Security News

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There's much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance. Shell disclosed the attack in a public statement published on the company's website last week and said that the incident only affected the Accellion FTA appliance used to transfer large data files securely.

Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts. "Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs," Parliament officials said at the time.

Email security biz Mimecast has dumped SolarWinds' network monitoring tool in favour of Cisco's Netflow product after falling victim to the infamous December supply chain attack. In an incident report detailing its experiences of the SolarWinds compromise, Mimecast said it had "Decommissioned SolarWinds Orion and replaced it with an alternative NetFlow monitoring system".

Chile's Comisión para el Mercado Financiero has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities. "The analyzes carried out by the information security and technology area of the CMF, together with external specialized support, have so far dismissed the presence of a ransomware and indicate that the incident would be limited to the Microsoft Exchange platform," disclosed the Comisión para el Mercado Financiero.

A Florida teenager accused of masterminding a Twitter hack of celebrity accounts in a crypto currency scheme has been sentenced to three years in juvenile prison in a plea agreement, officials said. State prosecutors announced the deal Tuesday in the case of Graham Ivan Clark, 18, described as the mastermind of the July 2020 "Bit-Con" worldwide hack of Twitter accounts of Elon Musk, Bill Gates, Barack Obama, Joe Biden and others.

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. On July 15, 2020, Twitter suffered one of the biggest security lapses in its history after the attackers managed to hijack nearly 130 high-profile Twitter accounts pertaining to politicians, celebrities, and musicians, including that of Barack Obama, Kanye West, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Uber, and Apple.

A 17-year-old high school senior along with her mother, Laura Rose Carroll, were arrested this week, charged with accessing student records in a fraudulent attempt to rig her school's Homecoming Queen election. The same district where her daughter attended Tate High School, the Washington Post reported.

The emergency patches for the recently disclosed critical vulnerabilities in Microsoft Exchange email server did not come soon enough and organizations had little time to prepare before en masse exploitation began. With patches released and proof-of-concept exploit code surfacing online, thousands of Microsoft Exchange servers worldwide continue to remain vulnerable and the number of attacks is still at a worrying level.

Swiss authorities on Monday confirmed a police raid at the home of a Swiss software engineer who took credit for helping to break into a U.S. security-camera company's online networks, part of what the activist hacker cited as an effort to raise awareness about the dangers of mass surveillance. The Federal Office of Justice said regional police in central Lucerne, acting on a legal assistance request from U.S. authorities, on Friday carried out a house search involving hacker Tillie Kottmann.