middle cyberattack during a transaction with a German company. The Indian Express: https://indianexpress.com/article/cities/pune/pune-based-engineering-company-loses-56000-euros-in-cyber-attack-7126733/

T-Mobile

T-Mobile announced a data breach that exposed customer personal information, including phone numbers and calls records. Bleeping Computer: https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/

Zyxel firewalls

Zyxel patched a secret backdoor in its firmware that could have been used by an attacker to log in with admin privileges. The flaw affects a wide range of devices. The Hacker News: https://thehackernews.com/2021/01/secret-backdoor-account-found-in.html

Like the report? Sign up below and get it in your inbox.