Security News > 2020 > December

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to secure their environments.

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to secure their environments.

Count the Subway sandwich faithful among the latest victims of cybercriminals. Researchers at Sophos discovered a phishing campaign aimed at Subway loyalty-card members in the U.K. and Ireland, in an attempt to trick them into downloading malware.

Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don't end up in the recipient's junk/spam folder.

The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at least 12 different attack modules and includes a cryptominer that targets the Monero cryptocurrency.

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The specific critical bug in Firefox was also highlighted earlier this month in Google's Chrome browser security update, where it was rated as a high-severity flaw.

Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question.

Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks. In his HelpNetSecurity article Quantum computers: How to prepare for this great threat to information security published on Nov. 6, 2020, Kaafarani begins by stating that quantum computers can introduce a huge security challenge.

Understanding the attackers' approach helps you spot a phishing email when it hits your inbox. In general, there are four main steps phishers go through when creating convincing phishing emails, and understanding these steps helps you to spot and stop them.

Using indicators of compromise made available by FireEye, threat intelligence and incident response firm Volexity determined that the threat group behind the SolarWinds hack targeted a U.S. think tank earlier this year, and it used a clever method to bypass multi-factor authentication and access emails. "At the time of the investigation, Volexity deduced that the likely infection was the result of the SolarWinds box on the target network; however, it was not fully understood exactly how the breach occurred, therefore Volexity was not in a position to report the circumstances surrounding the breach to SolarWinds," Volexity said.