Security News > 2020 > December

The email accounts of multiple members of parliament were compromised following a cyberattack as revealed today by the Parliament of Finland. "Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs," Parliament officials said.

Google Project Zero has disclosed a Windows zero-day vulnerability caused by the improper fix for CVE-2020-0986, a security flaw abused in a campaign dubbed Operation PowerFall. Tracked as CVE-2020-17008, the new vulnerability was reported to Microsoft on September 24.

Something else to consider are third-party vendors such as analytics providers, advertisers, and payment processors who collect data on the company's business website. Customers should be advised who collects what data and given access links to the appropriate privacy policies.

"CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment," the US federal agency said. Sparrow checks the unified Azure/M365 audit log for indicators of compromise, lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions to discover potential malicious activity.

A piece of malware named by researchers Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor. "In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," Microsoft said in a recent blog post mentioning Supernova.

It's an increasingly common way to attack networks. Once inside a network, SVR hackers followed a standard playbook: establish persistent access that will remain even if the initial vulnerability is fixed; move laterally around the network by compromising additional systems and accounts; and then exfiltrate data.

Home appliances giant Whirlpool suffered a ransomware attack by the Nefilim ransomware gang who stole data before encrypting devices. Whirlpool is one of the world's largest home application makers with appliances under its name and KitchenAid, Maytag, Brastemp, Consul, Hotpoint, Indesit, and Bauknecht.

21 WeLeakInfo customers have been arrested across the UK for using stolen credentials downloaded from WeLeakInfo following an operation coordinated by the UK National Crime Agency. "The NCA and UK policing's Cyber Choices programme aims to prevent young people inadvertently slipping into cyber crime and divert them to more positive pathways in tech."

A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. This new skimmer can also abuse hosted e-commerce systems such as Shopify and BigCommerce, as researchers at Dutch cyber-security company Sansec found, even though they do not provide support for custom checkout pages scripts.

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.