Security News > 2021 > January
American packaging giant WestRock on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology and operational technology systems. Law enforcement has been notified and customers are being kept in the loop about the incident, WestRock said in a press release.
A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. Authorities say that the IT technician "Took note of which homes had attractive women, then repeatedly logged into these customers' accounts in order to view their footage for sexual gratification." He did this by adding his personal email address to customer accounts, which ultimately hooked him into "Real-time access to the video feeds from their homes."
In one of former President Donald Trump's last acts in office, he signed an executive order that forces US cloud companies to keep track of any foreign customers. The executive order also allows the Department of Commerce to block certain IaaS companies from providing services to known hackers, people known to have sold accounts to hackers, or people from countries that have been the source of many cloud-enabled cyberattacks.
One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface. Tracked as CVE-2021-1678, the vulnerability has been described by Microsoft as an NT LAN Manager security feature bypass, and is rated important for all affected Windows versions, namely, Windows Server, Server 2012 R2, Server 2008, Server 2016, Server 2019, RT 8.1, 8.1, 7, and 10.
In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors. The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code into popular software that monitors computer networks of businesses and governments.
Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon. As part of their analysis of OPC UA security, researchers at industrial cybersecurity firm Claroty discovered that Matrikon's OPC UA Tunneller product, which is designed for integrating OPC UA clients and servers with OPC Classic architecture, is affected by four critical and high-severity vulnerabilities that can be exploited for remote code execution, DoS attacks, and for obtaining potentially valuable information.
Microsoft has shared a workaround for a known issue impacting Windows 10 devices with Conexant ISST audio drivers and causing update errors and issues. Windows 10 computers affected by this known issue come with Conexant ISST Audio or Conexant HDAudio drivers under 'Sound, video and game controllers' in Device Manager.
A 28-year-old has been arrested after allegedly carrying out what police have labelled a "Sophisticated cyber attack" on a school. A police spokesman told a local news website: "Officers received a report of a major IT outage at the school on Monday, January 18, that prevented the school from delivering remote learning and accessing material to support the children of keyworkers and vulnerable children who are attending school."
On September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U.S., with a population in excess of 5 million people.
On Friday evening, SonicWall announced that it "Identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products." "We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government," SonicWall said while warning the public about the potential zero-day vulnerabilities in the NetExtender VPN Client and Secure Mobile Access physical and virtual appliances.