<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 01/13/2021

Breaches

Hackers who breached European medical regulator leak vaccine-related data

Hackers who stole data related to a coronavirus vaccine have leaked it online, a European regulator investigating the breach said Tuesday. An ongoing investigation into the breach found that "some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet," the European Medicines Agency said in a statement. It was not immediately clear what the unidentified attackers were trying to accomplish in dumping the data online. READ MORE...


Ethical Hackers Breach U.N., Access 100,000 Private Records

Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information (PII)-including more than 100,000 private employee and project records-before informing the U.N. about the problem through the organization's vulnerability disclosure program. Ethical hackers from the research group Sakura Samurai used a vulnerability in a GitHub directory that exposed WordPress DB and GitHub credentials, allowing access to numerous private records. READ MORE...

Hacking

SolarLeaks site claims to sell data stolen in SolarWinds attacks

A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack. Last month, it was disclosed that network management company SolarWinds suffered a sophisticated cyberattack that led to a supply chain attack affecting 18,000 customers. According to a joint statement issued by the FBI, CISA, and the NSA, this attack was "likely" conducted by a Russian state-sponsored hacking group who wanted to steal cloud data. READ MORE...


Operation Spalax: Targeted malware attacks in Colombia

In 2020 ESET saw several attacks targeting Colombian entities exclusively. These attacks are still ongoing at the time of writing and are focused on both government institutions and private companies. For the latter, the most targeted sectors are energy and metallurgical. The attackers rely on the use of remote access trojans, most likely to spy on their victims. They have a large network infrastructure for command and control. READ MORE...

Trends

Data industry trends to watch in 2021

"The COVID-19 pandemic forced companies across the board to accelerate their digital transformation strategies and rethink their approach to data security due to remote working and increased data breaches. "As we look to 2021, data privacy will be paramount to competitive differentiation as organizations accelerate in the tools and technologies that will transform their businesses and drive revenue," said Nong Li, Okera CTO. READ MORE...

Malware

More SolarWinds Attack Details Emerge

A third piece of malware is uncovered, but there are still plenty of unknowns about the epic attacks purportedly out of Russia. As yet another piece of malware has been uncovered in the attack on SolarWinds network management system software, there still remain several missing elements needed to draw a complete picture of the massive cyberattacks against major US government agencies and corporations, including security vendor and incident response expert FireEye. READ MORE...

Exploits/Vulnerabilities

New Zealand Reserve Bank breached using bug patched on Xmas Eve

A recent data breach at the Reserve Bank of New Zealand, known as Te Putea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. Over the weekend, the Reserve Bank disclosed that they suffered a data breach after an attacker hacked a third-party file sharing service containing sensitive data. In a new advisory released yesterday, the Bank states that the attackers breached their Accellion FTA file sharing service. READ MORE...

Encryption

Hackers steal Mimecast certificate used to encrypt customers' M365 traffic

Email management provider Mimecast said that hackers have compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company's cloud-based service. In a post published on Tuesday, the company said that the certificate was used by about 10 percent of its customer base, which-according to the company-numbers about 36,100. READ MORE...

On This Date

  • ...in 1942, Henry Ford patents a plastic-bodied automobile. The vehicle is 30 percent lighter than other cars of the time, with panels made from soybeans and hemp.
  • ...in 1968, Johnny Cash performs live at California's Folsom State Prison. His recording of the concert goes on to sell over 3 million copies in the US alone.
  • ...in 1970, television writer/producer Shonda Rhimes ("Grey's Anatomy", "Scandal") is born in Chicago, IL.
  • ...in 2000, Bill Gates resigns as CEO of Microsoft to found the philanthropic Bill & Melinda Gates Foundation.