Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.
Time for your weekly cybersecurity news report!
T-Mobile had its fourth data breach in three years, Zyxel devices have a backdoor that should be patched ASAP, credentials like admin/admin are still a thing, and of course the SolarWinds hack events continue to unfold.
Read on for all the juicy details!
Intigriti Security Snacks survey
At Intigriti we love to improve based on data and insights. This also counts for our weekly digest Security Snacks. Your feedback is highly appreciated, and two minutes of your time will help us improve the quality of our newsletter.
Fill out the survey for a chance to win an Intigriti Swag voucher of € 50.
The winner of the Intigriti Swag voucher will receive a personal email before January 15.
Notable Security News
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
Eye Control researchers discovered that many Zyxel devices had a built-in backdoor in the form of hardcoded credentials that grant root access. This affects many enterprise-grade devices including firewalls, VPN gateways and WLAN access point controllers. If you have Zyxel devices and don’t like ransomware and cyber-espionnage, it is essential to install the patch that removes the backdoor. Attackers already started exploiting it.
US government formally blames Russia for SolarWinds hack
Four US cyber-security agencies (FBI, CISA, ODNI & NSA) released a joint statement formally accusing Russia of orchestrating the SolarWinds hacks.
Some newspapers reports claimed that JetBrains is under investigation for having played a role in the SolarWinds attack. JetBrains denies this alleged involvement.
The US Department of Justice announced that SolarWinds hackers had access to over 3,000 US DOJ email accounts.
US federal courts are going low-tech for sensitive documents while their systems are being audited.
Also, we heard of the first lawsuit against SolarWinds, following Solorigate.
T-Mobile data breach: ‘Malicious, unauthorized’ hack exposes customer call information
T-Mobile suffered its fourth data breach in three years. Criminals accessed customer details such as phone numbers and call-related information but not sensitive personal information or financial data. Though this breach seems to be less impactful that T-Mobile’s previous ones, it shows the persistence of attackers and puts focus on security post mergers.
Nissan source code leaked online after Git repo misconfiguration
Nissan source code was leaked because of a Git server left exposed with its default admin/admin credentials. The company took it down and started investigating the incident, but it wasn’t before the stolen code of mobile apps and tools started circulating.
Substandard software costs US economy $2tn through security flaws, legacy systems, abandoned projects
The Consortium for Information & Software Quality™ (CISQ™) released a new report on the cost of poor software quality in the US in 2020. They estimate it to be an astonishing $2.08 trillion mainly due to operational software failures. This is an enlightening read on topics such as technical debt and DevSecOps, including recommendations for both individuals and organizations.
Other Interesting News
- Chinese espionage group APT27 moves into ransomware
- Cryptocurrency stealer for Windows, macOS, and Linux went undetected for a year
- Malware uses WiFi BSSID for victim identification
- Data breach broker selling user records stolen from 26 companies
- Italian mobile operator offers to replace SIM cards after massive data breach
- NSA shares guidance, tools to mitigate weak encryption protocols
- Bug? No, Telegram exposing its users’ precise location is a feature working as ‘expected’
- Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks
- Google Docs bug allowed cyber-spies to screenshot private documents
- Indian government sites leaking patient COVID-19 test results
- Darknet Threat Actors Are Not Playing Games with the Gaming Industry
- Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020
- Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again
- WhatsApp: Share your data with Facebook or delete your account
- Why don’t PCs use error correcting RAM? “Because Intel,” says Linus
- QR codes: Best approaches to using the technology safely and securely
- Flipper Zero turns hacking into a Tamagotchi-style game
- Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks
- Court says Uber can’t hold users to terms they probably didn’t read
- Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That?
- COVID-19 contact-tracing data is fair game for police, Singapore says
- Buying and selling second-hand devices
- White House unveils maritime cybersecurity standards for government and industry