By Anna Hammond
January 8, 2021
Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.
Time for your weekly cybersecurity news report!
T-Mobile had its fourth data breach in three years, Zyxel devices have a backdoor that should be patched ASAP, credentials like admin/admin are still a thing, and of course the SolarWinds hack events continue to unfold.
Read on for all the juicy details!
At Intigriti we love to improve based on data and insights. This also counts for our weekly digest Security Snacks. Your feedback is highly appreciated, and two minutes of your time will help us improve the quality of our newsletter.
Fill out the survey for a chance to win an Intigriti Swag voucher of € 50.
The winner of the Intigriti Swag voucher will receive a personal email before January 15.
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
Eye Control researchers discovered that many Zyxel devices had a built-in backdoor in the form of hardcoded credentials that grant root access. This affects many enterprise-grade devices including firewalls, VPN gateways and WLAN access point controllers. If you have Zyxel devices and don’t like ransomware and cyber-espionnage, it is essential to install the patch that removes the backdoor. Attackers already started exploiting it.
US government formally blames Russia for SolarWinds hack
Four US cyber-security agencies (FBI, CISA, ODNI & NSA) released a joint statement formally accusing Russia of orchestrating the SolarWinds hacks.
Some newspapers reports claimed that JetBrains is under investigation for having played a role in the SolarWinds attack. JetBrains denies this alleged involvement.
The US Department of Justice announced that SolarWinds hackers had access to over 3,000 US DOJ email accounts.
US federal courts are going low-tech for sensitive documents while their systems are being audited.
Also, we heard of the first lawsuit against SolarWinds, following Solorigate.
T-Mobile data breach: ‘Malicious, unauthorized’ hack exposes customer call information
T-Mobile suffered its fourth data breach in three years. Criminals accessed customer details such as phone numbers and call-related information but not sensitive personal information or financial data. Though this breach seems to be less impactful that T-Mobile’s previous ones, it shows the persistence of attackers and puts focus on security post mergers.
Nissan source code leaked online after Git repo misconfiguration
Nissan source code was leaked because of a Git server left exposed with its default admin/admin credentials. The company took it down and started investigating the incident, but it wasn’t before the stolen code of mobile apps and tools started circulating.
The Consortium for Information & Software Quality™ (CISQ™) released a new report on the cost of poor software quality in the US in 2020. They estimate it to be an astonishing $2.08 trillion mainly due to operational software failures. This is an enlightening read on topics such as technical debt and DevSecOps, including recommendations for both individuals and organizations.
Cryptocurrency stealer for Windows, macOS, and Linux went undetected for a year
Data breach broker selling user records stolen from 26 companies
Italian mobile operator offers to replace SIM cards after massive data breach
NSA shares guidance, tools to mitigate weak encryption protocols
Bug? No, Telegram exposing its users’ precise location is a feature working as ‘expected’
Google Docs bug allowed cyber-spies to screenshot private documents
Indian government sites leaking patient COVID-19 test results
Darknet Threat Actors Are Not Playing Games with the Gaming Industry
Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020
Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again
WhatsApp: Share your data with Facebook or delete your account
Why don’t PCs use error correcting RAM? “Because Intel,” says Linus
QR codes: Best approaches to using the technology safely and securely
Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks