Security News > 2020 > December

Norwegian cruise company Hurtigruten announced Monday that it had been hit by a major cyberattack involving what appeared to be "Ransomware", designed to seize control of data to ransom it. The company said it had alerted the relevant authorities when the attack was detected overnight Sunday to Monday.

A "Highly sophisticated" hacking group has breached the U.S. Treasury Department, the U.S. Department of Commerce's National Telecommunications and Information Administration, other government agencies and private sector companies via compromised SolarWinds Orion software. "Although we do not know how the backdoor code made it into the library, from the recent campaigns, research indicates that the attackers might have compromised internal build or distribution systems of SolarWinds," Microsoft noted, and added that the backdoor was distributed via automatic update platforms or systems in target networks.

While the number of identified vulnerabilities has increased significantly over the past years, the percentage of flaws that are exploitable or have actually been exploited has been dropping, according to vulnerability management company Kenna Security. Kenna Security has conducted an analysis of more than 100,000 vulnerabilities disclosed since 2011 and noticed that the number of exploitable and exploited flaws has been on a downwards trend over the past years.

President Donald Trump signed the Internet of Things Cybersecurity Improvement Act into law this month, codifying what many cybersecurity experts have long begged for-increased security protection for the billions of IoT devices flooding homes and businesses. Rea Carcano and Edgard Capdevielle, the co-founder and CEO of IoT cybersecurity company Nozomi Networks, hailed the law as an important first step in ensuring that IoT device makers improve the security of their products.

This is a weird story of a building owner commissioning an artist to paint a mural on the side of his building - except that he wasn't actually the building's owner. The fake landlord met Hawkins in person the day after Thanksgiving, supplying the paint and half the promised fee.

Microsoft has removed a safeguard hold blocking Windows 10 updates on systems affected by a known issue causing blue screen of death crashes when users plugged in a Thunderbolt NVMe Solid State Drive. After discovering the BSOD issue, Microsoft added a compatibility hold to prevent impacted devices from being offered Windows 10, version 2004 or Windows 10, version 20H2 upgrades.

An Indian national who moved to California on an H1-B work visa was sentenced to 24 months in prison last week for accessing and damaging Cisco's network. Ramesh is a former Cisco employee, who resigned in April 2018.

Incident response teams are scrambling as after details emerged late Sunday of a sophisticated espionage campaign leveraging a software supply chain attack that allowed hackers to compromise numerous public and private organizations around the world. Among victims are multiple US government agencies, including the Treasury and Commerce departments, and cybersecurity giant FireEye, which stunned the industry last week when it revealed that attackers gained access to its Red Team tools.

In September 2020, Cisco patched four Jabber vulnerabilities, but as it turns out, three of four have not been sufficiently mitigated. The incompleteness of the patches was discovered by Watchcom researchers - who discovered and disclosed the batch of vulnerabilities made public in September - after one of their clients requested they verify the effectiveness of Cisco's patches.

Trojanized versions of SolarWinds' Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate. SolarWinds' customer listing [1, 2] includes over 425 of the US Fortune 500, all top ten US telecom companies, hundreds of universities and colleges, all five branches of the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.