<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/7/2021

SHARE

Top News

DoJ says SolarWinds hackers breached its Office 365 system and read email

The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that's believed to have been backed by the Russian government. In a terse statement issued Wednesday, Justice Department spokesman Marc Raimondi said that the breach wasn't discovered until December 24, which is nine days after the hack campaign came to light. READ MORE...

Breaches

Nissan investigating possible source code exposure

Nissan is examining whether source code for its North American division's mobile apps, marketing tools and more have leaked online, the company said. "We are aware of a claim regarding a reported improper disclosure of Nissan's confidential information and source code," said a Nissan spokesperson. "We take this type of matter seriously and are conducting an investigation." READ MORE...

Hacking

JetBrains' build automation software eyed as possible enabler of SolarWinds hack

The SolarWinds security breach disclosed last month, which US authorities believe was of Russian origin and led to the compromise of at least 18,000 organizations, may have been enabled in part by software from JetBrains. The company, founded by Russian software developers and based in the Czech Republic, makes software development tools. One of these, build management and continuous integration system TeamCity, is used by SolarWinds as part of its application build process. READ MORE...

Software Updates

Mozilla Firefox disabling backspace key to prevent data loss

Mozilla Firefox is disabling the browser's backspace key to prevent users from accidentally losing data typed into forms. In 2014, Google removed the ability to go back to a previous page by using the backspace key as it could cause the loss of data entered into forms on the current page. Seven years ago, Mozilla opened a bug post to discuss whether the backspace key should be disabled but decided at the time not to make any changes. READ MORE...

Malware

A hacker's predictions on enterprise malware risk

2020 has ended with a stunning display of nation-state cyber capabilities. The Kremlin's SVR shocked the cybersecurity industry and U.S. government with its intrusions into FireEye and the U.S. Office of the Treasury by way of SolarWinds, revealing only traces of its long-term, sophisticated campaigns. These breaches are reminders that no organization is immune to cyber risk or to hacking. Every company is subject to the same reality: compromise is inevitable. READ MORE...

Exploits/Vulnerabilities

Zyxel hardcoded admin password found - patch now!

Towards the end of 2020, a researcher at Dutch cybersecurity company EYE was taking a look at the firmware of a Zyxel network router. He examined the password database that shipped in the firmware and noticed an unusual username of zyfwp. That name didn't show up in the official list of usernames shown in the router's user interface, yet it did have a password hash in the database itself, which was interesting all on its own. READ MORE...


SoftMaker Office Vulnerabilities Allow Code Execution via Malicious Documents

Vulnerabilities discovered by Cisco Talos researchers in SoftMaker Office can be exploited for arbitrary code execution by creating malicious documents and tricking victims into opening them. A German software developer, SoftMaker Software GmbH offers individuals and enterprises a popular office software suite that includes word processing, spreadsheet, presentation, and database software components. The firm's SoftMaker Office suite provides support for common and internal document file formats. READ MORE...

On This Date

  • ...in 1782, the first American commercial bank, the Bank of North America, opens.
  • ...in 1912, artist Charles Addams, the creator of the original "The Addams Family" cartoons in "The New Yorker", is born in Westfield, NJ.
  • ...in 1954, IBM gives the first public demonstration of machine translation, in which an IBM 701 mainframe translated 60 Russian phrases to English.
  • ...in 1964, actor Nicolas Cage ("National Treasure", "Raising Arizona") is born in Long Beach, CA.